Sylvain Felix, smartcockpit: “risk is often seen as a compliance exercise rather than a valuable part of the decision-making process”
Digital governance is critical for an organization’s success as it helps to keep eye on the prize.
There have been a lot of changes in this field. The idea behind it was to break down silos to ensure consistent and ongoing communications between the technical teams and the top management. There is no single, magical technique to ensure that an organization runs smoothly and achieves its goals. But consequently, a variety of big data solutions were developed to leverage digital assets.
One of them is smartcockpit – a cutting-edge digital governance software that helps organizations to improve their decision-making process. Recently the team at Cybernews reached out to its CEO, Sylvain Felix, who reminded us to be more aware of the risks we might be exposed to and that cybersecurity is sometimes more of an organizational than a technical issue.
Tell us the story behind smartcockpit. What has the journey been like since your launch in 2013?
It started with one of our prospects that wanted to improve their decision-making process. We have used a prototype we were using for consulting. As they were happy with what was done, they asked us whether we would sell them our solution. This sounded interesting but certainly not economically viable for one single customer.
Feeling an opportunity, we decided to organize an event to present our concept. And to my great surprise, there were more than 20 participants representing 8 different companies which allowed us to start 6 projects. The development of the smartcockpit began and we set up a development team with all engineering needed to build a Swiss Made quality product.
We started with decision-making on performance data (KPI and indicators) but quickly our customers pushed us to integrate risk and compliance. With the COVID crisis, organizations accelerated digitalization and therefore faced more and more cyber risks. This has naturally made us create a dedicated cockpit to manage cyber risks.
Can you introduce us to what you do? What are the main issues you help solve?
We help the organization improve its governance and decision-making process. The name cockpit was chosen as it provides both the “read” side with the visual and information you need to understand where you are compared to where you want to be. And the “lead” side provides you with the levers to change the situation and to follow the actions and if they have the expected impact.
The combination of different perspectives (performance, risk, compliance, quality, and project) breaks down silos and provides a 360° view of the organization’s health. Observing a situation is not enough, it is necessary to be able to make decisions by implementing actions and making sure of their impact.
The methodology behind our solution is to make sure one asks the right questions and that somebody is responsible to make sure the answer is right. We can easily integrate information coming from various sources, including soft data and expertise. This allows for collective intelligence in the organization.
Why do you think certain businesses are often unaware of the risks they are exposed to?
Risk is (too) often seen as a compliance exercise rather than being a valuable part of the decision-making process. This explains why in many corporations you will find a “risk register” along with many “controls” to help mitigate them. Business leaders are interested to reach their objectives, not to manage risk although they know they have to take risks to do so.
While most would agree that managing risk is important, the actual task of doing so can be tedious and time-consuming. Companies are faced with data overload and constantly changing environments as well as changing laws and regulations that make deciphering the information an essential yet mountainous task for business leaders.
And when business leaders are presented with a long list of operational risks, they are quickly uninterested and delegate this to specialized people.
Do you think the current global events are going to have an influence on the ways in which threat actors operate?
Yes, I think the current global events have a great influence. Take COVID for example. It has accelerated the digitalization of organizations thus exacerbating the dependencies on information systems and enlarging the attack surface. And with the professionalization of cybercrime, attacks are also done “blindly” and can reach everybody.
Today, the threat level has changed dramatically for geopolitical reasons. The war in Europe is shaking up the world and is also invading cyberspace.
This is why we have joined the Trust4SME program launched by Trust Valley In Switzerland to help the organization set up minimal hygiene and good cyber practices to enforce digital trust.
Why do you think companies often hesitate to try out new and innovative solutions that would enhance their business operations?
Implementing an innovative solution requires a long-term and optimistic vision. As with any investment, it is a significant risk from a financial and operational point of view. It will mobilize time and internal resources in order to successfully drive change in the company.
Some organizations do not have the time and/or resources to try out new and innovative solutions. And the other ones, are overwhelmed by the proposition. So, to pop up on top of the crowd, especially when you are not in the “trendy innovation sweet spots” like IA or blockchain becomes a challenge.
Finally, I think that the hesitation also lies in the relationship of trust between the provider and the customer. Indeed, most innovative solutions are often proposed by young start-ups that have not yet demonstrated sufficient proof of market or have a small capital, a network of partners under construction, etc., which highlights the uncertain sustainability of these structures.
What are some of the worst mistakes companies make when handling large amounts of data?
The so-called magic offered by new big data technologies has caused many leaders to fall prey to the mistaken belief that you “just need to get more data” in order to answer essential business questions. This ineffective thinking can lead to “information overload” – inevitably leading to confusion, frustration, and difficulty understanding what the numbers, plots, and images are actually saying about the organization.
Another challenge is getting the right data. Just getting more data is not useful if it is not reliable, or of good quality. And this has a cost. Indeed, collecting data is not an end in itself, the real goal is to be able to understand a situation and then make an informed decision. Human data and knowledge of a situation play an important role in making decisions.
Data is a tool that assists in providing awareness but it is not the end all meets all. We can spend hours searching for more information and waiting for the right answer to come but the truth is that we do not always have all the information.
What tips would you give to companies looking to get more value out of their data?
Companies that would like to get more value from their data should first define their smart objectives which mean specific, measurable, acceptable, realistic, and time-bound. At smartcockpit, we recommend a question-based approach. Are we performing well? Are the processes structured? Are we compliant?
Data governance is also key. So, make sure you ask the right questions, define the metrics to answer them, and determine who is responsible for acting on them. This will allow you to gain efficiencies by managing master data really well. You will only be looking for relevant data to create the information you want and need!
“Knowledge is having the right answer, intelligence is asking the right question”
Are there any precautions or security tools that you think need to be taken in this age of ever-changing technology?
Don’t overestimate the capacity of technology, knowing that most of the time the cause of the incident is between the chair and the screen. So, our advice would be to focus on sensibilization and reduction of user and system access rights.
And make sure that you are governing your cyber risks and that the communication between stakeholders is smooth, not overcrowded by too many (technical) indicators. This is what we call the “fog of more”; falling into the trap of providing too many technical metrics in the name of self-justification. And because the board does not know what these mean for the business, they ask questions and we end up with noise feeding on itself.
And finally, what’s next for smartcockpit?
Smartcockpit is now in full development. Our strategy was to stay under the radar with our innovative solution. We want to be more visible, get involved to build and strengthen digital trust and accelerate our market growth. To achieve this, we have a network of Swiss and European partners who are resellers and/or integrators of our solution, which we are looking to expand.
For this purpose, we have joined the Geneva Chamber of Commerce and Industry and the SME support program Trust for SME by Trust Valley as a sponsor to help these companies in their digital transformation. This already gives up the opportunity to be present at the International Cybersecurity Forum with the Swiss Pavilion amongst 8 other innovative companies from Switzerland.
Finally, our product is constantly evolving since its creation. We will soon present the 6.0 version, so get ready! We believe that in the long run, we will become a collaborative SaaS platform where everyone can build their own cockpit and share it.