As you look to the year ahead, concerns about market stability and sales growth are likely top on your list. To be prepared for uncertainty and a changing marketplace, c-suite executives and boards can look to three driving forces that will impact every organization: cybersecurity, digital disruption and societal shifts. How is your company preparing to address these issues with a cross functional approach in the c-suite and how will your board oversee management of the risks? How are you gathering the industry intelligence and data you need to ensure you don’t miss an important trend?
As I travel the country speaking to directors and executives, discussions about cybersecurity have shifted from “if” this happens to us to “when” it happens to us. Many of you probably received the email from Marriott informing you that your information may have been stolen in a recent cybersecurity attack. While their response has been laissez faire, at best, and a lesson in what not to do, to me it is indicative that companies and customers now accept this as just part of doing business. That’s a very dangerous place for all of us to be. Consider some of the biggest threats in the year ahead and ask tough questions of your team:
Some of the biggest threats in the coming year continue to be state actors and targeted attacks. When stealing from you or your customers isn’t the goal, consider what groups or state actors might benefit from shutting you down or embarrassing you. Shutting down hospitals and health care providers, transportation companies, power companies, financial companies, big telecom could all bring our society to a screeching halt. Awareness of these potential targets is the first step. Do you need bitcoin for ransomware? What is your policy if you are threatened? How will you involve law enforcement? Do you have those contacts in place?
The Insider Job
Inside people also remain a threat, particularly in large organizations. Continual monitoring of employees and contractors with access to critical systems must be on your checklist. Many people have technical skills and could circumvent your systems. How do you watch for a disgruntled employee or strategically placed insider who could do you harm?
Your systems and physical premises are also vulnerability points. I can’t tell you how many companies I have been in where they don’t even check my ID at the front desk or have allowed me in after 5 p.m. without checking to ensure I was supposed to be there (I was, but they didn’t know that). How do you spot check security measures and hold everyone from the top to the bottom accountable?
Phishing is also one of those techniques that just keeps getting more refined. As we become more aware of how many companies Facebook has allowed to access private data and how Google tracks every movement across devices, it becomes clear that in the wrong hands, this data can be used to try to trick us. Additionally, most companies have moved data into the cloud so they can run their analytics tools more efficiently, but this inherently means it’s easier to scrape or hack that data and use it against you, your employees and your customers. No one is immune from this. Every organization must be vigilant about continued education and training on phishing. And, how do you continually make your customers aware of scams that seemingly come from your company?
There’s really no excuse when this isn’t done. Whether it’s software you paid for or open source you are using (and trust me you are using it), a patching program and random testing for patching must be put in place. This is the easiest back door into any company for a bad actor. I am shocked at how many companies I visit who have no idea if their open source code is patched or if there is a policy for it. How do you check randomly that this is being done? The Equifax breach was a failure to patch open source code.
Legislation on the Horizon
Finally on the cyber front, be mindful that legislation will likely come in the United States at some point regarding privacy and cybersecurity. There are a number of proposed laws that could require more formal education and steps taken by boards for cyber-readiness, and certainly privacy laws that may require notification in the event of a breach (this already exists in many states). Run drills and practice what to do when a cyber or crisis event hits so that you are all prepared. Assume your systems are down. How will you communicate with each other, employees, your customers, the media? This should be done at least annually and not just written up by legal or communications and put in a binder on a shelf.
The second big driving force is digital disruption. While I fear we are reaching a point of overuse of this term to the point it loses its meaning, the reality is emerging technologies will continue to change the way companies increase profitability by reducing costs and how they engage and meet changing customer expectations. Whether you are consumer facing or a B2B company, your customers’ expectations will shift as these new technologies weave into our daily life.
AI (tied to IOT and Robotics). While Artificial Intelligence is an overused term, the reality that deep machine learning will continue to improve is no longer science fiction. We are not far from the point that all of the things (refrigerators, thermostats, door bells, cars, your bed, house) are connected to a deep learning capacity and will begin to understand your needs and wants. Whatever business you are in, ask yourself what this does to your work force and what this does to your customer? What will they expect of you? And, which companies will have access and use all of that data? Is it Amazon, Google, IBM, Facebook, Microsoft, or other companies based outside the U.S. that could be controlled by other governments? If the answer frightens you, you should be further considering this issue with a team that can really think about a changing future. Retailers just now caught up with the Amazon threat. Health care is next. Don’t wait too long to ask yourself these questions.
Driverless Cars/Drones. This is the promise of the future, right? We will eliminate accidents when robots are driving the cars. We’ll eliminate wasted carbon emissions. We won’t have a need for all these parking lots and traffic will be reduced. We can have a hot pizza delivered to our door with a drone. But is it all it’s cracked up to be? How much power will be needed for these cars and who pays for it? What happens if there’s a cyber attack of your car while driving How many years will it take for people to actually give up their personal car? Will it create a further divide between the haves and the have nots or will it solve the problem? Could the government force you to give up your car? Will any element of privacy remain when your movements are fully tracked? What if a car or a drone is turned into a weapon? While there are certainly more questions than answers about the impact, the reality is that these problems will find solutions. While I don’t see this reality shifting in the next year or even three years given what will be needed, it’s one to keep your eye on and at least go through the exercise of asking how it could disrupt your industry and when.
Blockchain. Blockchain is another one that’s all the rage right now. Start ups throw blockchain into their offerings and raise money. Public companies put out a press release that they are working on blockchain and their stock price goes up. I wrote a book about this because I wanted to distinguish the hype from reality. The reality is, the blockchain platform as a way of tracking things (i.e. like a database) has the potential to disrupt every industry, particularly in supply chain and tracking of transactions. I’ve been traveling around the country speaking about blockchain to directors for the last six months and I learn as much from the questions they ask and what concerns them as I did in the research to write my book. There is an acceptance that blockchain could be as disruptive as the internet was and could require replacement of a lot of legacy systems. It could dramatically reduce costs (which also means eliminating a lot of jobs). It could be a better, more secure way to track food and save lives. However, there’s a lot of work to be done in solving technical issues and building policies and regulatory frameworks to facilitate that transformation. But that’s all been done before. Every organization should have a small team at least observing and considering the implications of blockchain. When the movement happens, it will happen quickly. You want to know what the impact is to your organization before it happens, not start learning about it out as industry dominance forces your hand or pushes you out of business.
For all of these new technologies, a really effective exercise is a benchmarking analysis. Compare yourself to your competitors and evaluate your supply chain for weaknesses. You can research what patents they have, what open source projects they participate in, study the reviews on their technologies and compare it to what you have. It’s a worthwhile annual exercise to give you a baseline understanding of what could disrupt you and where you stand. The results might surprise you.
The final driving force impacting your work force and your customer base are the big societal shifts we are all experiencing.
Gen X and Baby Boomers vs. Millennials & Gen Z. This one always gets a laugh in my board room education programs because we all understand this struggle between generations. Baby Boomers aren’t retiring while Gen Xers are being passed over for Millennial who don’t play by the old rules. Gen Z may come in and change the whole dynamic when they approach work differently than Millennial. In the c-suite and boardroom, it’s important to tap into how the different generations will be motivated and what you need to do to attract and retain the skills and talent you will need in the future. How will your sales and marketing adjust to the next generation of purchasers?
While the curtain has been pulled back on the social media wizard of oz and consumers are finally understanding the price they have paid for the “free” software, the genie is also out of the bottle. Social media is simply part of the fabric of our lives today. Whether teenagers choose to use Facebook, Instagram, Snapchat or other new and emerging platforms, social media will continue to be a driving force. It can be used effectively inside organizations, but with a bit of caution now that we see the dangers. How are you taking responsibility for your own company’s social media policies and considering how it will drive behavior in the future?
Workforce of the Future. Every company should be thinking about this right now. The workforce of the future will include more robots and devices connected to AI and potentially driven by a blockchain based database. The intersection of these new technologies will disrupt the workforce. New skills will be needed. Start thinking now about how you will train and develop a workforce and encourage local universities you recruit from to do the same. Skills such as adaptability, continual learning, communication and human resources for oversight of technology will all become increasingly important. How are you ensuring you have the talent and skills from you will need?
Privacy Expectations. People have come to accept that privacy is eroding, but at the same time may demand more of companies than ever before in protecting them. We see this playing out in Europe right now. Get prepared for more regulation.
It might seem overwhelming to consider all of these issues, but it is simply part of the job in the c-suite and board room in 2019. This is why investing in an analysis of how you measure up and a digital retreat for you board to get up to date on the latest issues and consider the factors influencing your business is so important. There are some tried and tested methodologies to break down these complex issues to identify and prioritize what you can really tackle and how you coordinate with other functions across the company to provide important checks and balances.
I call this exercise Digital Mapping where you have a small group ask key questions about how the driving forces will impact your employees and culture and what will happen with your competitors. I ask questions about how government and regulation could impact your business across these driving forces. I ask how the big experience influencers impact your work force and employees (i.e. Google, Facebook, Amazon, Uber). Consider how your vendors and suppliers will be impacted and what that does to you and finally, most importantly, how will your sales survive as these changes come? What do your customers want and need and how do you deliver that better than anyone else?
If you’re interested in learning more about how to be prepared for what lies ahead in 2019 through a benchmarking analysis or digital retreat, email me at firstname.lastname@example.org.
Jennifer Wolfe advises boards and c-suite executives on digital disruption and cyber security oversight. She has served as the CEO of Dot Brand 360 and has served as Managing Partner of prominent intellectual property and technology law firm, Wolfe, Sadler, Breen, Morasch & Colby. She is an NACD Governance Fellow, Certified in Cybersecurity Oversight, a Direct Women Institute and Stanford Director's College graduate. Her latest book, Blockchain in the Boardroom is a practical guide for directors and c-suite executives.