Solving a Problem You Can’t See – Why Digital Sprawl—Not Just Cyber Risk—Is the Real Threat to Business Value

David Nichols – Co-Founder and Executive Director of the DVMS Institute

The Context

In mid-2024, a global logistics company faced a cascading failure that halted its digital operations. The cause? A targeted cyberattack on a seemingly minor third-party invoicing service buried within a legacy integration layer. What followed wasn’t just a financial disruption—it caused a chain reaction that froze customs processing, delayed shipments worldwide, and took mission-critical systems offline for over a week.

The breach didn’t compromise the most secure or visible assets. Instead, it revealed a blind spot in how the organization understood its digital value delivery. Leadership had invested in tools, audits, and frameworks but lacked a unified view of how digital capabilities connect across business and risk functions. The company had strengthened its systems—but not its understanding. It treated cyber risk as a technical silo, not as an outcome of how the organization creates, protects, and delivers value. A systemic failure like this isn’t about one weak control—it’s about not seeing the system at all. That’s the gap DVMS was built to close.

The Problem

Most executives aren’t ignoring the biggest threat to their business; they simply don’t know it exists. They see the symptoms—disjointed digital strategies, rising cyber risks, change fatigue—but not the systemic problem underneath. Assuming the issue is operational, they double down on technology, compliance, or transformation efforts. However, the root problem is subtler, more pervasive, and more consequential: how leaders think about digital business value.

I want to explore a perspective on understanding—and ultimately solving—the complexity that obscures, delays, or destroys digital value. That makes it one of the most urgent conversations we need to have in today’s boardrooms.

The Blind Spot: Leading Through a Fragmented Lens

Most leadership teams view their digital enterprise through a fractured lens. Each department uses its tools, metrics, and risk models. Everyone has visibility into their part of the puzzle, but nobody sees the complete picture. When something breaks—a failed transformation, a cybersecurity breach, or a sudden compliance issue—the response tends to be tactical, reactive, and disconnected.

This isn’t due to incompetence. It’s because traditional leadership training doesn’t match the modern digital world. MBA programs, old IT governance models, and conventional risk strategies were all built for linear systems. Digital ecosystems, on the other hand, are nonlinear, dynamic, and deeply interconnected. They don’t reward command-and-control approaches; they punish them.

As a result, leaders often “can’t see the forest for the trees” because the trees have been reorganized into fiefdoms: security, operations, risk, product, data, and compliance. Each pursues valid objectives, but collectively, they lead the organization toward greater fragility.

The Cost of Digital Sprawl

Digital sprawl describes the uncontrolled growth of systems, processes, and behaviors that reduce value while increasing complexity. Its effects are real but often misunderstood.

• Duplication and Drift: Tools and processes overlap, creating inefficiency and confusion. Teams reinvent solutions without realizing a better one already exists in another part of the organization.
• Risk Invisibility: Disconnected governance makes it impossible to trace how decisions affect value creation, protection, and delivery across business units.
• Change Paralysis: Minor adaptations become political battles without shared context or accountability. Everyone is waiting for someone else to move first.

This isn’t just a technology issue. It’s a leadership issue—an example of managing digital value without a common perspective.

DVMS: A Lens, Not Just a System

The Digital Value Management System (DVMS) is a capability-based approach to aligning culture, operations, and talent around digital business value. We created it over five years ago to reframe the “complexity problem.” It doesn’t promise silver-bullet solutions or prepackaged controls (after all, you make the big bucks for a reason). Instead, it helps leaders see the relationships between their culture, capabilities, and workforce in the context of digital value.

The DVMS model is built on three foundational domains:

• Culture: Culture is not a morale metric but a set of observable behaviors under stress. It reveals how teams make decisions, prioritize action, and respond to failure. Leadership curates it.
• Minimum Viable Capabilities (MVC): These are the essential skills your organization must perform reliably and consistently to create, safeguard, and deliver digital value.
• Skills: Not just generic training metrics, but fundamental role- and context-specific ability to perform in line with the organizational risk and value goals.

Each of these domains interacts with the others. Weakness in one often reveals a hidden fragility in another. DVMS highlights these interdependencies.

The Value of Seeing Before Solving

Too many organizations rush to fix problems without first understanding them. DVMS argues the opposite: see before you act, stabilize before you scale, and align before you automate.

This is where the DVMS FastTrack approach plays a role. Instead of trying a “big bang” rollout that overwhelms staff and systems, FastTrack helps organizations focus on the highest-risk gaps, address them in manageable phases, and build lasting momentum over time.

Use Case:

A federal agency begins its DVMS journey not by rewriting policy or deploying tools but by conducting targeted assessments for its Risk Team and senior technical leaders. Within weeks, it realizes that cultural gaps—not tooling issues—are the main cause of past cybersecurity failures. It introduces new, behavior-focused training. Within 90 days, the agency observes a noticeable decline in policy violations and response delays.

AI as The Intelligent Guide Through Complexity

If you’re not using AI to understand and address your performance gaps, your competition probably is. The adaptive AI embodies this philosophy by supporting intelligent, context-aware action. It’s not a command center or a chatbot. It’s a learning assistant that helps your Risk Team navigate complexity.:

• Prioritize which gaps to close first
• Understand the “why” behind each recommendation
• Adjust guidance in real time as new assessments and insights emerge

Crucially, it doesn’t make decisions for the organization. It supports the people who do. Kaia helps organizations move faster and more intelligently by combining machine learning with human oversight.

Rethinking Leadership: From Commanders to Enablers

This is not about abandoning structure or throwing away legacy tools. It’s about shifting leadership focus from control to coherence. In the DVMS approach, the most important thing a leader can do is make complexity visible, actionable, and aligned with mission value.

That means asking:

• Are our behaviors enabling or sabotaging digital value?
• Do we know what capabilities we need, and whether we have them?
• Can we detect and correct misalignment before it creates systemic risk?

These are hard questions—but they’re the right ones.

Conclusion: Solving the Problem Starts with Seeing It

If you’re still tackling isolated problems with isolated solutions, you’re not managing digital value—you’re managing digital entropy. Start by asking your Risk Team the right questions—and give them the right tools to answer them. And the future belongs to those who can.

The Digital Value Management System is not a framework you “install.” It’s a lens you adopt—a way of seeing the organization as it truly is, so you can become what the digital era demands.

DVMS, FastTrack, and an adaptive AI create a practical, human-centered, AI-supported model for managing complexity with clarity. Because ultimately, you can’t solve a problem if you can’t see it.

About the Author

Dave is the Executive Director of the DVMS Institute.

Dave spent his “formative years” on US Navy submarines. There, he learned complex systems, functioning in high-performance teams, and what it takes to be an exceptional leader. He took those skills into civilian life and built a successful career leading high-performance teams in software development and information service delivery.

In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”

The DVMS Institute’s Certified Training Programs teach organizations the skills to build a Holistic, Adaptive, and Culture-Driven Overlay System that turns fragmented digital governance, assurance, and culture into a unified Digital Value Management System® capable of driving Cyber Operational Resilience, Regulatory Compliance, and Digital Trust outcomes.

The DVMS positions Cyber Operational Resilience, Regulatory Compliance, and Digital Trust as strategic, enterprise-wide digital business capabilities powered by existing best practice systems (ERM,  ITSM, GRC, NISTCSF, etc.) and the DVMS MVC, CPD, and 3D Knowledge models.

Achieving true cyber operational resilience, regulatory compliance, and digital trust requires seamless alignment between organizational Strategy, Governance, and Operations, underpinned by a culture dedicated to sustaining and continuously innovating the Creation, Protection, and Delivery of organizational digital value.

This systems-based approach to cyber operational resilience, regulatory compliance, and client trust demands active engagement from all members of the Digital Ecosystem, with each member playing a distinct role in proactively identifying and mitigating the systemic risks that threaten digital business operations.

This forward-looking approach to Adaptive Governance, Integrated Assurance, and Cultural Resilience positions businesses to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Deliver Digital Value, and Trust Across A Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

DVMS Explainer Videos

• Architecture Video: David Moskowitz explains the DVMS System
• Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• Overlay Model – What is an Overlay Model
• MVC ZX Model – The MVC’s that power operational resilience
• CPD Model – Adaptable governance and assurance
• 3D Knowledge Model – Enabling holistic organizational learning
• FastTrack Model – A phased approach to cyber resilience

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved