We are basically risk averse. Most of the people that you think are going to be risk-averse, are. For example, older workers, workers with seniority, and those in stereotypically risk-averse industries (e.g., retail banking) are more risk averse than others where other variables are constant.
INFOSEC got most of its people from banking, and most from a very conservative bank that never really changed its ways from the old “Bankers” vs. everyone mentality. Managers at any bank, especially those with long tenure, are much more risk averse than managers from other industries.
But because INFOSEC is a high-end consulting firm, it will attract risk-taking candidates. This will create a striking imbalance within the company, between the old guard from the bank and the new, risk-taking employees. The account executives and the owner are all from a large, conservative bank. They are indeed risk-averse, not understanding that they can take certain risks with clients and still maintain a good relationship. Without taking risks, the relationship becomes one of overlord and serf, with the roles not certain.
What is important is to balance your risk takers with risk-averse, making sure that the top managers are not the risk averse.
Taking Risks: The Management of Uncertainty. Kenneth MacCrimmon & Donald Wehrung. Free Press, 1988.
Risk Taking: A Managerial Perspective. Zur Shapira. Russell Sage Foundation, 1997.