jump to navigation

Black Swans, Probability Ignorance & FUD: Risk 101 February 13, 2012

Posted by Chris Mark in Risk & Risk Management.
Tags: , , , , , , , ,
add a comment

I have written several posts on risk and risk within the maritime security industry.  You can read them here (#1, #2) There is a common mistake people sometimes make when venturing into risk management.  It is the focus on the impact of an event while ignoring the probability or overestimating the probability of the event.   Very serious events with very low probabilities of occurrence (or those which you are unable to calculate) are what has been coined as Black Swan events by Nassim Taleb in his book of the same name.  When calculating or estimating risk it is sometimes a temptation to look at those incidents with high impact potential and low probabilities while ignoring the less severe events with her probability.  This would be akin to venturing into the Amazon Rain Forest and protecting yourself from Grizzly bears (very large impact but low, low probability) only to die of blood loss from being bitten by a million mosquitoes because you did not take a mosquito net or bug spray as you were not concerned with “a little mosquito bite”.

It is important to calculate risk by using a method that accounts for both impact and probability.  This will give you a method by which to calculate the actual risk of an event and take appropriate steps to manage the risk.  As can be seen by the graphic at the top of the post, a high impact low probability event poses the same risk as a low impact, high probability event assuming the ratios are equal.  While the impact can be calculated as someone finite (for example, the worst that can happen to a person is likely to be killed) the probability of an event which can cause the event can range from unlikely to infinitesimally small.  As an example of probability ignorance I will use an example from my own life.  A woman I know carries a hammer in her car given to her by her mother.  The purpose of the hammer is to break the car window and escape in the event the car plunges into a lake or other body of water and begins to sink.  While the idea of drowning in a sinking car is certainly frightening, the likelihood of a car plunging into a body of water at 7,000 feet in high desert is very, very, very low.  In this scenario it would be suggested that a better use of the money spent on the hammer was a 20 minute discussion on the value of always buckling the seatbelt and never speeding.

So why is this important?  Simple.  Security practitioners sell on a concept known as FUD or Fear, Uncertainty, and Doubt.  A great example of FUD is a commercial I saw recently.  A security company announced that 4  houses are  burglarized every 14 seconds in the US. The commercial then goes on to show a mother and her children and how scary a burglary can be.  Lets do some quick math to see how ‘scary’ this really is.  According to the US Census Bureau there are about 131 million housing units in the US.  If there is a house burglarized every 14.6 seconds this means that there are 4.1 burglarized per minute, 246 per hour, 5,917  per day and 216,000  per year.  WOW!  That is alot! BUT…this means that if you live in a home you have a .16% change of having your home burglarized in a given year. This does not seem so bad now.  Keep in mind that some areas such as urban areas have higher crime rates than other areas and some houses are burglarized more than once.  Another area where the security vendor attempts to convince you to use their services is by intimating that burglaries result in physical assault.  In the commercials, a woman (not a man) is with her children talking about how the neighbor was burglarized and “while the children weren’t home, imagine if they had been.”  Very few burglaries result in any physical harm to anyone but the imagery in the commercial is significant.

When listening to the inevitable sales pitch from a security vendor, keep in mind that they have an objective to sell you services.  The easy way to do this is to use the FUD technique.  If I am selling meteorite insurance, I will tell you about the dangers of meteorites, irrespective of who small they may be.  Remember, it is easy to lie with numbers and easier to lie with statistics.  Always base security implementation on a risk analysis.

Black Swan events – The Amazon rain forest example gives us a good opportunity to talk about Black Swan events.  While we can calculate the probability of being attacked by a Grizzly bear in the Amazon (practically zero since they do not live anywhere but North America) there could be a situation in which a Grizzly bear was present and did attack someone.  Maybe a person illegally imported a bear and let it go in the Amazon.  This type of event would be a ‘Black Swan’ as you really could not calculate the probability of that specific event.  The book is a very good starting point for this concept.

-Graphic from MindTools.com

GlobalRiskInfo.com now on Twitter! February 11, 2012

Posted by Chris Mark in Risk & Risk Management.
Tags: , , , , ,
add a comment

Now follow GlobalRiskInfo.com on Twitter! 

Armed Security; Increasing Competition & Decreasing Demand February 10, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , , , , ,
1 comment so far

Recently I wrote about the armed security market and the inevitable shakeout.   A look at the most recently data supports this position and does not seem to fare well for the new entrants into the maritime security space.  As of February 1st, 2012 there are now 307 signatories of the ICOC with 55 signing on December 1st, 2011 and another 42 signing on February 1st, 2012.  While some of those signing are older, more established companies there is a large percentage of new entrants.  In short, competition is becoming fierce within the maritime security industry.

In January, 2012 the IMB released statistics on pirate attacks and hijackings.  From 2010-2011 pirate attacks in and around Somalia increased roughly 7.5% from 219 to 237 while at the same time hijackings decreased roughly 43% from 49 to 28.  In 2010 approximately 22% of the ships attacked were taken and hijacked while in 2011 the percentage dropped to just below 12%.  A combination of increased naval patrols, armed guards, and implementation of BMP is having a desired effect on hijackings.

There are several things that can be surmised from the information above.  First, competition within the maritime security industry is increasing rapidly.  With the wars winding down in Iraq and Afghanistan there is an increasing number of veterans entering the job market.  Some of these are founding security and maritime security companies to try take advantage of the perceived demand for the services.  This will have the effect of decreasing rates across the industry unless demand increases, as well.  The second thing that can be surmised is that demand for maritime security is likely to decrease significantly.  There are several reasons to anticipate a decrease.  As current efforts are showing success companies will logically begin to evaluate the need for expensive, armed guards when other controls may prove sufficient.  Additionally, it is expected that the number of ‘free riders’ will increase as companies begin to hedge their bets and forgo the use of security with the belief that other companies investment will have a residual affect on their security.  Finally, insurance rates should drop for ships traversing high-risk waters making the justification for the cost of engaging armed security more difficult.  As any first year economics student can attest; increasing competition and decreasing demand does not bode well for the industry.  Companies will have to drop their prices to compete for a rapidly decreasing pool of potential clients.  The end result is the inevitable shakeout of the industry.

Why Regulation Cannot Prevent CyberCrime (TransactionWorld) February 6, 2012

Posted by Chris Mark in InfoSec & Privacy, Laws and Leglslation, Risk & Risk Management.
Tags: , , , , , , ,
add a comment

As the maritime industry is increasingly focused on protection of data assets, I thought it would be beneficial to include an article on the topic.  This article is one I wrote for TransactionWorld in July, 2011.  It is titled: “Why Regulation Cannot Prevent CyberCrime” and is a continuation on the discussion of the impact of deterrence on behavior.

“Data security and privacy regulation have increased significantly over the past 10 years. The U.S. now has 46 state breach notification laws and there have been numerous bills introduced in Congress that propose to regulate personally identifiable information and to dictate security of such data. In spite of this increasing regulation, data breaches continue to plague the industry. Some have proposed that more regulation is the answer. Unfortunately, regulation alone is inadequate to prevent data theft and protect data.

At its core, data theft and network intrusions are crimes. At the risk of oversimplifying the work of criminologists, crime prevention can be summarized as using deterrents to affect protection of assets and prevention of theft. Protection applies to the ‘hardening’ of targets by implementing controls that increase the level of difficulty of perpetrating a crime. A vault is a good example of a protective measure. While no vault is completely impenetrable, vaults do provide significant protective value. Data security controls are protective measures. They are designed solely to limit attempts to obtain the target of value. Without a deterrence effect, criminals are free to attack companies at will without fear of retribution. This article will explore the value of deterrence in the prevention of crime.” (read full article here)

Foriegn Security Team to Face Trial in Somalia February 6, 2012

Posted by Chris Mark in Industry News, Piracy & Maritime Security, Risk & Risk Management.
Tags: , , , ,
add a comment

SomaliaReport published a story today which said that six men arrested in May, 2010 for bringing $3.6 Million into Somalia as a ransom payment for a hijacked vessel will be in Banadir Court on Thursday to face charges.  The six, one American, three Britons, and two Kenyans have been held at the airport since their arrest 9 months ago.  According to the story, the money was to be used for the release of two vessels, the MV Suez and MV Yuan Xiang.