Hacking the Human Brain: How Cognitive Science Helps Mitigate Risk
Human behavioral tendencies and individual decision-making factor largely into any organization’s risk profile.
The urge to look at a flashy billboard distracts a truck driver just long enough to cause an accident. Simple forgetfulness causes a retail worker to neglect to set his store’s alarm system when he closes up for the night. The desire to act quickly on an urgent request from the boss drives an office worker to wire a sum of money without verifying the request.
All of these losses are avoidable, but even the most comprehensive employee training can’t re-wire the brain to prevent mistakes 100 percent of the time.
Enter Behavioral Science
According to a recent Deloitte report, “The future of risk,” behavioral science is “the study of human behavior through systematic research and scientific methods, drawing from psychology, neuroscience, cognitive science and the social sciences.” Businesses are turning to its methods to identify the thought processes and biases that drive people to make risky decisions, and how those behaviors could be modified.
“There are two levels where behavioral and cognitive science can be applied to risk management. The first is making normal risk management processes more efficient and effective. The second is, more broadly, allowing decision-makers to better identify opportunities worth pursuing,” said Dilip Krishna, chief technology officer and a managing director with the Regulatory & Operational Risk practice at Deloitte & Touche LLP.
Krishna said natural language processing technologies can be used to apply the principles of cognitive science to employee behaviors. According to analytics software provider SAS, “natural language processing is a branch of artificial intelligence that helps computers understand, interpret and manipulate human language.”
A scan of employee emails might, for example, be able to identify when a worker is overly stressed just by the tone or language he uses.
This includes data that exists in Word documents, Excel spreadsheets, emails, texts and images — formats workers use to communicate but which computers do not easily interpret. Natural language processing can recast that data so computers can better understand it, allowing risk managers to tap into broader insights.
A scan of employee emails might, for example, be able to identify when a worker is overly stressed just by the tone or language they use.
“People under stress are more prone to making mistakes,” Krishna said. That insight offers an opportunity to intervene and head off mistakes proactively.
Predicting Employee Cyber Risk
Nowhere might this technology be more relevant than in the realm of cyber risk — specifically in the form of social engineering.
This form of theft or infiltration is built around manipulation of the mind and so offers the greatest potential for cognitive science to make improvements.
Tokyo-based technology company Fujitsu has already put this in play.
An enterprise-wide platform uses psychological profiling to identify the employees most likely to be tricked by a fraudulent email or link, based on how often they click links from emails, how quickly they respond to emails and their behavior while browsing the web. The organization can then provide additional, targeted training for those employees.
Pros and Cons of Cognitive Science Tech
But some employees might perceive those interventions as an unwarranted or unfair overstep. According to the Deloitte report, employees might “see behavioral interventions as an impingement of free will,” and organizations face the “risk of regulatory action in case of perceived misuse of behavioral intervention.”
“The world was built by humans for humans, but if we can take the way that computers think and apply that type of thought processing to the way we work, we can unlock a lot of insights.” — Dilip Krishna, chief technology officer and a managing director, Deloitte & Touche LLP
Still, Krishna said the long-term benefits of such technology from a risk management standpoint could be significant.
“The world was built by humans for humans, but if we can take the way that computers think and apply that type of thought processing to the way we work, we can unlock a lot of insights,” he said. “There’s potential for anywhere from 20 to 90 percent improvement from a risk profile perspective.”
In addition to employee and regulatory pushback, slow return on investment is also a roadblock. Despite its potential to reduce risks, Krishna acknowledged that parsing through complex human thought processes devising successful interventions takes time to get right.
But behavioral science has less-controversial applications in risk management as well.
“Design thinking” can train executives to overcome personal bias in decision-making, in pursuit of a more objective and thoughtful view of new business opportunities. This type of behavioral intervention helps business leaders take advantage of the upside of risk rather than avoid the downside, addressing the “second level” of risk management, as Krishna described.
As the amount of data grows exponentially and AI becomes even smarter, applications of cognitive science certainly have a place on risk managers’ radar. &