Southwest Airlines is Grounded. What are the lessons for our businesses?
1–3–2023 (Monday)
Hello and Happy New Year. Welcome to the first 2023 edition of Cyber Risk at Deal Speed, your weekly video update on the one big thing in cybersecurity for private equity investors and portfolio company management teams.
I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors, and you can find us online at coastalcyber.io
Today is Monday January 3rd and this week’s One Big Thing is the Southwest Airlines incident - but probably not for the reasons you might expect .
Let’s dive in.
Southwest Airlines: There Are No Solutions, Only Tradeoffs
As I watched the chaos unfold for Southwest Airlines passengers and crew over the holiday - a result of the weather, Southwest’s strategy as an airline, and the technology tools they use to run their business - I couldn’t help but be reminded of a phrase from American economist Thomas Sowell:
There are no solutions, only tradeoffs.
Southwest has made a host of operational tradeoffs that we are seeing in a cascade effect, including using a point-to-point model instead of a hub-and-spoke model, running very lean in terms of planes and staff, and technical debt around the software that supports crew scheduling.
But because we’re seeing them struggle through a few days, does it mean that these are the wrong decisions? Not necessarily.
Are customers upset? Yes. Are staff upset? Yes. Are their unions upset? Yes. But has their business really suffered? That’s less clear.
As of this morning, their stock price is down less than 10% since the incident started, and isn’t any more volatile than it has been over the past twelve months.
The cost of changing their operational model - whether that’s crewing, the way they route and turn their planes, or the software they use to support operations - are all massive. Likely far greater than the two billion or so of market cap they’ve lost from this incident.
Obviously, there are short-term and long-term measures here both on the cost/investment side and in terms of return, but I think that a pretty compelling argument could be made that Southwest’s struggles are the natural outcome of running the way they run if there’s a “perfect storm” of factors. Perfect storms, in their case, are simply rare enough that the incentive to change isn’t sufficient.
So what can we learn for the way we manage our businesses? I think a few things:
Let’s not over-read Southwest’s operational model as being entirely laissez faire. Indeed, they are all intentional, and not defaulted into. Make sure that your strategic decisions are similarly intentional. Decision by default is something entirely different.
Southwest was able to recover. Sure, it was painful, but they had the capability and procedure to get reset, and will run the vast majority of their flights today and close out their baggage backlog this week. Is your business able to come back from a 80+% hit in a week? If not, maybe this model isn’t for you.
Technical debt accumulates over time, and exists in a complex problem space. As technology becomes ever more critical to operating our businesses, it can be difficult to properly conceptualize of the real impact of technical debt in all the ways it can limit or hinder our business, and in the difficulty of resolving it (at least in terms of complexity) after it reaches a certain amount. Be mindful about these tradeoffs along the way, lest there come a point where none of the the tradeoffs you’re left with are acceptable.
Update: Rackspace’s Ransomware Incident
Rackspace - now more than a month into their incident and six days since their last update, note in a somewhat interesting tone that their customer data recovery process is “currently progressing as expected.” Indeed.
Fundraising
New year, new numbers - starting next week. Bank holiday today for most, so we’ll review the numbers when we get back together next week.
Looking forward to seeing how the trends play out, and - of course - where all that committed capital from last year ends up.
You can find all the links to the stories we covered below, find back issues of these videos and the written transcripts at cyberriskatdealspeed.com, and we’ll see you every Monday for Cyber Risk at Deal Speed.
Links
https://www.seat31b.com/2022/12/the-great-southwest-meltdown-of-2022/