Well it’s interesting to see the comparison between risk averse / risk embracing which is kind of the topic here. Are there other areas where companies can be disruptive because of the foundation other “end game/risk averse/bound by laws” companies have laid?
It’s an interesting cycle and perhaps research to see how these things effect eachother?
I'll admit there is an argument about risk aversion of civil servants, but I don't think that's necessarily the issue at hand here.
NASA's implementation of different Center's actually addresses a risk that SpaceX doesn't have to necessarily consider (or at least to the same magnitude). Namely, it's meant to address political risk. NASA's missions almost always span multiple administrations, meaning they risk being defunded each election cycle. This is mitigated by spreading the political reward across multiple districts, who then have politicians with a vested interest in keeping those programs going. The downside of this is a lack of efficiency. Unlike SpaceX, NASA can't build up a single location to build and test rockets. If they did, there would be two Senators who want to keep it and likely 48 others who want it defunded in order to fund their own pet programs. So we have programs managed out of Ohio, tested in New Mexico, Mississippi, and California, funded out of Texas, and launched out of Florida.
I'd argue they aren't "risk adverse", but they mitigate a different set of risks. In any event, SpaceX can't be "disruptive" without the complicit help of the organization they are disrupting. It isn't really disruption, but a symbiotic relationship as intended. SpaceX actually gets to outsource a lot of their risk to the American taxpayer because their early (and major) customer (NASA) is self-insured. It's much easier to take on a lot of risk if somebody else is footing the bill.
I think a major risk to SpaceX that people don't really talk about is the bureaucratic quality risk. Right now, SpaceX doesn't have to meet the same requirements as an in-house NASA build. That allows them to streamline their efforts, but also implies an increase in risk. (Most requirements are a response to some risk). However, if any bad event happens like god-forbid they lose astronauts, you can bet additional requirements will be levied. This may really impact their "disruptive" advantage. Look at the example of their F9 strut failing in 2015. For some reason, SpaceX didn't levy supplier quality checks prior to the accident even though it's common practice in industry. Now, they do. The real question is if they were making risk informed decisions previously or just naïve.
It’s an interesting cycle and perhaps research to see how these things effect eachother?