Barbie vs. Oppenheimer: What Barbenheimer Can Teach Us about Risk Management

by Tori Thurmond / March 8th, 2024

If you were paying any attention to pop culture last summer, chances are you caught wind of two of the biggest movies of the year being released on the same day last July. Greta Gerwig’s Barbie and Christopher Nolan’s Oppenheimer broke box-office records as movie-lovers flocked to the theaters to see what all of the commotion was about. Some even decided to see both films on the same day, a trend that soon became known as Barbenheimer.  

The 2024 awards season has been filled with chatter about these two films and which one might take home the coveted Best Picture Oscar nomination. But we think there is an even bigger question at hand:  

Who would be better at managing risk? Barbie or Oppenheimer? 

Oppenheimer may seem like the obvious choice, with his high-pressure and extremely technical career, however, some might argue that he didn’t properly consider the risks and ramifications of creating an atomic weapon. On the other hand, Barbie has over 200 careers, ranging from Starfleet Engineering Officer to Ballerina, and while the closest thing to a Cybersecurity Barbie is Computer Engineer Barbie, I think she’s pretty good at accomplishing anything she sets her mind to. Plus, Physicist Barbie won a Nobel Prize. Robert Oppenheimer was nominated three times and never won. So, personally, my money is on Barbie for this one.  

Regardless of who you think would make a better security professional, we wish both of these films the best of luck for the rest of this year’s awards season! But, more importantly, we want to dive into how you can be a winner this year by strengthening your risk management processes.  

What is risk management?

Whether you’re considering what could happen if a new weapon is created or you’re left deciding if “beach” is the right career move for you, we all manage risk in our everyday lives. We spend our time weighing how our decisions could negatively or positively impact our lives, and every business organization should be doing the same.  

Every successful organization needs a solid risk management strategy to ensure both the security of the business’s assets and the trust of their clients with their personal data.  

Risk management is defined as the process of identifying, assessing, mitigating, and controlling threats to an organization. These threats could stem from financial uncertainty, legal liabilities, management, accidents, or natural disasters. As the threat landscape continues to grow and evolve, you’re probably hearing more and more about risk management, but why is it so important and how do you properly manage your organization’s risk?  

How Risk Management Can Help Your Organization Win

Not only is risk management a requirement of different compliance frameworks, like SOC 2, PCI-DSS, and HIPAA but it’s also the best way to keep your organization and the data you’re responsible for secure. Clients don’t want to work with organizations that aren’t putting in the work to stay on top of threats and vulnerabilities.  

Developing your risk management strategy can feel overwhelming because you want to make sure you’re doing everything you can to keep your organization as secure as possible. To help with this intimidating process, here are a few key components your risk management strategy should include:  

1. Risk Identification

Risk identification is the process of documenting potential risks and then categorizing the actual risks the business faces. Systematically identifying all possible risks reduces the likelihood that potential sources of risk are missed.  

When identifying risk, it’s also important to not just think about the risks that the business currently faces, but those that might emerge in the future, as well. As technology evolves and businesses reconfigure, the risk landscape changes too, and you don’t want to get left behind.   

2. Risk Analysis

Once risks have been identified, the next step is to analyze their likelihood and potential impact. How exposed is the business to a particular risk? What is the potential cost of a risk becoming a reality? An organization might divide risks into “serious, moderate, or minor” or “high, medium, or low” depending on their potential for disruption.  

Risk analysis helps businesses prioritize mitigation. For example, a risk might have a potentially serious impact, but a very low likelihood. The business might choose to deprioritize mitigation compared to a risk with a high cost and a high probability of occurring. 

3. Response Planning

Response planning allows the organization to decide what they plan to do about a certain risk. For example, if during identification and analysis, you realized that the business is at risk of phishing attacks because its employees are unaware of email security best practices, your response plan might include security awareness training.   

4. Risk Mitigation

Risk mitigation is the implementation of your response plan. It is the action your business and its employees take to reduce exposure. Continuing with previous example, the implementation might involve security awareness training, the creation of onboarding material to educate employees, and so on. The organization must design controls that reduce the risk to appropriate levels. These controls must be tested to ensure they are suitably designed and operate effectively. 

5. Risk Monitoring

Risks are not static; they change over time. The potential impact and probability of occurrence change, and what was once considered a minor risk can grow into one that presents a significant threat to the business and its revenue. Risk monitoring is the process of “keeping an eye” on the situation through regular risk assessments.   

Don’t Get Snubbed by Prospects and Clients: Perform Regular Risk Assessments

There’s been a lot of talk about actors and directors getting snubbed from various awards this year for one reason or another (*cough, cough, Greta Gerwig*). Whether you agree with the Academy’s choices or not, we would hate for you to get snubbed of any business opportunities of your own due to how your organization handles risk. 

Just as different audit frameworks require organizations to have risk management strategies, many also require regular risk assessments. Risk assessments are a key part of a solid risk management plan. They are intended to trigger a thought process to identify vulnerabilities and risks specific to your organization as well as the various requirements you’re facing. When you have the opportunity to anticipate a potential security incident and address the potential impacts, chances are you will be able to save your business from any operational or reputational loss. That sounds like a win to me! 

For more on why you should perform a risk assessment, watch this short message from our President and Founder, Joseph Kirkpatrick.  

P.S. If you aren’t sure your risk assessment is doing everything it’s supposed to, you can have your risk assessment reviewed for free by one of our experts. We want to help you feel confident to face today’s threat landscape. Click here to get started on your free risk assessment review.  

Work with KirkpatrickPrice, and start preparing your acceptance speech now!

I don’t want to get cut off by the music, so I’ll wrap things up by letting you know that, at KirkpatrickPrice, we understand tackling your risk management program can feel as intimidating as watching two Oscar-nominated films in a row. However, when you partner with us, you can start preparing your acceptance speeches for the new contracts and business opportunities your risk management practices will help you win. If you have questions on how you can improve your risk management processes, connect with one of our experts today. We’re rooting for you! 

Header image source: @JustRalphyyy on Twitter 

About the Author

Tori Thurmond

Tori Thurmond has degrees in both professional and creative writing. She has over five years of copywriting experience and enjoys making difficult topics, like cybersecurity compliance, accessible to all. Since starting at KirkpatrickPrice in 2022, she's earned her CC certification from (ISC)2 which has aided her ability to contribute to the company culture of educating, empowering, and inspiring KirkpatrickPrice's clients and team members.