ABSTRACT Decision science have begun to enter the lexicon of risk professionals as the concepts from Prospect Theory become popular in media outlets who increasingly warn about the risk of human biases. Decision-making under uncertainty, popularized by Dan Kahneman, Amos Tversky, Paul Slovic, Herbert Simon and other economists, is more than an examination of human biases. Prospect Theory is a reexamination of the theory of choice and the causes of violations of utility theory that has blossomed into a broad and diverse body of research in behavioral and cognitive science. This paper is an outline for a proposed draft of a cognitive risk framework that will be developed to incorporate behavioral and cognitive science into an enterprise risk framework for cybersecurity and enterprise risk governance. Herbert Simon coined the term “Bounded Rationality” in his seminal book of the same name. “Broadly stated, the task is to replace the global rationality of economic man with the kind of rational behavior that is compatible with the access to information and the computational capacities that are actually possessed by organisms, including man, in the kinds of environments in which such organisms exist” (Simon 1955a: 99). Before the development of modern of PCs and even more powerful machine learning algorithms, Simon foresaw the opportunity at the intersection of human decision-making and technology. Since Simon, other economists and researchers have broaden insights from a multidisciplinary offering of academic studies into applied behavioral science. Notwithstanding these advances, only a few scientists have developed decision science solutions at scale at the enterprise level. Machine learning and other forms of artificial intelligence will require new rules of engagement and governance controls to ensure that bias and ethical use standards have been put in place. Data, the newest commodity in all digital strategies, must be better organized and structured in organizations to allow for efficacious information workflows needed to power organizations to higher performance. And lastly, the role of humans working with and alongside machines as decision-support tools are in the early stage of deployment. The research for the book, Cognitive Risks, will examine the last frontier in risk management – the role of human actors in a business environment that is transitioning to digital products and services. A new level of awareness is needed in a digital environment that differs from the physical world. We know this because of the advent of misinformation that now permeates the Internet. Nation states and Dark Web criminals have weaponized trust in the Internet through misinformation campaigns in social media sites by using behavioral science, or more specifically, cognitive hacks to change our behavior when surfing the web. These attacks are low cost and very effective because most observers are not aware of cognitive risks. There are many variations of “cognitive hacks” and “cognitive risks” which will be explained in detail in the book. Dimitry Kiselev, director general of Russia’s state-controlled Rossiyua Segodnya media conglomerate, “Objectivity is a myth which is proposed and imposed on us.” Today, thanks to the Internet and social media, the manipulation of our perception of the world is taking place on previously unimaginable scales of time, space and intentionality. Cognitive hacks and cognitive risks are part of a new lexicon of risks we must learn. Cognitive risks are commonly referred to as heuristic behavior. Heuristics is any approach to problem solving or self-discovery that employs a practical method that is not guaranteed to be optimal, perfect, or rational, but is nevertheless sufficient for reaching an immediate, short-term goal or approximation. Where finding an optimal solution is impossible or impractical, heuristic methods can be used to speed up the process of finding a satisfactory solution. Heuristics can be mental shortcuts that ease the cognitive load of making a decision. Large swaths of the economy have already misjudged the potential, and the threats, of digital transformation. The questions explored in this paper and the subsequent book, Cognitive Risks, that will follow is why? Why do some leaders see opportunity when others only see problems? Why has the retail industry been blindsided by firms like Amazon, Google, Apple, and so many others? The research for the book will also include an exhaustive review of how applied behavioral science can be used to enhance organizational performance, risk management and cybersecurity in all organizations. Few, if any studies to date, have combined a multidisciplinary approach to enterprise risk management and organizational performance. This will be the first study that builds on a 2020 study of advancements in enterprise risk and board governance to provide a comprehensive analysis of methods and processes to apply behavioral science to address a range of risks facing organizations as they transition to a digital economy.
Read full abstract