Way back when, personal computers were just gadgets enjoyed by hobbyists.

Then, in 1979, Dan Bricklin and Bob Frankston invented VisiCalc, the world’s first electronic spreadsheet.

VisiCalc was, for the personal computer, what the inflation that followed the Big Bang was for the universe.

Then the Internet happened, and with it the four key innovations that made it interesting enough to stimulate all the other innovations that made it more interesting: Wikipedia, search engines, Google Maps, and Amazon.

Wikipedia is on the list because it changed where we all go to satisfy our curiosity about just about anything with confidence we aren’t just reading FAKE NEWS!

Search engines? Because they’re what we use when we want to find something someone wants us to find.

Google Maps wasn’t the first mapping application, but it’s completely replaced paper maps and the Yellow Pages for locating anything and navigating to it.

And Amazon is what we use when we want to buy something, never mind if the vendor is nearby or not. It’s also supplanted local libraries, and in part is supplanting the Library of Congress. It’s also what we use when we want to find a book about something.

Not to trivialize everything else on the internet … many readers would, for example, add blogs and social media … but it’s these innovations that resulted in the internet supplanting much of physical reality.

Then there’s one more innovation that, in its own way, has been just as influential: cybercrime. It’s key impact: Preventing innovation. This week’s topic: How to encourage innovation without endangering the enterprise.

Start here: “Innovation” isn’t a thing. Or more precisely, it isn’t just one thing. Conversations about innovation are easily derailed by confusing and conflating innovation’s various contexts.

Product innovation

Conversations about innovation are, for most people most of the time, about products and services. Product-innovative companies design, engineer, market, and sell products and services that have unexpected and exciting features.

Not that there’s anything wrong with adding unexpected and exciting features to your business’s products and services. Far from it: When it comes to marketplace success, product innovation is right up there with selling at the lowest price and making the whole buying experience more convenient.

Only in this day and age, many potentially valuable features might never see the light of day due to cybersecurity considerations.

Or, even worse, they might see the light of day while ignoring their cybersecurity implications.

Process innovation

When the subject is innovation and it isn’t about products and services, it’s probably about internal processes. And when it comes to competitive advantage, that’s as it should be: Better internal processes can result in lower product prices and improvements in convenience.

Big process improvements tend to come from formal projects that build cybersecurity into their deliverables. But as a general rule, there’s as much opportunity from large numbers of small improvements as from small numbers of big improvements.

If it weren’t for cybersecurity worries, business users could, between Excel and Robotic Process Automation tools, sand off a lot of small obstacles to process efficiency with minimal IT involvement.

But taking cybersecurity concerns into account, a lot of these opportunities will never see the light of day.

Products and processes are the most obvious types of innovation that can be stifled by cybersecurity considerations. But they aren’t the only ones.

But wait! There’s more!

Two types of innovation get less attention than they deserve: capability innovation and customer innovation.

Capability innovation is making the business competent at skills it could use to improve its products, services, and internal processes if only it knew how to do something.

Customer innovation is all about finding ways to attract customer segments the company currently ignores.

Both of these innovation categories are just as prone to being stifled by cybersecurity concerns as products and processes.

Bob’s last word: I’d love to tell you I have a brilliant solution that results in a highly innovative business that’s also perfectly hardened.

I don’t. My best suggestion (no, not “best practice”!) is an all-out, no-hold’s-barred, high-visibility effort to build cybersecurity awareness into the business culture. Couple that with turning the Cybersecurity organization into a highly accessible internal consulting group, ready, willing, and able to help anyone developing an innovation to harden their innovation.

If you have other alternatives to suggest, please post them in the comments. That’s what they’re for.

Bob’s sales pitch: It isn’t really a sales pitch, but it’s time for the annual KJR census. It’s your opportunity to let me know enough subscribers have enough interest in what I write every week to warrant the time and effort needed to write it.

It’s also your opportunity to let me know which of the topics I tend to write about … and others that I don’t … are topics you want to read about.

If you’re willing, please use the Comments so we can get a discussion going on the topics front. If you don’t want your thoughts to appear in a public forum, use the Contact form instead. Thanks!

Just for giggles, take a few minutes to google the contents of your average MBA curriculum.

I’m not going to quibble about what’s in them. My quibble is with what isn’t. High on the missing courseware list: project management. Curiously, this, the practice needed to make tomorrow different from yesterday isn’t important enough to be a mandatory business management skill.

Then there’s this week’s missing subject: epistemology.

Yes, epistemology. It sounds abstruse and esoteric. But one of the eight tasks of leadership is making decisions, and decision-makers can’t make good ones if they don’t know what they know and how much they should trust it.

Read about epistemological thinking and you’ll bump into Karl Popper, the pre-eminent philosopher of science. His key insight: Science never proves anything. Scientific research fails to disprove – to falsify. Fail to falsify an idea enough times and scientists start to have confidence in it.

Or, more accurately, they have more confidence in it than in any of the competing ideas floating around in the meme-o-sphere.

Which leads to the business response to COVID-19.

Most of the decisions your average business leader must make might be scientific in a metaphorical sense, but they’re rarely about scientific issues. Quantum electrodynamics, for example, has little impact on compensation policy.

COVID-19 changed that, calling for business decisions about a scientific issue. And so, decision-makers were advised to “follow the science” – advice I made myself and still endorse.

With this caveat: As pointed out in Michael Lewis’s excellent The Premonition: A Pandemic Story, when the SARS-CoV-2 virus appeared there was no science to follow. Epidemiologists had few established facts about it – too few to formulate high-confidence policy recommendations. Even such fundamentals as the virus’s lethality and contagion had large error bars.

Nor did economists have a body of knowledge to guide how to go about putting the economy in an induced coma … necessary given the millions of lives that were at stake … and then, when the situation was safer, to resuscitate it.

To everyone’s credit, most leaders endorsed the idea of “following the science” in their decision-making. What became blurred, though, was that the science being followed wasn’t yet actual science. Our ability to forecast how the virus would behave in real-world populations hadn’t yet been tested by multiple Popperian falsification loops.

What we did have were seasoned, dedicated, brilliant researchers who extrapolated from their knowledge of coronaviruses, viral propagation, and economics to the situation at hand.

Recall that even the prosaic idea of taking maximum advantage of the tools and practices associated with employees working remotely was an extrapolation from far too little data to accurately predict where it would lead.

“Follow the science,” that is, didn’t, and couldn’t, mean what the plain words signaled. It meant that, given the choice, we should take the current scientific consensus about the virus as the best alternative available – in the phrase made famous in Argo we followed, for the most part, the best bad plan we had.

Bob’s last words: In the early 1990s, Al Gore sponsored the legislation that, combined with Tim Berners-Lee’s invention of HTML, led to the modern internet.

Imagine what today’s world would be like had he not provided this leadership. And yet, as his reward, he was widely ridiculed for a claim he never made … that he’d “invented the Internet.”

Culminating on January 2, 2000, an army of dedicated and hard-working technologists successfully prevented world economic collapse through their response to the Y2K problem. Instead of throwing a parade for the IT professionals who had just saved the world, the world griped ignorantly about the so-called Y2K hoax.

And so, I guess we shouldn’t be surprised that the level of appreciation we as a society have been expressing for the dedication and hard work aimed at deflecting the worst of the pandemic is somewhat lacking in enthusiasm.

Which gets us to takeaways in the leadership and management principles we apply every day to do the work of the businesses we support:

There will come a time when you have to formulate a response to a difficult, complicated, and high-impact challenge. It won’t be the kind of challenge that comes with a well-defined, packaged solution you can follow with confidence.

The best you’ll be able to do is to pull your best experts together to figure it out, knowing they won’t achieve perfection.

Please – when this happens, apply the lessons of recent world history. Thank the team for the successes they do achieve; don’t grouse about what they missed. They did their best … and, very possibly, did the best possible. That they failed to predict the future with precision won’t have been a failing.

It’s the nature of the future.

On CIO.com’s CIO Survival Guide:The successful CIO’s trick to mastering politics,” about the basic principle that relationships outlive transactions, and what happens when a CIO fails to embrace this fact of organizational dynamics.