The Tyranny of Small Decisions

Riverbank Ruminations; Observations from The Banks of The Technology River

Tom Evans ~  Ashton Engineer Emeritus

Generational differences show up in many ways, with cultural references being one example. The phrase ‘death by 1000 cuts’ has one meaning for boomers and perhaps a totally different meaning for fans of Taylor Swift. For me, the phrase refers to what is officially known as Lingchi, which was a form of torture and execution used in China from roughly 900 until it was banned in 1905 (according to Wikipedia). It is designed to prolong the victim’s death by inflicting many non-lethal wounds and causing a great deal of distress. The term is usually used today about some process that is destructive after a long period, rather than one that is instantly catastrophic; climate change versus a hurricane for example. Slowly eroding network security versus a catastrophic server failure would be another example.

I usually like to verify what I think I know when making a reference in my blogs. In the course of checking on Linghci, I came across this article on Wikipedia. That, in turn, lead me down a shortish rabbit hole where I wound up with this Latin phrase: principiis obsta (et respice finem) which translates as “resist the beginnings (and consider the end). (Unless you use Google translate. In that case, pricipiis obsta is translated ‘get in my way’). One source says that in litigation procedures, this means laying out what could happen to the defendant if they lose.

A somewhat related concept is the ‘tyranny of small decisions.  This concept deals with the effect that small decisions have on the future and in some ways removing possible choices from future consideration. Resisting bad decisions in the beginning is important, based on the end situation desired.

One example is rail service to Ithaca, New York. At one time you could get to Ithaca by car, train, bus, or airline. As we know, weather can affect all of those modes of transportation, with trains being the least susceptible to weather. The decision as to whether rail service should continue was a long-term decision from the perspective of the rail company. Commuters were making short-term decisions based on current weather or convenience. At one point, the rail service was withdrawn. The small decisions made by individual travelers directed the long-term decision by the railroad. Those small decisions removed the choice of continuing rail service.

I have long wondered at the American business philosophy of measuring success by short-term results; end of the month, end of the quarter, end of the year. This kind of time frame does not let you look very far ahead to ‘consider the end’, since there is always another end-of-period target waiting. It would seem that, if your goal was to have a successful business, longevity would be crucial. From an article on the economic competition posed by China, I found this quote: “U.S. businesses have trouble envisioning even a three-year or five-year plan. In the West, much of the visioning of the future is left up to science fiction writers instead. I have been talking to China experts who point out that 50- to 100-plus-year plans are not unusual for many top-level Asian political leaders.”

So, what ‘small decisions’ tyrannically prevent a business from ‘considering the end’? The one that comes to mind first is ‘Maximize profits’. Notice I did not say ‘Make profits’. A business can break even and continue to exist. It is more enjoyable for all involved (usually) if the business turns a profit. However, there can be a drive to maximize profits by not doing something that directly and measurably contributes to profits. Egregious examples relate to skimping on safety measures, like not installing a sprinkler system or not installing smoke alarms. A less obvious example would be network security.

Not having network security these days is asking to be put out of business. Phishing attacks leading to ransomware and extortion to prevent data publication are commonplace. A small decision is to spend as little as needed on security. Another small decision is to forego security awareness training for employees. Another small decision is to have training but only once a year. An additional small decision would be a lack of concern regarding what’s on your network, thereby forgoing network audits.

These small decisions will remove from future consideration the decision to stay in business. Approximately two-thirds of small businesses that suffer a data breach go out of business within a year. The initial cost of remediation is only the start of the expense. As cyber-attacks increase, insurers are more stringent with requirements for insurability. We certainly would not be without fire insurance or liability insurance. Cyber insurance is becoming harder to get because insurers want to make sure you are doing your part to minimize loss. Just as sprinklers and other fire suppression equipment may be a requirement for fire insurance (or at least affordable rates), insurers are requiring more from the insured to get coverage, regardless of rates.

It can be hard to ‘consider the end’ when the future is hard to predict. The future of your company will be tied more and more tightly to your security and your employee’s ability to work safely. Even then, you need a good backup plan for when things go wrong. Going back to the legal use of pricipiis obsta, consider what happens if you lose the security battle. It is not a pretty picture. Make good ‘small decisions’ now so you have the opportunity to have a business next year.