How to Oversee the Essential Risks of Innovation

When it comes to innovation, boards are notorious for sending conflicting messages. They want to hear assurances of innovation and predictability from management in the same breath. Unfortunately, innovation and predictability don’t go hand-in-hand. Simply put, innovation can’t exist without risk. In fact, the two are easily understood as a marriage—they show up together and work in unison.

Those of us who work in cybersecurity—where staying ahead of adversaries can mean life or death for a company—know that better than most. We have to invest in new ideas, technologies, and processes to adapt to an ever-changing threat landscape. Such investment, like any investment, entails some risk.

We can apply lessons learned about cybersecurity innovation to just about any industry. That’s because every company needs to innovate to remain competitive, which inherently means taking risks. How much risk is enough? How much is too much? And what’s the best way to foster innovation while balancing the need to take risks with the need for predictability?

The best way to answer these questions is to develop clear processes around innovation. It all starts with good communication and diversity of viewpoints.

Talk It Through

Effective communication is key between senior leadership and the engineers and others responsible for innovation. Communication reveals ideas worth taking chances on. There are two structural processes that can work well for this that the board could suggest.

1. Encourage management and engineers to engage in ad-hoc sharing of observations. This means forming groups to share candid observations about what’s working and what’s not working within an organization.
   At Rapid7, we pull in team members across the organization to bring a variety of perspectives to the table. I recommend creating small cross-functional teams and getting them in the habit of observing and sharing ideas to generate more innovation. This continuous dialogue pushes people to think more broadly and differently while sharing learnings that can then be reported to the board when discussing innovation.
2. Facilitate thought-provoking discussions. Encourage management to create thought experiments designed to spark new ideas and challenge conventional thinking. Those facilitating the conversation might start by asking, “If I gave you an unlimited amount of money to double our efficiency, what would you do?” Or, “If we were going to build a business plan to destroy our business and at the same time gain twice the profits and twice the customer loyalty, what would we do right now?”

These processes can be quite powerful in uncovering places to innovate. But in order for a leadership team and those responsible for innovation to maintain a firm grounding in the reality of the industry while also allowing room for creativity, they need a source of external truth. That means urging management to get outside of the company bubble.

Learn from the Field
To gather new ideas, people across functions should spend unmanaged time outside of the organization, bringing observations back to leadership and to their work. Spending time with customers and partners, engaging with peer groups, observing and engaging with competitors, reading, and attending conferences are all ways to gather the insights that are crucial for effective innovation. The board should challenge management to build a culture of curiosity within the company.

That said, directors should beware of herd mentality taking over the minds of management. Emulating companies that have non-sustainable positions or those in which you have too little insight into the success they are having often doesn’t play out well. Instead, encourage management to pay attention to well-performing companies in their quest for ideas that will improve your company’s position.

At Rapid7, I frame these jobs as learning. I don’t need my teams to come back with concrete action steps or specific outcomes but instead with a learning plan and details on what they saw that has the potential to transform the business over the next year.

Anything a team learns that can potentially create an advantage opens the doors to innovation. Therefore, this culture of learning should not focus only on technology, but instead on the combination of process, technology, market, and customer needs.

Create an Innovation Culture

To flourish, innovation also must be nurtured in the culture of the organization as expressed in the attitudes, beliefs, and behaviors of its people. Cultures that punish failure, demand certainty, or reward short term results kill innovation before it can even be expressed as an idea. On the other hand, cultures that emphasize learning, encourage experimentation, and focus on rewarding long-term growth behaviors tend be much better at innovation. One of the keys to this is encouraging transparency and reinforcing that it’s okay to discuss possibilities even when the path to delivery is unclear. Lastly, innovation demands an environment built on trust. When people don’t trust each other, they can’t be vulnerable and share their ideas, hopes, and aspirations. Directors should cultivate a culture of open conversation with their management team, and then encourage the same candor between management and employees across the company.

Embrace the Right Level of Risk

Many organizations pursue the minimal amount of innovation because they fear taking too big a leap and risking too much. Others may aggressively pursue transformational innovation that comes with a high degree of risk. What’s the right balance?

To make that assessment, directors and management can consider the three main levels of innovation, in order of increasing risk.

• Incremental improvement innovation. You will generally have a high degree confidence about this level of innovation because others in your industry are already doing it and you have real-world observations to back up planning for those innovations.
• Outside-in innovation. Somewhat riskier, this level of innovation involves implementing ideas that you are confident could be successful based on outside observation—perhaps from beyond your industry—and adapting them for your organization.
• Moon shot innovation. The ultimate risk, with a potentially high-reward payoff. Think SpaceX’s success at launching a sports car to Mars in its quest to ultimately get settlers there.

For a company that’s doing well inside a stable industry, it’s most likely not wise to take a huge risk. Incremental innovation in this case may be enough, always with an oversight-focused eye on what others in the industry are doing.

A company in a more volatile industry, however, may need to get more aggressive in pursuit of game-changing innovations, with ideas borrowed from other industries. A moon shot in this case, appropriately managed and nurtured over time, may be just what’s needed. Directors should ask management to develop plans and evidence for these innovations that are clear, concise, and geared toward oversight of the project’s successful execution and value creation.

Manage the Learning Cycle
Innovation takes time, starting with the learning cycle.

In our experience, the learning cycle takes about a year, and is crucial for properly managing the risk involved in investing further. For implementation, two to four years is a good rule of thumb to start to see a return on investment. Here’s the typical timeline from idea to implementation.

Year 1: Learn a concept.

Year 2: Decide to learn more or kill it.

Year 3: Learn a few more things and try some ideas. Refine the concept.

Year 4: Get traction.

A successful organization prepares for innovation in the same way a runner prepares for a marathon. Innovations and marathons both take time, conditioning and learning the course. That includes understanding the role that risk plays in innovation. Starting with that foundation will put boards and the companies they serve on the right track for success now and into the future.

Corey E. Thomas is CEO of Rapid7. Read more of his insights here.