Innovation is winning the "next" war, not fighting the last one
This concept, as you might have guessed, comes to us from the military, where for countless generations armies and generals have planned and executed elaborate strategies to win a war that wasn't going to be fought. By preparing for the last war, they unintentionally spurred innovation by their enemies to create entirely new forms of warfare. Therefore, after World War I the French built the Maginot line, determined to keep the Germans at bay on the French eastern borders. This was a tremendous alignment of fortresses and static defenses that would have forestalled the broad fronts and trench warfare of World War I. Countless resources were invested in the Maginot line, which the German High Command totally ignored. Instead they opted for, and prepared for, Blitzkrieg, rapid warfare to bypass static defenses and fight before the other army could deploy. In the case of World War I, the French had prepared for the last war, and in a way probably spurred innovation in warfare by the Germans, who could not successfully attack the Maginot line directly. The French prepared entirely for the same war and doubled down on those strategies and tactics, while the Germans innovated and planned for a completely new type of warfare.
The same thing is happening today in very different spheres. The US Federal government is tightening down privacy rules and requirements, and many large health and financial institutions are investing tremendous sums of money to keep all individual and consumer information secure and private. Meanwhile, consumers and other web savvy individuals are increasingly opening up and "living life in the open" on the web. Two recent articles caught my attention to this trend, but there have been many more.
First, there was an article in the NY Times on Sunday about individuals using Blippy, Swipely and FourSquare to publish where they were geographically and what they were purchasing. One individual noted his gasoline purchases and his nose job! Now we can follow anyone in real time and understand what they are purchasing, where they are spending time, and their most intimate thoughts, and in some cases we can even watch them live their lives online. Note that even a disclosure of some credit card information on Blippy which happened recently hasn't encouraged individuals to end their living online philosophy. I think many of these consumers see this as simply a cost of doing business and living out in the open.
One reason is that Blippy immediately responded to the issue and worked with its partners to try to shut down the publication of information. They did so in an apologetic and more importantly, transparent way. These small firms are earning the trust of consumers who have turned away from larger institutions that are spending far more on security but are not very transparent.
Could it be that for the younger consumer larger firms and even the government are "fighting the last war" on privacy and data security, rather than looking ahead to what consumer want and what the environment will look like in the near future? If we all live in a virtual data nudist colony, with no privacy but lots of transparency and rapid repair of any breach, what should banks and health care firms focus on? Not defensive security but rapid response and more transparency about the inner workings of the organization.