What is the state of the global economy, are we recovering?

I was invited recently to a meeting at one of the Central European Embassy’s to discuss some of the events across the pandemic and the state of the global economy.

These discussions are always a debate and subjective to one’s individual analysis, will all the global economists there were public health pandemic playbooks that were being followed with varying degrees of adherence, there was no economic playbook for this either.

The worst day of the covid-19 pandemic, at least from an economic perspective, was Good Friday. On April 10th, 2020 lockdowns in many countries were at their most severe, confining people to their homes and crushing activity. Global GDP that day was 20% lower than it would otherwise have been.

Since then, governments have lifted lockdowns. Economies have begun to recover. Analysts are penciling in global GDP growth of 7% or more in the third quarter of this year, compared with the second.

That may all sound remarkably v-shaped, but the world is still a long way from normal. Governments still continue to enforce social-distancing measures to keep the virus at bay. These reduce output—by allowing fewer diners in restaurants at a time, say, or banning spectators from sports arenas. People remain nervous about being infected. Economic uncertainty among both consumers and firms is near record highs—and this very probably explains companies’ reluctance to invest.

Calculations by Goldman Sachs, a bank, suggest that social-distancing measures continue to reduce global GDP by 7-8%—roughly in line with what The Economist argued in April, when we coined the term “90% economy” to describe what would happen once lockdowns began to be lifted. Yet although the global economy is operating at about nine-tenths capacity, there is a lot of variation between industries and countries. Some are doing relatively—and surprisingly—well, others dreadfully.

Take the respective performance of goods and services. Goods have bounced back fast. Global retail sales had recovered their pre-pandemic level by July, according to research by JPMorgan Chase, another bank. Armed with $2trn-worth of cash handouts from governments since the virus struck, consumers across the world have stocked up on things to make it bearable to be at home more often, from laptops to dumbbells, which partly explains why world trade has held up better than economists had expected. Global factory output has made up nearly all the ground it lost during the lockdowns.

And with all these considerations PwC has recently published a report that sets out their latest long-term global growth projections to 2050 for 32 of the largest economies in the world, accounting for around 85% of world GDP.

The key results state that the world economy could more than double in size by 2050, far outstripping population growth, due to continued technology-driven productivity improvements.
One of the most promising and commonly evoked vistas of the future centers on the dazzling potential of new technologies.

From that perspective, many of today’s profound problems, such as unemployment, malnutrition, disease, and global warming could be solved through the clever application of breakthroughs in computer science, genetic engineering, nano-device construction, and new materials creation. These hopes are not unlike those of a century ago when the development and diffusion of technologies such as electricity, the radio, and the internal combustion engine promised a new era of human well-being. With the benefit of hindsight, however, it is clear that realizing the potential of late 19th century new technologies required major economic and social transformations.

Extending breakthroughs beyond the inventor’s lab, imagining new applications, realizing broad diffusion of initially unfamiliar technology, and achieving deep integration of cutting-edge techniques – all of these processes were both protracted and difficult. In the end, many landmarks had to be changed, from where and how people lived to what and how firms produced. This in turn entailed the overthrow of old patterns, entrenched expectations, and accepted “common sense” notions – not to mention established management theories and hardened political realities.

What is striking is that similarly dramatic transformations, economy- and society-wide, seem once again to be a realistic prospect. Although there have certainly been other periods in recent history when the outlook for humankind was filled with promise, the current conjuncture constitutes one of those rare moments when a confluence of diverse and numerous developments generates new, potentially radical opportunities.

These are not a foregone conclusion, for the necessary policies are highly ambitious and only just on the horizon for decision-makers. But The Future of the Global Economy: Towards a Long Boom? the fact remains that humanity could reap huge rewards if it is ready to undertake equally significant changes. Two factors largely account for that unconventionally strong conclusion – one is methodological, the other conjunctural.

First, the analytical method adopted here for exploring long-term possibilities is neither partial nor linear, characteristics common and justified for shorter-term forecasting. A systemic and interdisciplinary approach is what enables the identification of opportunities for more radical evolutionary and intentional transformations.

Secondly, on the basis of this methodology, it becomes apparent that the current historical conjuncture – with its specific technological, economic and social developments – holds the seeds that could blossom into a period of above-average growth. Some may attribute the sense of exceptional opportunity to end-of-century jitters and obligatory optimism by governments at the launch of a new millennium.

Such skepticism is only natural. However, the assessment offered over the following pages tends to confirm the view that the historical door is now open to both a dramatic wave of socio-technical dynamism and the rapid pace of expansion that characterizes a long boom.

In the shorter term, the global economy is set to expand 5.6 percent in 2021—its strongest post-recession pace in 80 years. This recovery is uneven and largely reflects sharp rebounds in some major economies—most notably the United States, owing to substantial fiscal support—amid highly unequal vaccine access.

In many emerging markets and developing economies (EMDEs), elevated COVID-19 caseloads, obstacles to vaccination, and a partial withdrawal of macroeconomic support are offsetting some of the benefits of strengthening external demand and elevated commodity prices. By 2022, global output will remain about 2 percent below pre-pandemic projections, and per capita income losses incurred last year will not be fully unwound in about two-thirds of EMDEs.

The global outlook remains subject to significant downside risks, which include the possibility of large COVID-19 waves in the context of new virus variants and financial stress amid high EMDE debt levels. Controlling the pandemic at the global level will require more equitable vaccine distribution, especially for low-income countries.

The legacies of the pandemic exacerbate the challenges facing policymakers as they balance the need to support the recovery while safeguarding price stability and fiscal sustainability. As the recovery becomes more entrenched, policymakers also need to continue efforts toward promoting growth-enhancing reforms and steering their economies onto a green, resilient, and inclusive development path.

The recovery is envisioned to continue into 2022, with global growth moderating to 4.3 percent. Still, by 2022, global GDP is expected to remain 1.8 percent below pre-pandemic projections.

Compared to recoveries from previous global recessions, the current cycle is notably uneven, with per capita GDP in many EMDEs remaining below pre-pandemic peaks for an extended period.

In advanced economies, the rebound is expected to accelerate in the second half of 2021 as a broader set of economies pursue widespread vaccination and gradually reopen, with growth forecast to reach 5.4 percent this year—its fastest pace in nearly five decades. Growth is projected to moderate to 4 percent in 2022, partly as fiscal support in the United States begins to recede absent additional legislation.

The global recovery could prove more robust and broad-based than expected and sustain a long boom. For instance, the policy-supported surge in global growth in 2021, coupled with faster and more equitable global vaccination, could catalyze a self-sustaining period of rapid growth in which the private sector becomes a powerful engine of growth starting in 2022. In effect, strong pro-cyclical policy support would trigger a process of “reverse hysteresis” in which a robust cyclical upturn lifts long-run growth prospects.

In particular, this scenario envisages that technological adoption would accelerate, along with rising investment and labor force participation, causing the potential output to strengthen.

Starting in the first quarter of 2022, total factor productivity growth in advanced economies would accelerate to levels similar to those seen during previous episodes of productivity surges, as corporations deepen their use of digital technologies and work from home policies adopted during the pandemic.

Knowledge spillovers and faster installation of new productive capital would also raise productivity in other countries. h At the same time, this scenario assumes that EMDE policymakers, faced with high levels of sovereign debt and slowing long-run growth prospects, implement growth-enhancing reforms, including reforms to strengthen economic governance, diversify economies reliant on commodities or tourism, and facilitate the reallocation of resources towards more productive activities.

This comprehensive package of reforms would raise EMDE’s potential output growth gradually starting in 2022. Consumer confidence would surge, anchoring strong private consumption growth as consumers rapidly draw down their savings.

At the same time, rising potential output and well-anchored inflation expectations would help keep inflationary pressures in check, allowing advanced economy central banks to keep monetary policy accommodative for a prolonged period. In turn, continued monetary accommodation would support investment and consumption by alleviating debt service burdens and supporting asset prices.

Growth in advanced economies would remain near 5 percent in 2022 before slowing to a still-strong 3.1 percent in 2023. The investment- and productivity-driven growth in advanced economy growth would have greater spillovers to EMDEs, boosting export demand while ensuring that global financial conditions remain benign. As a result, EMDEs would experience a robust expansion, with growth averaging over 5 percent in 2022 and 2023—0.6 percentage points higher on average than in the baseline scenario. Overall, global growth would be notably stronger, averaging 4.4 percent over 2022-23 compared to 3.7 percent in the baseline scenario.

One further consideration is ESG investing with an emphasis on private finance and investment towards long-term value creation. There are forward priorities and actions for market participants and policymakers to address such shortcomings, particularly around the urgent need for consistent, comparable, and verifiable ESG data.

Current market practices, from ratings to disclosures and individual metrics, present a fragmented and inconsistent view of ESG risks and performance. ESG ratings and investment approaches are constructive in concept and potentially useful in driving the disclosure of valuable information on how companies are managed and operated in reference to long-term value creation. To this end, investors looking to manage ESG factors, particularly large diversified institutions, typically rely on external service providers of indices and ratings as a cost-effective means to guide the composition of ESG portfolios.

However, the lack of standardized reporting practices and low transparency in ESG rating methodologies limit comparability and the integration of sustainability factors into the investment decision process. The link between ESG performance and financial materiality is also ill-defined, with little evidence of superior risk-adjusted returns of ESG investments over the past decade.

This fragmentation and incomparability may not serve investors in assessing performance against general ESG goals, or targeted objectives such as enhanced management of climate risks. The relationship between Environmental (“E”) scores and carbon emission exposures is highly variable within and between ratings. In some cases, high “E” scores correlate positively with high carbon emissions, due to the multitude of diverse metrics on different environmental factors and the weighting of those factors.

This illustrates the broad challenges in ESG investing, but also the specific difficulties facing investors looking to consider both financial and environmental materiality. It also underlines how current ESG tools cannot be relied on to manage various climate risks, or to green the financial system, at a time when these are rising priorities for investors and policymakers alike.

Fiduciaries such as asset managers and boards should be managing material ESG risks in a way that supports long-term value creation – but are not necessarily getting the data and information they need to do so.

The OECD’s global survey of pension funds and insurers reveals the growing consideration of ESG risk factors in portfolios, the extent to which such institutional investors rely on external ESG data and service providers, and reiterates the challenges mentioned above in reference to investor experiences. These challenges extend to infrastructure financing, where the investment horizons of institutional investors and the nature of the assets increase exposure to longer-term sustainability risks.

For corporations, managing and disclosing ESG performance and related risks are no different from their interest in managing and disclosing other material information as a key function of corporate governance.

Effective disclosures are important to the communication of forward-looking, financially material information, but practices remain at an early stage. Inconsistent disclosure requirements and fragmented ESG frameworks mean both institutional investors and corporates encounter difficulties when communicating ESG-related decisions, strategies, and performance criteria to beneficiaries and shareholders respectively.

This in turn makes it hard for beneficiaries to assess how their savings are used, and for companies to attract financing at a competitive cost that fully considers ESG factors. There is also an implicit ESG scoring bias in favor of larger companies and larger, advanced markets, which could affect the relative cost of capital and corporate reputation of companies outside of these groups, which is due in part to the high cost of ESG disclosure.

Banks are also looking to scale up ESG integration in lending transactions but also face capacity, competition, and data challenges. Given the scale and significance of lending and underwriting activities globally, stronger due diligence in reference to ESG risks would help align global capital with activities that avoid negative impacts on society and the environment and enhance resilience in the financial sector, including climate-related risks. To this end, banks would benefit from enhanced ESG risk management practices and sustainability reporting in their lending activities, and the development of metrics and methodologies to facilitate meaningful measurement of ESG risk.

Governments have levers available to drive better ESG outcomes as both enterprise owners and as investors. Around one-fourth of the largest global companies are entirely or largely state-owned enterprises (SOEs), and these companies can and should serve not only long-term value but also the fulfillment of widely held public policy priorities, including sustainability measures. SOEs tend to have higher ESG scores than private companies, but this is not a given and depends in part on state ownership policy. A case study into the energy sector demonstrates how state ownership has sometimes been an obstacle to sustainability goals, such as the low-carbon transition, because of political concerns over the value of energy assets.

If left unaddressed, challenges in ESG investing could undermine investor confidence in ESG scores, indices, and portfolios. Developments and progress in ESG practices to date are promising, and they have the potential to be valuable, mainstream tools to manage risk, to align incentives and prices with long-term value, and to lessen the impact of future shocks like climate impacts or future pandemics. They can also be a valuable input into policymaking, by better articulating what the market can and should deliver in terms of public outcomes, and what kind of further government intervention is needed to meet stated policy objectives. Taken together, the chapters of this Outlook conclude more needs to be done to fully harness this potential.

There are clear priority areas for policy action in facilitating fit-for-purpose data and disclosures in ESG investing. Greater attention and efforts are needed by regulators and authorities – including through guidance and regulatory requirements – to improve transparency, international consistency, alignment with materiality, and clarity in strategies as they relate to sustainable finance. This extends to the appropriate labeling of ESG products, with information that delineates the financial and social investing aspects of ESG investing.

At the same time, existing frameworks and policy instruments can drive better ESG outcomes and provide a solid foundation for reform. Closer adherence to, and wider implementation of, OECD standards, policy guidance, and international best practices can already address some of the challenges described in this Outlook, especially around the assessment of risk and disclosure of material information. Key examples include the G20/OECD Principles of Corporate Governance, the OECD Guidelines on Corporate Governance of State-Owned Enterprises, and the Guidelines for Multinational Enterprises and accompanying guidance, with specific guidance on Responsible Business Conduct for Institutional Investors and Due Diligence for Responsible Corporate Lending and Securities Underwriting.

Close engagement and cooperation between jurisdictions and with the financial industry are needed to strengthen the policy environment and drive better outcomes in ESG investing. Regulators of large jurisdictions with developed financial markets are already engaging on these very topics, and making good progress. However, capital markets are global in reach, as are many of the environmental, social, and governance factors ESG practices seek to assess and manage. Therefore, global principles are needed to help establish good practices that acknowledge regional and national differences, while ensuring a constructive level of consistency, transparency, and trust.

Final thought; businesses have spent much of the past nine months scrambling to adapt to extraordinary circumstances. While the fight against the COVID-19 pandemic is not yet won, with a vaccine implementation in sight, there is at least a faint light at the end of the tunnel—along with the hope that another train isn’t heading our way.

2021 will be the year of transition. Barring any unexpected catastrophes, individuals, businesses, and society can start to look forward to shaping their futures rather than just grinding through the present. The next normal is going to be different. It will not mean going back to the conditions that prevailed in 2019. Indeed, just as the terms “prewar” and “postwar” are commonly used to describe the 20th century, generations to come will likely discuss the pre-COVID-19 and post-COVID-19 eras.

For business leaders, this is an urgent call to action, too. It’s now that strategic moves will be made to propel companies ahead of these megatrends; it’s now that the direction will be set for years to come; and it’s now that many organizations, “unfrozen” by the pandemic, are ready to adapt to the new requirements for future success. Plenty of business leaders are already eagerly stepping up to help shape our societies and build a new age of health and prosperity for all. Many more will have to join the fight.

This is a true strategy moment for governments and businesses alike, a chance to set the switches for the next decade, there really is no playbook, and for some, this could be a long boom, for others it could well be failure. Depending on their choices, the outcomes could not be more different.

The trauma of this pandemic will be with us for a long time to come. The big question for humanity is whether we can now turn this crisis into a pivotal moment, where we harness the innovations, the new insights, and the crisis-fortified determination to improve the world. The time for these choices is now. It’s up to all of us whether we will move into the 2020s with a new paradigm for safeguarding lives and livelihoods: a new age of health and prosperity for all.

As Jimmy Dean once said: “I can’t change the direction of the wind, but I can adjust my sails to always reach my destination.”

Sources:
https://www.worldbank.org/en/publication/global-economic-prospects
https://www.oecd.org/finance/oecd-business-and-finance-outlook-26172577.htm

Stop Band-aiding your Cyber risk strategy with training

It wasn’t too long ago that sophisticated executives could have long, thoughtful discussions on technology strategy without even mentioning security. Today, companies have substantial assets and value manifested in digital form, and they are deeply connected to global technology networks – even as cyber attackers become ever more sophisticated and adaptable to defenses.

At most companies, boards and senior executives acknowledge the serious threats that cyberattacks pose to their business. What they are not sure of is how to create a strategy that helps them understand and address the threats, in all their forms, today and in the years ahead. And they’re asking for such a strategy every day.

Increasingly, the online world has grown complex and threatening. Many organizations are finding it hard to reconcile the level of their cybersecurity innovation investments with the cyber resilience outcomes for their business. Even worse, choosing the wrong strategy to invest in cybersecurity technologies can cost the organization far more than wasted cash; it can damage an organization’s brand, reputation, and future prosperity.

Both C-suite and security professionals should feel encouraged. Investment in innovation is increasing and managing the basics appears to be better. But scratch below the surface and there are hidden threats. Organizations face unsustainable costs, and security investments are often failing for the majority. With low detection rates and slow recovery times, it is important to find out what the leading organizations are doing differently to achieve cyber resilience. The good news is that most organizations, on average, spend 10.9 percent of their IT budgets on cybersecurity programs.

Leaders spend slightly more at 11.2 percent which is insufficient to account for their dramatically higher levels of performance. And their investments in advanced technologies, such as artificial intelligence, machine learning or robotic process automation, are rising substantially. Today, 84 percent of organizations spend more than 20 percent of their cybersecurity budgets on tools that use these three technologies as fundamental components. The finding represents a good step up from the 67 percent being spent three years ago. The increase is even more impressive with respect to the leaders. Three years ago, only 41 percent of leaders were spending more than 20 percent of their cybersecurity budgets on advanced technologies. Today, that has doubled, to 82 percent.

At first glance, the basics of cybersecurity are improving and cyber resilience is on the rise. The latest research in the market shows that most organizations are getting better at preventing direct cyberattacks. But in the shape-shifting world of cybersecurity, attackers have already moved on to indirect targets, such as vendors and other third parties in the supply chain. It is a situation that creates new battlegrounds even before they have mastered the fight in their own backyard.

At the same time, cybersecurity cost increases are reaching unsustainable levels and, despite the hefty price tags, security investments often fail to deliver. As a result, many organizations face a tipping point. There is good news for organizations wondering if they will ever move beyond simply gaining ground on the cyber attacker. Analysis by Accenture reveals there is a group of standout organizations that appear to have cracked the cybersecurity code for innovation.

The BBC recently reported that researchers have discovered major security flaws—which affect flood defenses, radiation detection, and traffic monitoring—in the infrastructure for major cities in the United States and Europe. Of those flaws, nearly ten are deemed “critical,” meaning that a cyberattack on these systems would have a debilitating impact on essential infrastructure, including power grids, water treatment facilities, and other large-scale systems. It seems like the stuff of disaster films: A major city loses power. Huge amounts of the population panic. The roads clog. Planes are grounded. Coordinating a rescue effort— even communicating with the public—would be a colossal task.

Detailed modeling of cybersecurity performance has identified two distinct groups: the first an elite group—17 percent—that achieve significantly higher levels of performance compared to the rest. These organizations set the bar for innovation and achieve high-performing cyber resilience. The second is the group forming the vast majority of our sample—74 percent—who are average performers, but far from being laggards in cyber resilience. This second group has lessons to learn from leaders while leaders, too, have further room for improvement.

Being innovative in security is different from any other aspect of the business. Caution is necessary. After all, a fail-fast approach is not an option for security where attack vulnerabilities could be catastrophic. Growing investments in innovation illustrate organizations’ commitment to prevention and damage limitation. And it is here that leaders excel. By focusing on the technologies that provide the greatest benefit and sustaining what they have, they are finding themselves moving fast and first in the race to cyber resilience.

What is one key to secure innovation?

Companies are using all kinds of sophisticated technologies and techniques to protect critical business assets. But the most important factor in any cybersecurity program is trust. It undergirds all the decisions executives make about tools, talent, and processes. Senior business leaders and the board may see cybersecurity as a priority only when an intrusion occurs, for instance, while the chief security officer and his team view security as an everyday priority, as even the most routine website transactions present potential holes to be exploited.

Leaders now show us that they scale, train and collaborate more. So, while non-leaders measure their success by focusing on the destination— improved cyber resilience—the leaders focus on how to get there using warp speed to detect, mobilize and remediate.

IBM Survey: Pandemic-Induced Digital Reliance Creates Lingering Security Side Effects” – IBM, 15 June 2021.
Individuals created 15 new accounts on average during the pandemic, with 82% reusing passwords across accounts. According to the report, user behavior showed strong preferences for convenience outweighing security and privacy concerns, leading to poor choices around passwords and other cybersecurity behaviors. This lax user approach to security, combined with rapid digital transformation by businesses during the pandemic poses a big risk to companies and provides attackers with further opportunities to propagate cyberattacks across industries. These poor personal security habits carry over to the workplace.

RockYou 2021: largest password compilation of all time leaked online with 8.4 billion entries” – Cybernews, 7 June 2021.
A massive 100 gigabyte text file containing 8.4 billion entries and passwords that was combined from previous data leaks and breaches was published on a popular hacker forum.

Hackers Breached Colonial Pipeline Using Compromised Password”Bloomberg – June 4, 2021.
Investigators suspect hackers got the password from a dark web leak. Hackers gained entry into the Colonial Pipeline networks through a dormant virtual private network account that was no longer in use at the time of the attack but could be used to access their network. This account’s passwords have been leaked with a batch of other passwords on the dark web. This account also used a simple username and password without any other means for authentication. The hackers also stole nearly 100 gigabytes of data which they threatened to leak if the ransom wasn’t paid. This hack caused a shutdown of the pipeline causing a fuel crisis on the East Coast. This shutdown lasted more than a week.

“SolarWinds hack was ‘largest and most sophisticated attack’ ever: Microsoft president” – Reuters, 14 Feb 2021.
The SolarWinds attack Hackers compromised a routine software update that gave them access to potentially up to 18,000 companies and government institutions globally. The hackers roamed around the networks of these companies for nine months before they were finally discovered. It will take months to identify the compromised systems and shut down the breaches. The breach of customer systems came through a small software vendor in the supply chain.

The above is just a couple of the recent examples of cyber breaches, from very sophisticated breaches such as the SolarWinds breach to less sophisticated breaches causing weeklong shutdowns in the Colonial Pipeline example. The hacks and breaches are becoming more frequent and more costly as attach surfaces are growing across the full supply and value chains of companies.

52% of email users failed to detect an actual phishing email. GreatHorn survey, September 2020.

Looking at these large-scale breaches, and trends that the attack surfaces are now extended throughout a companies’ supply and value chains, this puts companies at increased risk and it is clear that there is still a lot more work to be done when it comes to Cyber Risk management.

Yet, most companies still rely on the basis of employee training on phishing, basic pen testing, updating and creating more policies, more training on the policies, and some aspects of multi-factor authentication and VPN’s to try and secure the companies’ information systems.

Why do most companies still think this approach is enough and the responsibility of the IT and the Risk teams in the organization?

THIS IS NO LONGER A SUSTAINABLE APPROACH!

With the increased risk of the business being shut down for days and weeks on end due to ransomware attacks, stricter data privacy legislation and resulting fines, the cost to the business when an attack happens can potentially cripple the business for years to come or potentially shut the business down.

So, what do companies need to look at or change?

Let’s look at this question based on the current top trends around Cyber Risk to companies.

  • Ransomware continues to be one of the top threats to companies. The predominant way hackers gain access is still through phishing and simple password access. Operational processes of on- and off-boarding of employees, vendors, contractors across the company’s business network become critical. This requires a review of all digital touchpoints of all users across all systems in the company and reviewing if the security technology in place addresses the risk sufficiently. The fewer manual processes to manage digital credentials across all these touchpoints, the better. Multi-factor and zero-trust-based authentication is a must and all simple username and passwords credentials usage need to be eradicated across all systems.
  • Supply Chain attacks are growing and increasing the risk of attacks through a vendor or partner’s system that is integrated into the company’s information systems. This requires a cyber approval plan and constant auditing of the vendor and partner systems as it relates to all the digital touchpoints of their software or systems into the company’s networks and information systems.
  • The way we work has changed with a larger remote work force whose home networks and systems are outside the “Secure” corporate environment creating a higher risk of hacker access through unsecured wireless networks. The user behavior changes of more lax approaches to security and data privacy require more training and awareness and the potential deployment of additional security technologies to provide better security to the remote worker’s home networks. This also will require a review of the company’s overall policies on bring-your-own-device, employee conduct and how to govern employee behaviors. Security has now also become an HR matter.
  • Stricter compliance. The SolarWinds attack prompted new US government legislation and requirements being drafted with stricter compliance and standards around investigations of cyber events and standards for software development for companies dealing with government institutions. Companies will require CMCC (Cybersecurity Maturity Model Certification) control standards for companies working with Government institutions in the US. This model encompasses multiple domains, processes for each of these domains, capabilities and practices that measure a contractor’s capabilities, readiness and sophistication in the area of cybersecurity. New compliance standards will drive up the cost of doing business in much bigger ways than what Sarbanes Oxley has done for corporate financial reporting.
  • Stricter data and privacy legislation with more punitive fines. This requires a full evaluation of data vulnerabilities throughout the company as well as the company’s supply chain and coming up with clear plans and strategies on how to mitigate these.

Cyber Security is no longer just a “nuisance” add-on or cost. It needs to form a clear part of a company’s strategy and has become a key cornerstone in the Digital strategy of the company.

With the dawning era of The Internet of Things (IOT), cybersecurity affects the entire business model. Adequately addressing the threat means bringing together several business perspectives – including the market, the customer, production, and IT. Most often, the CEO is the only leader with the authority to make cybersecurity a priority across all of these areas. We believe that the issue of cybersecurity in many cases will require senior executive or even CEO initiative.

It is time to re-draw plans based on zero trust security principles and establish clear frameworks from the top down throughout all groups of the organization for monitoring, controlling, detecting, mitigating and responding to the increasing cyber threat.

As we have discussed earlier, as soon as one breach avenue has been foiled, attackers are quick to find other means. With the growth in indirect attacks, the spotlight falls on protecting third parties and other partners. But there are enormous challenges in managing third-party cyber risks. Large volumes of data can overwhelm the teams responsible for managing compliance.

The complexities of global supply chains, including the regulatory demands of various regions or countries, add to the strain. In our experience, many CISOs feel that the sizable number of vendors outstrips their capacity to monitor them. Given finite security resources, there is value in a data-driven, business-focused, tiered-risk approach to secure the enterprise ecosystem. This may mean introducing managed services to help the organization tackle the wider scope and scale.

By collaborating more broadly with others with the common goal of securing the enterprise and its ecosystem, organizations can not only play a responsible role in helping their smaller partners to beat cybercrime, but also they can be sure they are not bolting the front door from attackers while leaving the back door wide open.

A core group of leaders has shown that cyber resilience is achievable and can be reproduced. By investing for operational speed, driving value from these investments, and sustaining what they have, they are well on the way to mastering cybersecurity execution. Leaders often take a more considered approach to their use of advanced technologies by choosing those which help deliver the speed of detection and response they need to reduce the impact of cyberattacks.

And once they do decide to invest, they scale fast—the number of leaders spending more than one-fifth of their budget in advanced technologies has doubled in the last three years. The combined result is a new level of confidence from leaders in their ability to extract more value from these investments— and by doing so, exceed the performance levels of the non-leaders.

With two out of five cyberattacks now indirect, organizations must look beyond their own four walls to their broader business ecosystems. They should become masters of cybersecurity execution by stopping more attacks, finding and fixing breaches faster and reducing breach impact. In this way, they can not only realize security innovation success but also achieve greater cyber resilience.

Finally, cybersecurity remains much talked about, yet underleveraged as a differentiating factor on the business side. With the advent of the IoT, there is a real opportunity to move ahead and designate the security of products, production process, and platforms as a strategic priority. The breadth of the challenge spans the entire supply chain and the whole product lifecycle and includes both the regulatory and the communication strategy. For CEOs in leading IoT and Digital organizations, we believe cybersecurity should be at the top of the agenda until rigorous processes are in place, resilience is established, and mindsets are transformed.

As Stephane Nappo, Global Head Information Security for Société Générale International once said:

“The Internet of Things (IoT) devoid of comprehensive security management is tantamount to the Internet of Threats. Apply open collaborative innovation, systems thinking & zero-trust security models to design IoT ecosystems that generate and capture value in value chains of the Internet of Things.”

 

This article is the expressed opinions and collaboration between two senior-level industry board professionals on their views and perceptions on the subject matter:

MARIA PIENAAR CTIO, Corporate Innovation, Digital Transformation, Investor Private Company Board Director & Advisor Maria propels growth by speeding up discovery for companies whose leaders are frustrated by the slow pace of innovation.

Being a master networker, she extracts strategic value through tapping the latent creativity of teams and customers and catalyzes partnerships with highly innovative organizations. Her diverse leadership roles in global 100 and startup companies enable her to see the end-to-end picture and plot the most effective course for designing, launching and scaling new products and services for companies, driving customer growth. Maria co-founded Blue Label Ventures, a Corporate VC focussing on investments in Digital Health, IOT, Cyber Security, Fintech (incl. InsurTech).

Prior she was CIO at Cell C, a challenger mobile carrier, and prior held various leadership roles in Business Development, Go-to-Market Strategy, Strategic Partner Management and Product Marketing for Lucent, Nokia, Vodafone, Globalstar and various startups. Maria holds a BSC in engineering.

LinkedIn: Profile

Geoff Hudson-Searle is an independent non-executive director across regulation, technology and internet security, C-Suite executive on private and listed companies, and serial business advisor for growth-phase tech companies.

With more than 30 years’ experience in international business and management. He is the author of five books and lectures at business forums, conferences and universities. He has been the focus of TEDx and RT Europe’s business documentary across various thought leadership topics and his authorisms.

Geoff is a member and fellow of the Institute of Directors; associate of The International Business Institute of Management; a co-founder and board member of the Neustar International Security Council (NISC); and a distinguished member of the Advisory Council for The Global Cyber Academy.

He holds a master’s degree in business administration. Rated by Agilience as a Top 250 Harvard Business School thought leader authority covering blogs and writing across; ‘Strategic Management’ and ‘Management Consulting’, Geoff has worked on strategic growth, strategy, operations, finance, international development, growth and scale-up advisory programs for the British Government, Citibank, Kaspersky, BT and Barclays among others.

LinkedIn: Profile

Guest-blog: Scott Hunter discusses the importance of Five High Impact L&D Ideas on a Shoestring Budget

Scott Hunter

Today’s leadership development landscape demands employees adapt to constant change. In order for organizations to take on the pressing need of reskilling and upskilling, it’s critical they’re immersed in a culture of learning. However, the way we learn is changing: employees want control of their own learning, yet they also want guidance and support from managers and learning and development teams.

The uncertain economic environment of the past few years has had a significant impact on the resources available for learning and development in many organisations. This year we are starting to see signs of greater L&D investment in parts of the private sector, but pressure on resources remains an issue for many and workloads are high. This squeeze on resources, combined with an increasing shortage of key skills, means the need for effective, targeted L&D will continue to grow.

Currently many are held back by a lack of confidence, knowledge and insight around how to harness technological tools to improve their learning and development interventions. L&D needs to build skills and expertise in this area to profit from new innovations that meet business requirements and the demands of learners.

The L&D profession faces a stimulating and challenging future in meeting organisational and learner requirements in fast-paced and busy environments. L&D teams need to continue to work collaboratively across the organisation to ensure that current and future business needs are met and that L&D is agile, effective and timely. Technological developments and emerging insights from other disciplines have great potential to aid this process – but only if the capability to exploit these tools and techniques is developed concurrently. We, therefore, need to keep an eye on the future, to understand the evolving learning landscape, while continuing to build the professional competencies we need today to drive and sustain organisational success.

Today I have the distinct pleasure of introducing another Guest Blogger, Scott Hunter, Scott is a specialist in personal influence and creative thinking.

Scott works in an exciting and ever-changing world, faced with new challenges and opportunities. Organisations today are in desperate need of creating agility and a more open capacity to learn. They need innovative solutions to meet the ever-increasing demand for change, requiring a new approach.

There is an opportunity for a holistic approach to learning and change to come to the fore. There is more demand than ever for learning that engages, adds value, drives performance and reignites organisational values and purpose.

Scott has been involved in learning for over 20 years, experiencing the good, the bad and the downright ugly. Over the last 5 years, he has focused on the changing landscape of learning and finding new ways to create development opportunities and learner journeys outside of the normal approaches.

Scott is going to talk to us about the importance of innovative learning and development and the ‘Five High Impact L&D Ideas on a Shoestring Budget’.

Thank you, Geoff, it is a pleasure to collaborate with you on this important subject.

L&D is often under budgetary and time pressures, with an ever-increasing demand to deliver solutions. This can appear like a never-ending challenge to meet these seemingly paradoxical pressures of developing employees with less money and time.

I would argue, that these challenges can be an opportunity for L&D to have an organisational wide impact, for L&D to help change the perception of what learning is within organisations. Using innovative solutions, it can be possible to guide learning in the organisation that align with business objectives and share accountability.

Learning cannot be detached from performance and, to achieve this, it is important to identify the environmental issues that need to be considered. It is not enough to just introduce new L&D activities and solutions, without considering the requirements needed to help support and the practice of new skills/behaviours in the workplace.

Here are 5 ideas for learning solutions that can be delivered with little financial or time investment from L&D, the participants or the organisation. Included are some thoughts on each idea and some potential environmental considerations for them to deliver the biggest impact.

1. Dragon’s Den (Shark Tank)

Elvin Turner, in his book ‘Be Less Zombie’, describes experiments as the rocket fuel of innovation and, let’s be honest, which organisation doesn’t want more innovation at the moment.

Experiments enable organisations to explore possible innovation, with minimal financial or time investment. They enable innovation to become less risky and more data and evidence-driven.

This is based on the Dragon’s Den TV show.

Once a month/quarter, an employee can pitch their innovation-ideas to a panel of managers in the organisation.

If the managers like the pitch, they can then agree to invest a small amount for the employee to run an experiment to test the assumptions their innovation is based upon.

To meet the criteria of an experiment it should be:

• Small
• Cheap
• Fast
• Designed for learning

This provides an ability to maximise learning with the minimum commitment of resources. Each iteration and development of the innovation is supported by data demonstrating the potential after every step.

It also provides information that can create clarity on actions or directions that will not be beneficial to the organisation.

Some of the advantages of this L&D activity:

• Increases employee understanding of the organisation
• Develops critical skills required for leadership
• Aligns innovation energy towards tangible benefits for the organisation
• Creates deeper insights into opportunities
• Creates knowledge that can be used across the organisation to make evidenced improvements
• Encourages collaboration across the organisation

Environmental considerations

• Leaders being open to the ideas from employees
• Supporting the experimentation during work time
• Reward and recognition of employees in line with learning
• Supporting employees in developing pitches
• Support in designing experimentation and metrics
• Allowing employees to be involved in the projects

2. Work Based Projects

Work-based projects can be used to align employee learning efforts to strategically identified outcomes. Creating opportunities that have tangible business outcomes. Creating the environment where employees can participate and learn simultaneously provide huge benefits.

Projects are ongoing within organisations on a regular basis and are great opportunities for employees to practice the skills/behaviours identified. These projects can be existing ones, or they can be created to specifically support the application of skills/behaviour from a programme, such as a leadership programme.

The use of projects can provide an evaluation of the application of learning, the behaviour of participants and the application of skills in a real business environment. This provides the opportunity for specific and data-rich analysis of the programme and its impact.

Some advantages of this L&D activity:

• Provides opportunities to practice skills and behaviours in a real business environment
• Provides rich data to evaluate the programme and participants
• Links tangible business outcomes to the L&D activity
• Provides the opportunity to test organisations processes and procedures
• Develops a deeper understanding of the organisation
• Encourages collaboration and cross-functional/department working
• Develop leadership skills

Environmental considerations

• Leaders support in providing time to be involved in projects
• Clarity on the deliverable of project and provision of sufficient resources
• Agreement and collection of suitable and relevant metrics
• Ongoing support and feedback during the project

3. Peer to Peer feedback sessions

The power of feedback has been well documented and is an integral aspect of performance management and coaching. However, I would suggest that most of the interactions and observations of our work are with our peers.

It seems, therefore, that gaining feedback from peers can be a great source of information to for areas of improvement, and recognition. The use of peer to peer feedback can create a more open and transparent working environment.

Also, it can provide insights into behavioural aspects of performance, which can often be missed in more traditional performance management approaches.

It can work in an organic way, where feedback is in line with recent observations and requests. Or it can be guided, perhaps to provide feedback to specific behavioural requirements of the organisation.

One example could be, that putting customers first and excellence are key pillars of the organisational strategy. L&D could then provide guidance on what areas to observe and provide feedback on during the peer to peer sessions. This links ongoing organisational feedback with identified strategic outcomes of the organisation.

Potential advantages of this L&D activity:

• Improved performance across the organisation
• Improved relationships
• Improved teamwork and communication
• Alignment of feedback to organisational outcomes
• Support delivery of behavioural change in the workplace

Some environmental considerations

• Support of peer to peer feedback in the performance management process
• Review reward and recognition policies and processes
• Support with guidelines on providing and receiving feedback
• Support from line managers to encourage the process
• Agree metrics for uptake and impact

4. Skills-based video channel

Employees want to be able to do what they need when they need it, lack of specific and often little pieces of information can create unnecessary delays. An example may be needing to create a pivot table in Excel.

Normally this may require an employee to find someone who knows how to do this and then ask them to show them. This is time-consuming and an inefficient method of knowledge sharing.

L&D can create a video channel that is dedicated to micro explainer videos of skills that are often required within the organisation. Working with line managers, L&D can identify employees who have these skills and approach them to create explainer videos.

These videos can then be tagged and hosted on an in-house server, or externally such as a closed YouTube or Vimeo channel. Content can be updated, as and when it becomes clear that skills are required, or an employee has a skill that could be beneficial.

This will provide employees with a searchable and accessible resource of skills and information, which they can easily use at the point of need.

The content could also be highlighted to groups in their employee life cycle as it may become useful. Such as reminders about interview skills, tips for performance management could be provided to line managers in the run-up to scheduled performance management reviews and assessments.

Potential benefits of this L&D solution:

• Provide access to skills as and when required
• Reduce potential delays, improve productivity
• Increase motivation and value for those employees selected to provide content
• Flexible content that is adaptable to organisational needs
• Reduce dependence on training courses, saving time and finances
• Reduce time away from work of subject matter experts

Environmental issues

• Access to the appropriate server to host videos and allow organisation-wide access
• Review reward and recognition for those submitting content
• Provide feedback for content generation
• Support of leadership in creating content
• Ensure compliance with appropriate copyright and licensing requirements
• Communication of resource

5. Microlearning activities

Microlearning is all around us and used in everyday life; allowing employees to consume information and learning quickly and effectively.

These activities can be directly linked to skills or behaviours that are required to deliver team/organisation outcomes. This provides flexibility to create content that can be delivered within specific areas of the organisation, or across the whole organisation.

These can be scheduled and used as stand-alone actions or can be used to support other programmes or initiatives.

In the ‘Influence to Innovate’ coaching programme we provide individual and group microlearning activities. One example is called ‘Lip Sync’ which was designed to help develop better listening skills. Below is an outline of the activity.

Title

Lip Sync

Rationale

To build trust, one of the most important dimensions is selflessness. However, in conversations, we often interrupt and speak over others. This demonstrates that we are more interested in what we have to say rather than what others are saying. This damages our reputation and decreases the trust others have in us.

How to Play

• During your day, when you’re invited into a conversation, pay attention to the lips of the others.
• As soon as their lips move, you must ‘Lip Sync’ by not moving your lips and letting others speak.
• Your objective today is to ‘Lip Sync’ as often as possible, ensuring that your lips do not move at the same time as others

Reflection

At the end of the day, take some time to reflect back and answer the following questions:

• What were the differences in conversations when you managed to ‘Lip Sync’ compared to when you were unable to?
• What do you think the impact on the others was?
• How might ‘Lip Sync’ help you in your work and personal relationships?
• What action can you take to improve your ‘Lip Sync’ ability?

Or if you prefer to see it in a micro-learning format, click here

As an example, you can see that this activity can be briefed quickly and the playing of the activity happens within the normal working day. It does not impact the operations of the organisation and can be completed across specific teams or the whole organisation at the same time.

The use of microlearning can help develop learning at speed and scale.

Some benefits of this L&D solution:

• Specific skills can be developed organisation-wide at the same time
• There is no requirement to be released from work
• Skills can be developed that are directly linked to team/organisation goals
• Can be used to develop behaviours in real work environment
• Can support long term learning programmes
• Improve relationships within organisations
• Can embed values at scale and speed

Some environmental considerations:

• Support from line managers in playing the game
• Support to encourage reflection on the day’s play
• Facilitating healthy discussions within teams
• Link required behaviours to performance management, reward and recognition
• Access to activities
• Enabling all employees to participate

Summary

In my opinion, L&D does not own the learning in the organisation, and can move itself to be seen as the strategic convener of learning. All the ideas in this blog were chosen against the following criteria:

• Had limited operational impact
• Had limited financial costs
• Encouraged learning, as close as possible, to the required application
• Ability to support organisation-wide learning
• Ease of linking to organisational outcomes
• Encourage multiple stakeholders in learning
• Can be easily evaluated for impact

This is not an exhaustive list, and there are many great ideas on how to create learning opportunities in the workplace.

Hopefully, these ideas have given you some food for thought, enabling you to implement some of these quickly and easily into your organisation.

These ideas may help move the conversations L&D are having in organisations and change the perception and move them to be seen as trusted strategic partners.

If you would like to chat about changing the perception of learning in organisations, feel free to reach out.

You can contact Scott Hunter with your questions:
email: scott @ theinnovatecrowd.com
web: www.theinnovatecrowd.com
LinkedIn: Scott Hunter

Moving from Cyber Risk Insurance to a Cyber Risk Management Strategy


2021 has progressed with even more challenges and promises to deliver even more changes to the pace of a fast technological environment, risk professionals need to look back and consider the lessons learned from 2020.

Have we returned to where we were, or have we moved on to a new norm?

What does the COVID-19 pandemic market data tell us that will help us to prepare for future global crises?

2020 was a rollercoaster for the financial markets. At the beginning of the year, the economy was enjoying the longest continuous growth stretch on record.

The stock market was constantly hitting new highs. The Federal Reserve was starting to bring Treasury yields back up for the first time since the Great Recession. And, then came March.…

Given that framework, the first question we want to answer is: “As risk professionals, how prepared were we for these types of market swings?”

In the insurance industry, companies rely on economic scenario generators (ESGs) to produce a wide range of plausible, cohesive futures for the variables that drive their results — for example, corporate bond and equity returns, as well as Treasury yields.

These models are not predicting specific events, like a pandemic or a war; instead, they simply attempt to estimate the likelihood of a 20% drop in the equity market over the next year.

So, to answer the question posed above, we need to test how well the ESGs that we use we’re able to predict the financial market movements we have seen in 2020.

If our models covered these types of results, then we can take comfort that we were well prepared; if not, then we have to think about how to adjust our framework to be better prepared for the next calamity.

So, where does this leave an Insurance Chief Risk Officer?

First, we should take a critical look at how well our key economic models performed at anticipating these types of extreme market movements. If our models weren’t up to the task, then we need to rethink how those models are calibrated, as this is likely to lead us to either take on too much risk or the wrong types of risks.

We also want to make sure we perform this review on both the good times and the bad times since we are using these models for much more than just risk measurement.

This now brings us to one of the widest subjects in technology today; Cyber Risk insurance, which has become very popular over the last five years with larger corporations as a means to potentially cover the unexpected cost relating to data breaches and ransomware attacks.

This is not surprising taking into consideration that Global ransomware damage costs are predicted to reach $20 Billion (USD) by 2021 according to the latest report by Cyber Security Ventures.

According to the report, this is a 57X increase in the last five years. Ransomware is expected to attack a company every 11 seconds according to the report.

Ransomware poses the biggest threat as a business is adversely impacted to a point where business is shut down. In 2019 alone, the average business downtime was over nine days. According to Bitdefender, downtime costs due to ransomware on average were 50 times more than the ransom requested from Cyber Criminals.

According to the latest IBM Security Ponemon report on the cost of data breaches, the average for data breaches in the US was $3.8 million (USD) for less than 100,000 records. The average time to identify and contain a breach is 280 days. In breaches of 1 million to 10 million data records breached, the average cost was $50 million (USD), more than 25 times the average of the cost of breaches for less than 100,000 data records.

Looking at the following top Cyber threats to companies for 2021, according to Security Boulevard, the cyber attack surface is increasing as companies accelerate digital transformation and remote work, leaving the company at higher risk for Cyberattacks.

• Cloud-based threats. As more companies move to cloud services and adopt more cloud-based tools from 3rd party vendors, this also increases the security footprint the company needs to look at protecting. It is no longer just the internal systems of the company that poses a risk.

• Insider threats. This involves internal actors (employees, contractors, vendors) with valid credentials to key business systems colluding with cybercriminals to provide them access to data that can lead to data breaches and ransom attacks.

• Remote worker end-point security using unsecured network services leading backdoors open for cybercriminals to gain access to company data and infrastructure.

• Phishing attacks employing social engineering to gain access to access credentials.

• Deep Fakes. A growing threat where artificial intelligence is used to manipulate videos that falsely represent a person to commit more advanced phishing attacks. This could generate synthetic identities to gain access to systems.

• IoT devices. Unless properly secured within the overall part of the business, the introduction of IoT devices increases the complexity and attack surface for cybercriminals to exploit. The recent Verkada cyberattack exposing video footage of over 150,000 cameras of various companies such as Amazon, Tesla demonstrated this risk.

• Malvertising where malicious advertisements including technical support scams are used to spread malware.

• Sophisticated and targeted ransomware attacks. This includes a key risk around personal staff safety.

• Social Media attacks where cyber criminals use social media platforms posing as the legitimate company in order to spread malware.

Taking into consideration that the average cost of Cyber Insurance in 2020 in the US, according to AdvisorSmith was $1,485 per year covering the liability of up to $1 million.

There are a number of factors such as company revenues, and the number of sensitive data records, to name a few, that impacts Cyber Insurance premiums.

Looking at the averages for Cyber insurance and the explosive growth in the cost of data breaches, most companies are grossly under-insured to cover the costs of potential data breaches or ransomware attacks.

Cyber-insurance may be a good option for covering some of the liability and cost in the event of a breach, however, it falls way short in minimizing the actual liability in the cost of a data breach or ransom attack to the company.

How should companies and the Board balance the cost to cover the liabilities due to cyber risk in the company?

Spend more money on insurance with higher premiums vs. more investment to implement risk management across the organization and supply chain through policies, incidence response preparedness, cyber training, and Cyber Security systems?

The latter part of the equation can be quite daunting, and the “easy” way out seems to be to rather take out the insurance, and deal with it when a breach happens.

What shall companies look at in order to solve an increasingly complex cyber governance problem when looking at the cost, and where to most effectively spend the money to mitigate the risk?

The typical cost for a cyber attack when that happens can be broken down into the following elements:

• Forensic analysis for identifying the attack source
• Unplanned IT spend to recover data, remove malware, recover from downtime, implementation of new systems to prevent similar attacks, 3rd party vendor or supply chain systems updates, other
• Public relations services
• Notification of clients, shareholders, and regulators
• Credit monitoring services (if financial data was stolen of customers)
• Loss of income
• Regulatory penalties depending on the breach

The best strategy is to as much as possible, avoid the additional cost through better governance and incidence reporting and planning and implementation of automation of security as reasonably possible.

Worldwide spending on information security and risk management technology and services continued to grow through 2020, although at a slower rate than previously forecast, according to Gartner, Inc.

Information security spending grew 2.4% to reach $123.8 billion in 2020. This is down from the 8.7% growth Gartner projected in its December 2019 forecast update. The coronavirus pandemic is driving short-term demand in areas such as cloud adoption, remote worker technologies, and cost-saving measures.

“Like other segments of IT, we expect security will be negatively impacted by the COVID-19 crisis,” said Lawrence Pingree, managing vice president at Gartner. “Overall we expect a pause and a reduction of growth in both security software and services during 2020.”

Gartner’s survey showed the top 10 categories of expenditures as follows:

1. Application Security
2. Cloud Security
3. Data Security
4. Identity Access Management
5. Infrastructure Protection
6. Integrated Risk Management
7. Network Security Equipment
8. Other Information Security Software
9. Security Services
10. Consumer Security Software

How big is your cybersecurity budget? Probably not big enough. Organisations need to invest more in their security.

Over the years, spending on cybersecurity has changed substantially. In 2019, worldwide spending for security products and services is estimated to be more than $124 billion, an increase in growth of 8.7% from last year.

Companies around the world are no longer considering cybersecurity a minor part of their spending budget, but rather a priority. One of the main reasons for this is the large security breaches that have occurred in the past few years, putting business and personal data at a higher risk than ever before.

According to IBM’s report, companies with fully deployed security automation saw a cost-saving of $3.58 million (USD) on the cost of a data breach vs. companies with no security automation.

Companies with incident response preparedness so an impact of $2 million (USD) savings on average on the total cost of a data breach.

Boards and companies should have clear plans and strategies around the following four cost centers. Where cost centers are missing, these need to be taken into consideration. Start with assessments of the status of the activities within these four key pillars for cyber governance and make these a strategic part of all budget spend and activities across the whole company, as well as 3rd party supply chain of the company.

Detection and escalation. Activities that enable a company to reasonably detect the breach.
• Forensic and investigative activities
• Assessment and audit services, including Incident Response
• Crisis management
• Communications to executives and boards

Lost business. Activities that attempt to minimize the loss of customers, business disruption, and revenue losses.
• Business disruption and revenue losses from system downtime
• Cost of lost customers and acquiring new customers
• Reputation losses and diminished goodwill

Notification. Activities that enable the company to notify data subjects, data protection regulators, and other third parties.
• Emails, letters, outbound calls, or general notice to data subjects
• Determination of regulatory requirements
• Communication with regulators
• Engagement of outside experts

Ex-post response. Activities to help victims of a breach communicate with the company and redress activities to victims and regulators.
• Help desk and inbound communications
• Credit monitoring and identity protection services
• Issuing new accounts or credit cards
• Legal expenditures
• Product discounts
• Regulatory fines

(Cost center model per IBM in the Cost of Data Breach Report)

Digital technologies are ushering in a new era and driving transformative changes in every industry, as organizations adopt these technologies to redefine how they create, deliver, and capture value.

Identifying, understanding, and addressing new risks associated with digital transformation will help businesses derive more value from their efforts in the future. What’s more, understanding how digital transformation can be applied to risk management will enable organizations to take a more balanced view of digital technologies as both a source of risk and a way to manage risk.

As your organization embarks on its digital journey, we invite you to learn more about the evolving risk landscape and new opportunities to better manage risk.

Misalignment between an organization’s goals for digital transformation and employee values and behavior creates new culture risks.


The final topic we would like to address is digital ethics, being more in tune with digital ethics and having plans and processes in place will also help organisations respond more effectively when an incident does occur.

Firms not only need processes in place to ensure that they are ready to respond quickly to address problems but also to fulfill their regulatory obligations by promptly disclosing any breach to the regulator as well as any impacted customers.

As part of their digital transformation efforts, organizations need to act responsibly and promote ethical use of technology.

They also need to have pre-established influencer relationships that they can leverage to counter any hysteria or misinformation which might arise that could interfere with their business or impact their brand.

Organisations that have a culture that takes digital ethics seriously, will behave in ways that will minimise the risk of incidents and will act in ways that help build stakeholders’ trust. Those that don’t take digital ethics as seriously will not only be at higher risk of impact but will struggle to establish such trust.

Making data ethics a key corporate value can have a significant potential upside. Implementing data privacy policies and updating crisis management plans to address data breach scenarios will minimise any downside.

At the very least, engaging with Influencers or Cyber professionals/experts early can help you be better prepared to respond to calamities, our definition of influencers is quantified as Cybersecurity specialists who play a key role in securing information systems.

By monitoring, detecting, investigating, analyzing, and responding to security events, cybersecurity specialists protect systems from cybersecurity risks, threats, and vulnerabilities.

While taking their advice or using them to independently assess or benchmark your data privacy policies and crisis management plans can be used to demonstrate best practice in these areas, which in turn can mitigate potential fines or legal exposure in the event of a calamity.

Your customers want you to take a stand on data security and privacy, and be transparent about it – seeing it as more important than either your diversity or sustainability efforts.

Each and every company, regardless of its industry, has weaknesses that hackers exploit for their own gain. Just because a business is small or not in a vertical often associated with valuable data (such as healthcare or financial services) doesn’t mean it won’t make an enticing target for an opportunistic cybercriminal.

In fact, there are a number of reasons why start-ups and small businesses are sometimes more likely than even big businesses to be targeted.

  • Customer Information: Even the smallest start-ups often store or handle customer data such as financial information, Social Security numbers, and transaction history.
  • Proprietary Data: Start-ups often carry innovative and creative ideas for products and services, as well as internal research data that could be valuable to outside parties.
  • Third-Party Vulnerabilities: Hackers also target small businesses and start-ups because they sometimes do business with larger companies as third-party vendors and can provide entry points into those more valuable networks. Target’s infamous 2013 credit card breach, for instance, happened because of vulnerabilities in a third-party vendor’s system.
  • Multiple Interfaces: Another reason for increased attacks is the growing use of Internet of Things (IoT) devices that increase the attack surface of networks. Small businesses are turning to IoT devices more often due to their lower costs and growing capabilities. Unfortunately, hackers often exploit poorly secured devices as a backdoor to access broader, more sensitive networks.
  • Lack of Finances: Since small businesses and start-ups are working on a tight budget, they don’t always place cybersecurity is not at the top of their priorities list and often neglect the latest patches and updates.

The power of digital technologies to enable new sources of revenue can be significant. Due to the proliferation of digital technologies and the particular ethical challenges they present, organizations are increasingly expected to consider ethical obligations, social responsibilities, and organizational values as guides to which digital opportunities to pursue and how to pursue them.

As discussed in the “Managing data risks for value creation” trend, responsible and unbiased collection, handling, use, and privacy are top areas for concern when it comes to data. Also, there are increasing calls for digital services that are fair and equitably accessible, promote physically and mentally healthful uses, encourage inclusion, and are geared toward socially beneficial uses.

Digital adopters want technologies that aren’t harmful or abusive and are safe and error-free. There’s an opportunity to do well by doing good—pursuing digitally responsible growth strategies that build stakeholder trust.

Finally, organizations are conscious that digital transformation involves more than technology adoption. It requires concerted efforts to define how enterprises organize, operate, and behave by aligning strategy, structures, processes, people, and technology to build a unique digital DNA.

Organizations can sidestep unnecessary risks and harness risk to power performance by adopting a risk lens and a holistic approach as part of their efforts. Below are a few guiding principles.

Conclusion; Boards can harness risk to power performance in a digital world, but only with a responsible Digital DNA and hopefully with the Digital Services Act (DSA) that will bring digital reform.

As Tom Golway, Chief Technologist in the Advanced R&D organization of Hewlett Packard Enterprise once said:

“The deeper, philosophical question is does the 1st Amendment apply to AI algorithms. Resolving this is an immediate challenge that needs open dialogue that includes a broad set of disciplines, not just technologists”

This article is the expressed opinions and collaboration between two senior-level industry board professionals on their views and perceptions on the subject matter:

MARIA PIENAAR CTIO, Corporate Innovation, Digital Transformation, Investor Private Company Board Director & Advisor Maria propels growth by speeding up discovery for companies whose leaders are frustrated by the slow pace of innovation.

Being a master networker, she extracts strategic value through tapping latent creativity of teams and customers and catalyzes partnerships with highly innovative organizations. Her diverse leadership roles in global 100 and startup companies enable her to see the end-to-end picture and plot the most effective course for designing, launching and scaling new products and services for companies, driving customer growth. Maria co-founded Blue Label Ventures, a Corporate VC focussing on investments in Digital Health, IOT, Cyber Security, Fintech (incl. InsurTech).

Prior she was CIO at Cell C, a challenger mobile carrier, and prior held various leadership roles in Business Development, Go-to-Market Strategy, Strategic Partner Management and Product Marketing for Lucent, Nokia, Vodafone, Globalstar and various startups. Maria holds a BSC in engineering.

LinkedIn: Profile

Geoff Hudson-Searle is an independent non-executive director across regulation, technology and internet security, C-Suite executive on private and listed companies, and serial business advisor for growth-phase tech companies.

With more than 30 years’ experience in international business and management. He is the author of five books and lectures at business forums, conferences and universities. He has been the focus of TEDx and RT Europe’s business documentary across various thought leadership topics and his authorisms.

Geoff is a member and fellow of the Institute of Directors; associate of The International Business Institute of Management; a co-founder and board member of the Neustar International Security Council (NISC); and a distinguished member of the Advisory Council for The Global Cyber Academy.

He holds a master’s degree in business administration. Rated by Agilience as a Top 250 Harvard Business School thought leader authority covering blogs and writing across; ‘Strategic Management’ and ‘Management Consulting’, Geoff has worked on strategic growth, strategy, operations, finance, international development, growth and scale-up advisory programmes for the British Government, Citibank, Kaspersky, BT and Barclays among others.

LinkedIn: Profile

Are corporate boards complacent with cyber risk?

Boards of directors have been working hard to fulfill their risk oversight responsibilities in a challenging environment. Regulations are changing rapidly in most industries, and vary significantly across countries.

Investors, analysts, and the public are demanding greater transparency into risk and risk management, as are creditors, counterparties, and other stakeholders. Many boards legitimately wonder not only what regulators want, but also which approaches to risk oversight actually work.

Deloitte set out to study a specific and very effective risk governance mechanism: board-level risk committees. This report revealed the prevalence of board-level risk committees (whether standalone committees focused solely on risk, or hybrid committees such as audit/risk) based on an analysis of 400 large public companies in eight countries.

In summary, these were some of the findings:
§ Board-level risk committees are well-established and widespread — present in 38% of the 400 companies analyzed. About a quarter (22%) have standalone board-level risk committees, while 16% oversee risk through hybrid board-level committees.
§ As might be expected, board-level risk committees are most prevalent in FSI companies (88%), but are also present in other industries (26%), often to a significant extent, depending on the country.
§ Local regulations affect risk oversight structures. Australia, Brazil, Mexico, Singapore, the UK, and the US have regulations that require risk committees at the board level for FSI companies (sometimes dependent on the type and size of the company).
§ Overall, 62% of all companies analyzed do not have a board-level risk committee. This largely reflects the lack of regulatory requirements for board-level risk committees in non-FSI companies in most countries.

Every week, a new data and security breach seems to be reported that appears to exceed previous breaches and hack in scale. This year we are also seeing different uses for Distributed Denial-of-Service beyond simple volumetric attacks, including what we call quantum attacks.

Quantum attacks are relatively small and designed to bypass endpoint security and avoid triggering cloud failover mitigation.

These attacks are being used for scouting and reconnaissance. In a recent incident, Neustar stopped a quantum attack that never peaked over 300 Mbps, but it featured 15 different attack vectors, went on for 90 minutes, and involved all of Neustar’s globally distributed scrubbing centers.

This attack came from all over the world and was designed to bypass perimeter hardware, using protocols to circumvent their defenses. The attackers behind such campaigns may start small, but they can quickly add botnets, attack vectors, and ports to get what they want.

If it were to be measured as a country, the facts are; cybercrime which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.

Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015.

This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year and will be more profitable than the global trade of all major illegal drugs combined.

The damage cost estimation is based on historical cybercrime figures including recent year-over-year growth, a dramatic increase in hostile nation-state-sponsored and organized crime gang hacking activities, and a cyberattack surface which will be an order of magnitude greater in 2025 than it is today.

Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data, and systems, and reputational harm.

Some with more complexity in the hack such as the Solar Winds supply chain breach, and others with less complexity, such as the recent global breach of Verkada of over 150,000 security camera data by hacktivists. Once again, the data breach was global in nature and exposed again the security policy and process vulnerabilities these hackers are using to gain access to corporate data via root access.

Industry research has shown that hackers are active in corporate systems for an average of 8 months before they may do something or make themselves known. Over 76% of cyber risk is due to insider risk, involving collusion between hackers and corporate insiders. It is no longer just a “technical” hack.

What is root access? A root administrator or gatekeeper is a superuser account on a computer or network and that has complete control over all aspects of the system or network. The root administrator can access all data, software, configure, delete and change software code in the systems or network.

One of the top risks identified in cybersecurity audits today is a regulatory governance risk. This requires a legal requirement to be audited with respect to IT security, making audit and compliance metrics highly relevant and important.

Some examples include:

Audit and compliance metrics
➢ “Are we ISO-27001-compliant?”
➢ “Do we have a vendor risk management program?”
➢ “Do we have any outstanding high-risk findings open from our last audit or assessment?”
➢ “What percentage of the NIST framework are we implementing?”
➢ The NIST framework has roughly 80 questions associated with it. If a board member asks if you’re doing the NIST framework, you might say, “Today we’re doing 60% of it.”

Operational effectiveness metrics
➢ How many intrusions were detected this year?”
➢ “How quickly are we detecting, investigating and remediating threats?”
➢ “How much have we spent this year?”
➢ “How many vulnerabilities were in our network and how quickly were they fixed?”
➢ “How many compromised systems did we have compared to last year?”
➢ “Has our risk profile changed?”
➢ “How did we compare to our peers across X time span?”

Knowing the best practices on how to present cybersecurity to the board is one thing but without substantive data, you won’t have a very compelling (or helpful) presentation.

The first thing you need to keep in mind regarding metrics is context. Board members likely don’t know what it means if you say that “500,000 intrusions hit the detection system.” You need to focus on being concise with your explanation and show them how the metric impacts the health of the company.

You’ll want to focus on showing metrics over time that the management, or lack of management, processes and policies of root admin passwords. In most cases, these processes are manual at best and there seems to be little appetite to implement additional security technologies that can dramatically reduce this risk.

IT organizations have become more fragmented in nature, especially where there are differing roles for Chief Digital-, Chief Information- and Chief Information Security Officers in organizations, each having responsibility for specific aspects of the overall technology stack of the corporation.

Unless there is a close collaboration between these roles, there will remain gaps in governance of access to data, systems and networks in corporations.

Take into consideration that a corporation is part of a business ecosystem of employees, contractors, 3rd party vendors and their contractors, resellers, partners and customers. All these parties require access to corporate data, systems and networks. The management of access and data security is no longer just contained to the closed “bubble” of a corporation and its employees alone.

The cyber strategy needs to incorporate this more complex supply chain risk and how to manage this across the business ecosystem. This is especially true for management of user access into these systems.

Very few companies have checks on when employees from vendors, 3rd party contractors and partners leave, and need to be off-boarded off the corporate systems. The more manual these processes, the higher the risk that their will be dormant user credentials that hackers can exploit.

Where there is little appetite to spend more money in key IT security systems, the typical practice is to have the risk logged in the corporate’s risk register and key executives, and in some cases the board, to accept and sign off on the risk.

Another approach is to do more “training” in awareness of cyber risk and write more policies, which again is only an internal approach to the corporation and employees alone. Training tends to happen when new employees are onboarded, and perhaps retrained after yearly pen-testing.

Employees tend to step through training, which includes reviewing the policies, and then forget about it as soon as they have received the credits for the training. The more extensive the policies are, the less effective they are in having people follow and implement them.

There still seems to be a lot of complacency at board level in managing the cyber risk, or in some cases, this is non-existent at board level. The main driver is the perspective of an “insurance” approach of cyber risk management.

As long as there is an “insurance” cyber risk mindset believing that a breach has not happened and we will “insure” the risk in case it happens, the corporate will remain at high risk when a breach happens. CISO and/or CIO’s are still missing at the board table, although this is changing. This leaves a gap in poor understanding of cyber governance for the company at board level.

Don’t just leave the Cyber risk management up to the audit committee.

When cyber events happen, how do boards manage the challenges, cost and potential reputational risk?

Key steps boards can take to improve cyber governance, strategy and response to a major cyber event:
● Appoint third-party Cyber advisers as non-executive directors of the board.
● Appoint the CIO and/or CISO as members of the board
● Cybersecurity technology and services investment plan and strategy – ensure there is sufficient budget
● Establish a cyber business response plan
● Have a clear plan in place protecting the well-being and safety of employees
● Employee cyber safety reporting – especially where employees may be threatened and at risk
● Cyber incident and risk reporting as part of the monthly board agenda

Cyber risk can no longer be viewed as an “insurance” type of risk. The stakes are too high. The risk is no longer just relevant to your corporate, it involves managing the cyber risk as it relates to your full supply chain and business ecosystem.

The bottom line is that every board should periodically assess the risk oversight and governance needs of the organization and take whatever steps it deems necessary to address those needs. A board-level risk committee, whether standalone or hybrid, is one effective means of attaining the necessary visibility into risks and risk management and of exercising risk oversight. It is also one that most boards should at least consider

Not long ago, a board of directors would meet once or twice a year to be briefed on cybersecurity, check the box, and move on. Cybersecurity was little more than an afterthought, and mostly a box-checking exercise for compliance or to make sure the bases were covered in the wake of a newsworthy event. With little technical understanding at the board level, many were happy
to simply throw money at the problem and leave it to IT professionals to handle.

The Cyberspace Solarium Commission has an urgent message for the boardroom and C-suite executives: The status quo in cyberspace is unacceptable, which is spelled out in its groundbreaking 2020 Report which proposes a strategy of layered cyber deterrence to protect all U.S. businesses and governments from cybercrime and cyberwarfare.

Finally, We can all agree over the course of 2020, global cyber threats have continued to evolve at speed, resulting in a dramatic reshaping of the cybersecurity landscape. Traditional threats such as generic Trojans, ransomware and spambots were transformed.

Every company should have a CISO or cybersecurity expert on their board because cybercrime is the greatest risk to business continuity that every company faces.

Cyber should be at the center of business strategy – not technical strategy only.

The idea that we are describing, is to put a senior cyber executive in the boardroom who will wave the red flag and challenge the severity of the risk and have the main and operational board pay attention to the severity of risks. No longer can you rely upon or expect the CEO to be carrying the competency of cyber risk to the business, but to have the inclusion of Cyber experts and make better decisions on business risk, absolutely.

The question is not whether you will be attacked. The case may be that you have already been attacked or witnessed a vulnerability breach without your prior knowledge. It is when, by what, and how badly your company’s reputation or finances will be damaged. And one thing is sure in the uncertain world of cybersecurity – the wrong time to consider defence is after the attack has occurred.

James Brien Comey Jr, an American lawyer who was the 7th director of the Federal Bureau of Investigation (FBI) famously once said: “We face cyber threats from state-sponsored hackers, hackers for hire, global cyber syndicates, and terrorists. They seek our state secrets, our trade secrets, our technology, and our ideas – things of incredible value to all of us. They seek to strike our critical infrastructure and to harm our economy.“

This article is the expressed opinions and collaboration between two senior-level industry board professionals on their views and perceptions on the subject matter:

MARIA PIENAAR CTIO, Corporate Innovation, Digital Transformation, Investor Private Company Board Director & Advisor Maria propels growth by speeding up discovery for companies whose leaders are frustrated by the slow pace of innovation.

Being a master networker, she extracts strategic value through tapping latent creativity of teams and customers and catalyzes partnerships with highly innovative organizations. Her diverse leadership roles in global 100 and startup companies enable her to see the end-to-end picture and plot the most effective course for designing, launching and scaling new products and services for companies, driving customer growth. Maria co-founded Blue Label Ventures, a Corporate VC focussing on investments in Digital Health, IOT, Cyber Security, Fintech (incl. InsurTech).

Prior she was CIO at Cell C, a challenger mobile carrier, and prior held various leadership roles in Business Development, Go-to-Market Strategy, Strategic Partner Management and Product Marketing for Lucent, Nokia, Vodafone, Globalstar and various startups. Maria holds a BSC in engineering.

LinkedIn: Profile

Geoff Hudson-Searle is an independent non-executive director across regulation, technology and internet security, C-Suite executive on private and listed companies, and serial business advisor for growth-phase tech companies.

With more than 30 years’ experience in international business and management. He is the author of five books and lectures at business forums, conferences and universities. He has been the focus of TEDx and RT Europe’s business documentary across various thought leadership topics and his authorisms.

Geoff is a member and fellow of the Institute of Directors; associate of The International Business Institute of Management; a co-founder and board member of the Neustar International Security Council (NISC); and a distinguished member of the Advisory Council for The Global Cyber Academy.

He holds a master’s degree in business administration. Rated by Agilience as a Top 250 Harvard Business School thought leader authority covering blogs and writing across; ‘Strategic Management’ and ‘Management Consulting’, Geoff has worked on strategic growth, strategy, operations, finance, international development, growth and scale-up advisory programmes for the British Government, Citibank, Kaspersky, BT and Barclays among others.

LinkedIn: Profile

Sources:
Deloitte
Cyber Security Ventures
CSC Research

Purpose and Trust; Why we need to listen. Why we need to act.

Today’s business environment is being profoundly disrupted. Volatile markets, rapid technological advances and unexpected sources of competition are ingredients in a boiling, roiling stew of threats and opportunities, and leaders the world over are struggling to navigate this shifting landscape. Transformation is not enough. Transcendence is the new game.

You can question does purpose and trust matter?

To answer that question in brief; it only matters if it is implemented in conjunction with clear, concise direction from top management and in such a way that the middle layer within the company is fully engaged within. Even after the company is fully aligned behind a compelling purpose, leaders must continue to reinforce it from the top. You can’t just adopt it. It has to be driven, operationally and in-depth, by the CEO and the top leadership team.

A discussion and running theme that seems to be on every leadership and executive director’s mind, is ‘what is required to be an effective leader in today’s totally disruptive business world’?

Businesses of all sizes in all regions of the world are responding to a vision and set of common values across purpose and trust. Companies have reported purpose and regaining trust as a new guiding star for a world in constant change, in an interconnected operating environment that businesses face.

To distil purpose more equally throughout the companies, many firms are considering hiring chief purpose officers. Shannon Schuyler, newly hired first chief purpose officer at PwC, defines the role as, “how you connect purpose to an individual so they know what they need to do in their roles and how do you help them see personally how they connect with values and behaviours.”

The timing could not be more urgent. The world is facing a complicated web of multidimensional interconnected systemic challenges continue to rise.

When you ask employees, what matters most to them, feeling respected by superiors often tops the list. “In a recent survey by Georgetown University’s Christine Porath of nearly 20,000 employees worldwide, respondents ranked respect as the most important leadership behaviour. Yet employees report more disrespectful and uncivil behaviour each year.

The challenge is finding the right balance between the two types of respects. Owed respect without earned respect can deflate employees, who will sense that their efforts won’t be recognized or rewarded, while a focus on teamwork may, however, warrant more owed respect as a bonding tool.

A survey carried out by DataPad for International Business and Executive Management as part of some research for one of my published books, Purposeful Discussions, shows that few of us trust our leaders.

Of those who responded to the question; “Do you trust and respect your CEO”, 30% responded, “not at all” and another 39% responded, “a little”.

The survey asked employees the same question on ‘trust and respect’ in relation to their Executive Leadership, Heads of Department and their immediate line managers. The closer the manager’s role was to the respondent, the more likely it was for the employee to answer positively.

Immediate managers were trusted “a lot” by 48% of those who responded and “a little” by 36%. 16% of immediate managers are not trusted at all.

We all live and work in an era of increasing connectivity and public scrutiny: a world where societies are being reshaped and businesses disrupted by powerful global trends.

The changes driven by these trends – both alone and acting together – bring major implications for trust.

PwC in their 23rd global CEO survey showed that CEOs are putting significant emphasis on their broader purpose and culture, as issues such as sustainability, diversity and wellbeing have become business-critical.

With skills a priority, it is essential CEOs promote a company culture that complements their recruitment and retention plans by helping them attract, retain and nurture the people they have and the talent they need.

UK CEOs show a commitment to issues such as diversity and inclusion and recognising the importance of wellbeing in the workplace. Addressing such issues not only demonstrates a commitment to workplace equality, but also reflects a growing recognition that greater diversity can improve decision-making.

However, it is surprising given the attention this matter has been getting that a significant proportion of businesses are yet to really focus on this issue.

To succeed in this fast-changing environment, businesses need to have a clear purpose that enables people to understand why a business does what it does. This purpose needs to look beyond the generation of financial returns to encapsulate how the business serves society.

Articulating – and embracing – such a purpose has never been more important. Why? Because today, in the wake of events that shook people’s trust in organisations of all types, attitudes and expectations of business are undergoing fundamental shifts. Having a shared recognition and understanding of why a business exists is key to bridging the trust deficit and shaping a new relationship between business and wider society.

When trust disappears, many things can change. Businesses can go on the defensive, and stop communicating, collaborating and innovating. And that’s just the start. Customer loyalty may diminish; it may get harder to attract, retain and motivate talented staff; regulation may increase, adding cost and effort for everyone; and businesses may lose their license to be listened to.

Together, all these factors can dampen growth, creating quantifiable impacts on share price, cost of capital and liquidity. The effects on morale innovation and behaviour are harder to measure but potentially even more damaging in the long-term.

Jason Lanier is one of the most celebrated pioneers of digital innovation in the world, and also one of the earliest and most prescient critics of its current trajectory. Jason is author of 2018’s ‘Ten Arguments for Deleting Your Social Media Accounts Right Now’, which is as clear and definitive an account of the damage companies like Twitter and Facebook and Google do to society and to our individual psyches as you’ll ever read.

The book felt relevant again right now, I said, in a way that made my bones actually vibrate. Lanier had been early to the idea that these platforms were addictive and even harmful—that their algorithms made people feel bad, divided them against one another, and actually changed who they were, in an insidious and threatening manner. That because of this, social media was in some ways “worse than cigarettes,” as Lanier put it at one point, “in that cigarettes don’t degrade you. They kill you, but you’re still you.”

His most dispiriting observations are those about what social media does to politics – biased, “not towards the left or right, but downwards”. If triggering emotions is the highest prize, and negative emotions are easier to trigger, how could social media not make you sad?

If your consumption of content is tailored by near limitless observations harvested about people like you, how could your universe not collapse into the partial depiction of reality that people like you also enjoy? How could empathy and respect for difference thrive in this environment? Where’s the incentive to stamp out fake accounts, fake news, paid troll armies, dyspeptic bots?

Right now, Lanier said, most of the systems on the internet are set up to exploit us, to harvest our creative ideas and our data without compensation. That the prevailing attitude in Silicon Valley is basically: “There’s no reason for you to know what your data means, how it might be used, you can’t contribute, we don’t know who you are, we don’t want to know you, you’re worthless, you’re not going to get paid, it’s only valuable once we aggregate it but you know nothing, you will know nothing, you’re in the dark, you’re useless, you’re hopeless, you’re nothing.

Leaders today are constantly in the spotlight and are often called upon to earn authority without control. Economic and social change demands leadership by consent rather than by control. What we perceive as good leadership tends to be created by leaders, followers, and the context and purpose of the organisation, thus it is a collective rather than individual responsibility.

Trust is a key ingredient of successful leadership. Trusted leaders are the guardians of the values of the organisation. Trust can release the energy of people and enlarge the human and intellectual capital of employees. In a trusting environment when we are committed to our shared purpose we play active roles both as leaders and as followers.

We talk a lot about trust these days because it tends to be a precious and scarce resource.

You could question the word empathetic leadership. Leaders with empathetic leadership listen attentively to what you’re telling them, putting their complete focus on the person in front of them and not getting easily distracted. They spend more time listening than talking because they want to understand the difficulties others face, all of which helps to give those around them the feeling of being heard and recognized.

Empathetic executives and managers realize that the bottom line of any business is only reached through and with people. Therefore, they have an attitude of openness towards and understanding of the feelings and emotions of their team members.

When we listen to the emerging needs of the workplace we step into the most relevant and useful roles and make relevant and valuable contributions both when leading and when following. Members of organisations who are sensitive to people’s reactions trust themselves and each other. They build and nurture trusting relationships and allow the future to emerge organically.

No heroic leader can resolve the complex challenges we face today. To address the important issues of our time we need a fundamental change of perspective. We need to start questioning many of our taken for granted assumptions about our business and social environments.

Leaders serve as role models for their followers and demonstrate the behavioural boundaries set within an organisation. The appropriate and desired behaviour is enhanced through culture and socialisation process of the newcomers. Employees learn about values from watching leaders in action. The more the leader “walks the talk”, by translating internalized values into action, the higher level of trust and respect he generates from followers.

Final thought, to help bridge the trust gap we recognise that organisations need to work with each other and with wider society to identify practicable, actionable steps that businesses can take to shape a new relationship with wider society: a new ‘settlement’ based on mutual understanding and a shared recognition of the positive role that business plays in people’s lives.

To create such a settlement, businesses need to see themselves as part of a diverse, interconnected and interdependent ecosystem – one that involves government, regulators, individual citizens and more. Trust within and across this ecosystem is key to its long-term sustainability and survival. That’s why trust needs to be restored to the heart of the business world.

As Stephen M.R. Covey once said:

“Contrary to what most people believe, trust is not some soft, illusive quality that you either have or you don’t; rather, trust is a pragmatic, tangible, actionable asset that you can create.”

Why a Resilient Organisation is… Team Leadership

There are just a few elemental forces that hold our world together. The one that’s the glue of society is called trust. Its presence cements relationships by allowing people to live and work together, feel safe and belong to a group.

Trust in a leader allows organisations and communities to flourish, while the absence of trust can cause fragmentation, conflict and even war. That’s why we need to trust our leaders, our family members, our friends and our co-workers, albeit in different ways.

In 2020, resilient leadership has been tested in the extreme, and the challenges continue. As I write this, many countries around the globe are contending with the resurgence of COVID-19 and the prospect of continued, new, and extended lockdowns—against a backdrop of social, political, and economic upheaval that makes the terrain even harder to navigate.

Challenges for leaders won’t end with a COVID-19 vaccine. Underlying societal issues that have long been simmering below the surface are raising questions and imperatives that will last long after the pandemic ends. The implicit social contract between institutions and stakeholders is rightfully being questioned.

We are in an unprecedented era of the need for leadership to step up. Rapid, disruptive change is today’s normal. To cope, leaders need to be agile and resilient. For years, the focus has been on speed and agility. But globalisation, technology and social-political changes are disruptive. They require resilient leaders, emotionally intelligent people able to absorb complex change and help others move forward to achieve success.

Resilient organisations have sound leadership at all levels and strong cultures founded on trust, accountability, and agility. They have a foundation of meaningful core values that all members of the team believe deeply in and a sense of team unity beyond what you find in many organizations. They also have a tendency to show consistent and better-than-average profitability year after year.

Resilient leaders are well-prepared for change. Regardless of the type or magnitude of the transformation an organisation is facing, one of the ultimate goals is to prepare the company for long-term strength and agility – a core function of leadership and management in the 21st century. The goal is not to simply navigate today’s needed changes but also to create a resilient organization poised for more change. A team that is ready for the next battle – whenever that may be.

In a previous life, I spent time with Navy Seal’s team 3 and 6, their mantra is clear ‘I serve with honour on and off the battlefield. The ability to control my emotions and my actions, regardless of circumstance, sets me apart from other men. Uncompromising integrity is my standard. My character and honour are steadfast. My word is my bond.

I am not saying all business leaders need to be trained by special forces, but the learnings for survival have transferable learnings in business. Below I have listed the ultimate Navy SEAL guide to exceptional success and achievement – combining the key advice from some of the most storied and prolific members of this elite force. Learn their lessons, follow their lead – and you’ll find you’re more likely to succeed.

1. Develop mental toughness.
Roughly 75 percent of people who make it into the initial six-month SEAL training course, known as Basic Underwater Demolitions/Seal Training (BUDS), wind up washing out. In his book, Navy Seal Training Guide: Mental Toughness, author Lars Draeger says there four pillars of mental toughness: goal-setting, mental visualization, positive self-talk, and arousal control. We’ll tackle them in turn.

2. Set (and achieve) micro-goals.
SEALs, according to Draeger, learn to focus on one thing at a time, avoiding all distractions. They do that by determining the overall objective, breaking it down into smaller pieces, and repeating as needed until they get to minute-by-minute pieces. That’s the kind of planning that allowed Navy SEALs to capture and kill Bin Laden and also the same kind of strategy that can help you achieve your goals.

3. Visualize success (and overcoming failure).
During SEALs training, there’s an exercise in which students are required to accomplish a series of difficult tasks…
underwater…
while wearing SCUBA gear…
while instructors attack them and try to destroy their equipment and keep them from breathing.

Become flustered, and you fail. So, the successful ones learn not to visualize ahead of time how they’ll handle each calamity. As the folks at Examined Existence wrote:

Navy psychologists discovered that those who did well and passed the exercise the first time used mental imagery to prepare them for the exercise. They imagine themselves going through the various corrective actions and they imagine doing it while being attacked. Once the exercise (and the attack) happens, the mind is ready and the [SEAL] is in full control of their physical and mental faculties.

4. Convince yourself you can do it.
As entrepreneurs, how many times do we hear that you should fake it until you make it? That’s part of how you get through SEALs training, apparently. The folks from Examined Existence summed it thusly:
Those who graduate from BUDS block all negative self-talk … and … constantly motivate themselves to keep going. … They remind themselves that should be able to pass no problem because they are more physically fit than their predecessors. They remind themselves to go on and not quit, no matter what.

5. Control your arousal.
Arousal. Heh-heh. We’re talking here about all kinds of sensual distractions – thinking about the lost love back home, or the things they could be doing besides training, or even the warm bed they had to leave in order to go through the day’s training.

Once more, Examined Existence:
When our bodies feel overwhelmed or in danger, [we] release … cortisol and endorphins. These chemicals … cause our palms to sweat, our minds to race, our hearts to pound, and our bodily functions to malfunction. This is the body’s natural response to stress, developed over millions of years of human evolution. But SEALS learn to control this natural response to arousal so that they are poised even under the most stressful of circumstances.

6. Be aware.
The next two are pretty basic, but I guess if you’re a Navy SEAL, it’s why they work. If you want to be in a position to overcome danger, be aware of your surroundings.

So, few other people pay attention to their surroundings anymore. In fact, I should take a photo of the slow-moving people I see on the subway each morning, immediately and obliviously checking their devices as they get off the train.

“Get your head out of your phone. … Just look up,” former Navy SEAL Dom Raso told TheBlaze . “It’s just a very, very simple thing to do and no one does it anymore, and it’s really scary.”

7. Avoid bad stuff.
This one also is obvious – so much so that former Navy SEAL Raso seems pretty upset about that others don’t do it. And it goes against the uninitiated, who might believe that a Navy SEAL’s first reaction is always to fight.

“Avoid, avoid, avoid,” he said. “I want to avoid any [bad] situation before it happens.”

8. Practice humility.
Given that last bit of advice, the next one makes sense. Success as a Navy SEAL leader means recognizing that you’re not the solution to every problem. Fail to recognize that, and you’re likely to flat-out fail.

“What it has to do with is the fact that the person is not humble enough to accept responsibility when things go wrong, accept that there might be better ways to do things, and they just have a closed mind,” says Jocko Willink, coauthor of Extreme Ownership: How U.S. Navy SEALs Lead and Win. “They can’t change, and that’s what makes a person fail as a leader.”

As his co-author, Leif Babin added: “No leader has it all figured out. You can’t rely on yourself. You’ve got to rely on other people, so you’ve got to ask for help, you’ve got to empower the team, and you’ve got to accept constructive criticism.”

9. Find your three mentors.
Tim Ferriss, author of ‘The Four-Hour Work Week’ among other giant mega-bestsellers, interviewed General Stanley McChrystal, along with McChrystal’s aide, former Navy SEAL officer Chris Fussell, who offered him some key advice:

You should always have three people that you’re paying attention to within your organization:
– Someone senior who you would like to emulate
– A peer who you think is better at the job than you are
– A subordinate who is doing your previous job better than you did

“If you just have those three individuals that you’re constantly measuring yourself off of and who you’re constantly learning from,” Fussell said, “you’re gonna be exponentially better than you are.”

10. Do small things right.
The last items on this list come from a speech that Admiral William McRaven, a Navy SEAL commander who was in charge of the raid that killed Bin Laden, gave in Texas last year.
His first commandment – a fairly famous one, in fact – is that you should make your bed in the morning.

Why? Because if you do that, “it will give you a small sense of pride and it will encourage you to do another task and another and another. By the end of the day, that one task completed will have turned into many tasks completed. Making your bed will also reinforce the fact that little things in life matter.”

11. Be smart about assessing others.
Next up: Don’t adopt others’ knee-jerk assessments. McRaven talked about being in SEAL training and reflecting on a crew of physically small classmates, none of whom was more than five-feet-five.
“The big men in the other boat crews would always make good-natured fun of the tiny little flippers the munchkins put on their tiny little feet prior to every swim,” he said. “But somehow these little guys, from every corner of the Nation and the world, always had the last laugh – swimming faster than everyone and reaching the shore long before the rest of us. SEAL training was a great equalizer.”

12. Suck it up.
This is probably the part of military training that people who’ve never gone through military training think of–the part they’ve seen in the movies where sadistic drill instructors put you through hell. McRaven talks about a punishment during SEAL training known as a “sugar cookie.”

The student had to run, fully clothed into the surf zone and then, wet from head to toe, roll around on the beach until every part of your body was covered with sand. … You stayed in that uniform the rest of the day – cold, wet and sandy.

The point of that training? To learn that when you’re uncomfortable and discouraged, sometimes you just have to suck it up and get through it.

13. Sometimes, go head first.
Another McRaven story. The record for going through the SEAL obstacle course in the fastest time had stood for years. One of the trickiest parts was to maneuver yourself safely but quickly into a rope obstacle known as the slide for life.

The record seemed unbeatable, until one day, a student decided to go down the slide for life–head first. Instead of swinging his body underneath the rope and inching his way down, he bravely mounted the TOP of the rope and thrust himself forward.

It was a dangerous move–seemingly foolish, and fraught with risk. Failure could mean injury and being dropped from the training. Without hesitation–the student slid down the rope–perilously fast, instead of several minutes, it only took him half that time and by the end of the course, he had broken the record.

The point? It’s the same in business and in any facet of life. Sometimes if you want to excel, you simply have to accept the risks and dive in anyway.

14. Take on the sharks.
Long before the television show, Navy SEALs learned to be afraid of sharks. There’s a part of their training when they have to swim in the waters off of San Clemente, California, which they are told is a breeding ground for sharks.

But you are also taught that if a shark begins to circle your position–stand your ground. Do not swim away. Do not act afraid. And if the shark, hungry for a midnight snack, darts towards you–then summons up all your strength and punch him in the snout and he will turn and swim away.

This is the story of life. Bandits and bullies are all around. Usually, the only way to beat them is to take them head-on.

15. Identify the moment that matters.
One of the keys to success is consistency – but of course, we all know that there are some moments that simply matter more than others. One of the toughest during SEAL training involves training to attack an enemy ship – by swimming two miles alone underwater and, in the dark, approaching it from below.

“The steel structure of the ship blocks the moonlight – it blocks the surrounding street lamps – it blocks all ambient light,” McRaven explained. “To be successful in your mission, you have to swim under the ship and find the keel – the centre line and the deepest part of the ship.”

The “darkest part of the mission” is the hardest – and the most important. We all have them in our lives.

16. Be happy.
Truth to tell, SEAL training sounds flat-out sadistic at some points. During his training, McRaven talked about his entire team being forced to stand in freezing water up to their necks, while their instructors told them they wouldn’t let them out until five trainees gave up – and quit the entire course.

Their reply? They started to sing.

“The chattering teeth and shivering moans of the trainees were so loud it was hard to hear anything and then, one voice began to echo through the night – one voice raised in song,” he said. “The song was terribly out of tune, but sung with great enthusiasm. One voice became two and two became three and before long everyone in the class was singing. We knew that if one man could rise above the misery, then others could as well.”

Standing in the surf and mud and freezing cold still sucked, but it sucked a little less McRaven said, and that’s how they made it through – because they gave each other hope.

17. Persevere – don’t ring the bell.
One way that SEAL training is a lot like the rest of the world is that there is an easy way to quit. You can simply give up, ring a brass bell in the middle of the compound in front of all of your peers, and walk away.

All you have to do to quit – is ring the bell. Ring the bell and you no longer have to wake up at 5 o’clock. Ring the bell and you no longer have to do the freezing cold swims. Ring the bell and you no longer have to do the runs, the obstacle course, the PT – and you no longer have to endure the hardships of training. Just ring the bell.

The vast majority of trainees ring the bell. The very few who don’t become U.S. Navy SEALs. They face even greater challenges, and someday people write about their example.

“If you want to change the world,” McRaven says, “don’t ever, ever ring the bell.”

This YouTube video translates the focus, How Navy SEAL Hell Week builds indestructible teams – Brent Gleeson


Elite Navy Seal teams demand very high levels of performance, but in assembling their teams, team members value trust even more highly than pure performance. A trustworthy person will be selected to join a Seal team, even if that means giving up a little bit of performance. On the other hand, individuals who are extraordinarily high performers but not trustworthy, diminish the team’s chances for success. Untrustworthy individual high performers are toxic to team performance, and not selected.

Therefore, re-establishing trust is even more critical now. Far from being a static, unchanging force, trust is dynamic and flows in multiple directions. The characteristics of being trusting and being trustworthy require us to make choices to invest in relationships that result in mutual value. Trust is a tangible exchange of value; it is actionable and human across many dimensions.

Let’s examine how we can invest in, rebuild, and renew trust.

Trust is personal: A call for leaders
In the words of British writer George Eliot, “Those who trust us, educate us.” Truly building trust with our stakeholders—understanding their concerns and their priorities—involves a willingness to listen, to learn, and to hear. Building trust requires leaders to make conscious daily choices, and especially to act on those choices.

Through mutual trust. When we as leaders trust our stakeholders, we enter an exchange that engenders opportunity: We prove our trustworthiness, and stakeholders empower our strategic choices and innovations. In essence, mutual trust creates a followership that allows us to break new ground, to traverse the seismic changes taking place and emerge, thriving, on the other side of crisis.

With vulnerability and honesty. Business leaders who are willing to acknowledge what they don’t know are more likely to create trust with their stakeholders than those leaders who mistakenly believe their greatest source of influence is knowledge—or at least acting as though they know. A similar paradox exists for organizations responding to a one-time breach of trust. Stakeholders are likely to regain—and even strengthen—trust in the organization when leaders admit the mistake, are apologetic, and are transparent in how they move forward.

Authentically, and where it matters most to your stakeholders. Intent connects the leader to their humanity and the importance of acting with transparency. But at the end of the day, intent is just a promise; leaders must be able to act on that promise, and do so competently, reliably, and capably. And they must be able to do so in the areas—whether physical, emotional, digital, or financial—that matter most to their stakeholders at that given time.

By connecting as humans. Leaders who aspire to be trusted by their stakeholders take responsible actions that consider and, where possible, acknowledge the needs of each of those stakeholders. This requires an understanding of what is important to different stakeholders, and an ability to walk alongside them rather than an attempt to “walk in their shoes.”

At an institutional level, value-creation discoveries, mindset shifts, collective agility bring together resilient organisations and their ecosystems into an interconnected web of resiliency and strength.

At an individual level, five of the most common traits in resilient leaders are adaptability, preparedness, collaboration, responsibility, and ethics to meet today’s challenges; preparedness connects tomorrow’s resources to potential future scenarios; collaboration connects the whole system; and both responsibility and ethics connect individuals, organizations, institutions, and society.

Final thought, trust-based leadership should also be understood through the lens of its influence over other leadership theories. Being trusted is a core part of other leadership styles and a strong trust foundation is required for styles such as transformational and charismatic leadership.

While the strong trust outlook is required for these leadership theories, trust leadership places the biggest emphasis on implementing trust values to every aspect of leadership.

Can a company be successful and competitive on the market and at the same time trusted?

Eric Greitens, a former Navy Seal and Naval Officer once said on resilience:

“We all have battles to fight. And it’s often in those battles that we are most alive: it’s on the frontlines of our lives that we earn wisdom, create joy, forge friendships, discover happiness, find love, and do purposeful work.”

Predictions for the start of 2021

The phrases used to describe the events of 2020 have now become a little cliché – but there’s no doubt it has been a very challenging year for every individual and every business on a global scale. From a deadly pandemic to a global movement for racial justice, the year 2020 has certainly experienced its fair share of world-shifting events.

Let’s take a look at some of the major events that took place in 2020

Australian bushfires; The country faced one of its most devastating wildfire seasons as the blazes continued from December 2019 into the new year and burned a record 47 million acres, displaced thousands of people and killed at least 34 people.

Prince Harry and Meghan Markle quit royal life; The Duke and Duchess of Sussex shocked both sides of the pond on Jan. 8 when they announced they were stepping down as “senior” royals.

COVID-19 pandemic; The World Health Organization announced Jan. 9 that a deadly coronavirus had emerged in Wuhan, China. In a matter of months, the virus has spread across the globe to more than 20 million people, resulting in at least 751,000 deaths.

Stock market crash; The coronavirus pandemic triggered a global recession as numerous countries went into lockdown. The Dow Jones industrial average suffered its worst single-day point drop ever on March 9.

Black lives matter protest; The police-involved killings of George Floyd, Ahmaud Arbery and Breonna Taylor this year sparked a wave of peaceful — and sometimes violent — demonstrations and riots across the world to demand an end to police brutality and racial injustice. More protests erupted in August when 29-year-old Jacob Blake was shot by a Kenosha, Wisconsin, cop and paralyzed from the waist down.

Kim Jong Un death rumours; The North Korean supreme leader fueled speculation that he was either gravely ill or dead after he missed events commemorating his grandfather Kim Il-sung on April 15. He re-emerged 20 days later in photos released by state media at a ribbon-cutting ceremony. The despot, however, faced a new wave of scepticism over his health in August when a South Korean official claimed all of the appearances were faked and he was in a vegetative state.

Beirut explosion; A massive explosion at a Beirut port, sparked Aug. 4 by the accidental detonation of 2,750 tons of ammonium nitrate, killed at least 190 people and injured thousands of others

West Coast wildfires; Deadly wildfires erupted from California to Washington state, burning millions of acres and displacing hundreds of thousands of people since mid-August.

Joe Biden becomes President-elect; Joe Biden became the 46th president of the United States on Nov. 7, defeating President Trump with a critical assist from his birth state, Pennsylvania, which delivered the votes to propel him to victory and end one of the most contentious elections in recent memory.

COVID-19 in the UK: The UK becomes the first country to approve the new Pfizer/BioNTech vaccine. 800,000 doses are planned for arrival in the coming days, with a further 40 million in 2021, enough to vaccinate 20 million people. The BBC reports that the jab is “the fastest vaccine to go from concept to reality, taking only 10 months to follow the same steps that normally span 10 years.

Around the world, we see many examples of resourceful responses to the world events in 2020, with companies changing their strategy to produce hand-sanitizers, protective gear, gowns and other supplies for hospitals, staff retrained to help out in hospitals, ventilators and life-saving medical devices, the list goes on.

The crisis created opportunities for businesses to become more innovative. Facing external pressures, some business leaders are stepping out of their routines and comfort zones to become creative problem-solvers. Along the way, they rediscovered their entrepreneurial spirit.

Beyond existing firms, some sectors of the economy are likely to grow. New technologies can offer numerous opportunities as the crisis transforms the products or services they can offer. Service businesses in particular are likely to see a lot of innovation in how services are created, packaged and sold.

Recent trends in China offer a glimpse of what is feasible for businesses. For example, online shopping and entertainment received a major boost during the coronavirus shutdown via online platforms like Alibaba, WeChat and their associated ecosystems.

In the health-care sector, health-related smartphone apps are proliferating. Artificial intelligence is helping hospital emergency rooms, while virtual reality has moved from an entertainment tool to a valuable resource for technical training and maintenance.

Companies that become competent and move quickly in these areas during the crisis will have a strategic advantage over their competitors in the post-pandemic economy.
In 2021, we will face challenges both familiar and unforeseen—but we will also see shoots of rejuvenation as the world thaws from lockdown. Here are some predictions of how the next year will play out.

Remote work will persist through 2021 and beyond
One of the most significant shifts for many workers in 2020 was the swift adoption of remote work. While some companies expected newly remote workers to return to the office, this is no longer a reality. Many businesses will not expect workers to come to the office five days a week, if at all, and companies will shrink or reconfigure office spaces accordingly.

“The reality is, employees will not be returning to the same office they left behind,” a 2020 remote-work study by PwC indicates. “There will be fewer people, restricted collaboration spaces and rotating shifts — all of which will require teams to find new ways to connect and collaborate. More than anything else, this need for connections is likely to shape what the office is going to represent.”

Salaries could be adjusted for remote workers

Along with the adoption of remote work during the pandemic, many employees took this opportunity to relocate. Some companies have already indicated that they will likely cut salaries to match cost-of-living expenses, which could be a significant corporate initiative in 2021.

“We predict a tidal wave of comp adjustments in 2021 as many tech and professional services workers go remote and move away from company HQs,” Glassdoor Chief Economist Andrew Chamberlain notes in the Glassdoor Workplace Trends 2021 report. “Once the dust settles on millions of employee relocations, we expect a wave of pay adjustments in 2021 for fully remote workers, whether or not they move to new cities.

Once local labor markets have adjusted to a wave of newly remote workers, the equilibrium pay for workers who’ve left expensive, congested metros like San Francisco and New York for smaller cities will almost certainly adjust downward.”

Some employers might require vaccination to come back in person

As the pandemic continues, some hope is on the horizon with promising vaccines from Pfizer and other companies. These vaccines could help employees safely come back to work in-person, and some companies are considering making the vaccine mandatory.

“A couple of my corporate clients are leaning toward making the COVID vaccine mandatory,” Rogge Dunn, a Dallas labor and employment attorney, told CNBC. “Under the law, an employer can force an employee to get vaccinated, and if they don’t take it, fire them.

Companies will reduce virtual activities and meetings

While businesses adopted virtual meetings fervently in 2020 as a way to help keep teams connected, they may not be so tied to them in 2021. As remote work becomes more of a norm, business owners could reduce these instances in order to give employees more time back to work.

“The Zoom happy hour has hit its expiration date, [with] too many long days of virtual meetings for months,” Nani Vishwanath, people team manager at Limeade, told TechRepublic. “[Employers will] gift employees with time back in 2021, such as cancelling recurring meetings or blocking a day for ‘no meetings’ and encouraging your team to recharge.”

Employees expect more diversity and company culture

Following major social and racial justice movements in 2020, companies should expect more scrutiny from employees and partners when it comes to diversity. For example, large asset manager BlackRock said it intends to push companies it has invested in for greater ethnic and gender diversity. This scrutiny will happen at the employee level as well.

“[Companies are] looking at what their policies say about company culture, what they’re willing to tolerate, what that does to employee morale, attrition and retention of employees, their reputation and ability to attract new talent and also their public perception,” Jennifer Schelfer, partner at Arnall Golden Gregory LLP, told the Atlanta Business Chronicle. “Employees are really expecting to see these initiatives in place and to see genuine support, especially from upper-level management.”

Business travel will be significantly reduced

As the pandemic continues into 2021, don’t expect travel for U.S. businesses to make a massive comeback in 2021. At the recent New York Times’ Dealbook conference, Microsoft co-founder Bill Gates predicted a significant drop in business travel, and for there to be a “very high threshold” for companies that can conduct meetings from home.

“My prediction would be that over 50% of business travel and over 30% of days in the office will go away,” Gates said at Dealbook conference. “Some companies will be extreme on one end or the other. … We will go to the office somewhat [and] we’ll do some business travel, but dramatically less.” Companies will reduce virtual activities and meetings

While businesses adopted virtual meetings fervently in 2020 as a way to help keep teams connected, they may not be so tied to them in 2021. As remote work becomes more of a norm, business owners could reduce these instances in order to give employees more time back to work.

“The Zoom happy hour has hit its expiration date, [with] too many long days of virtual meetings for months,” Nani Vishwanath, people team manager at Limeade, told TechRepublic. “[Employers will] gift employees with time back in 2021, such as cancelling recurring meetings or blocking a day for ‘no meetings’ and encouraging your team to recharge.”

Economic growth could return to pre-pandemic levels by the end of 2021

For businesses that have made it through 2020, many are wondering if the economy will come back in the next year. A December 2020 survey of the National Association for Business Economics (NABE) suggests the economy very well could roar back in the second half of 2021.

“73% percent of panellists believe that the economy will have returned to pre-pandemic GDP levels by the second half of 2021,” reports the NABE. “The 73% is a dramatic improvement from the October survey in which 38% of panellists believed that a full recovery would occur before 2022.”

Retraining and reskilling workers will be a 2021 priority
As the pandemic has put pressure on companies to lay off lower-skilled workers that can be replaced by automation or technology, some companies will also work to retrain and reskill employees.

“Cost-effective options — such as retraining, reskilling and redeployment — will continue to grow in popularity next year,” Michelle Anthony, chief revenue officer at LHH, told BenefitsPro. “Employers will be more committed to building a workforce of the future by helping employees acquire new skills so the companies can absorb downturns and market shifts without having to resort to the costly fire-and-hire cycle.”

Finally, it’s clear the post-pandemic future will be different. What’s happened during the crisis will have a lasting impact on society. Current signs of entrepreneurial initiative and goodwill give us some cause for optimism. The future I envision post-COVID is one where people and businesses are prepared and enabled through technology.

Whether it is to continue business operations or maintain access to essential needs, the digital economy will play a crucial role in all aspects of our lives. This is the brave new world we will have to create together, and now is the time to empower and work with entrepreneurs to help build it.

As Brian A. Wong – Vice President, Alibaba quoted by saying:

“SMEs are the backbone of any society for job creation and economic contribution. They are the pathfinders during the journey to economic recovery.”

Why Trust, High Standards and Outstanding People Deserve the Right Company Culture

A colleague who is an executive director in a large FMCG came down to see me for a discussion around my latest book, Purposeful Discussions.

In particular, David focused on an extract from Chapter Two;

When law firms, companies and others lay people off, the people who lose their jobs are generally the people who are ‘good’. People who are ‘outstanding’ don’t lose their jobs (or hardly ever).

Outstanding people are the ones who bring hard work, constant improvement and greatness to whatever they do. The world needs people who are outstanding and set the highest goals possible for themselves.

Everyone can be outstanding with the right standards. If you say you cannot be outstanding, you are slapping the face of your creator. There is nothing on this earth that does not have a purpose. You are in control over what happens to you and can control it by the standards you set for yourself. Life has meaning when you give it your all.

The secret lies in the standards you set for yourself and the decisions you make. What standards are you going to choose for your life?

David did continue our conversation to say what was my opinion of the current Furlough schemes and redundancies and what happens to a business that loses outstanding and good people.

As you can imagine this was quite a debate which I have written articles for several of the nationals through COVID19, I think we were both pleased that it was shared over a few glasses of wine.

It is true, some employees are more talented than others. That’s a fact of organisational life that few executives and HR managers would dispute.

The more debatable point is how to treat the people who appear to have the highest potential.

Opponents of special treatment argue that all employees are talented in some way and, therefore, all should receive equal opportunities for growth.

Devoting a disproportionate amount of energy and resources to a select few, their thinking goes, might cause you to overlook the potential contributions of the many.

But the disagreement doesn’t stop there. Some executives say that a company’s list of high potentials and the process for creating it should be a closely guarded secret. After all, why dampen motivation among the roughly 95% of employees who aren’t on the list?

Shocking research was released recently by The Gallup Group, indicating that 87% of the workforce is either not engaged (read: they are there physically but not mentally or emotionally), or totally disengaged (they actually undermine the success of an organization.)

This is the highest rate of disengagement ever measured and is in spite of the fact that over 85% of organisations have an employee recognition program (which obviously isn’t working).

Companies spend more than $100 billion every year trying to improve employee engagement in the workplace. Despite their efforts, employee engagement numbers remain under 35 percent. It’s vital for employers to understand the role employee disengagement plays in overall business success.

Let’s have a look at ten shocking facts on employee disengagement.

1. Less than three out of ten employers have an engagement strategy in place
According to a recent study by achiever.com, only 25 percent of employers have an established engagement strategy in place. As with most business processes, engagement won’t just happen overnight. It requires a comprehensive strategy that defines your company goals and develops techniques for fostering engagement throughout the workplace.

2. Only 30 percent of employees feel encouraged to grow with the company
Career growth and development is significant to today’s employees, especially millennials and Gen Z workers. In fact, the opportunity for career advancement is one of the top reasons people seek new job opportunities. Despite this fact, the latest Gallup’s State of the American Workforce shows that only three in ten employees feel that their employers are concerned about their development within the company.

3. 75 percent of employees quit because of their boss – not the company
According to a recent study, employee disengagement starts with the manager, not the company itself. This report revealed that 75 percent of workers state that they left a job because of their supervisor or manager and not necessarily the company. This statistic should be a wake-up call to companies across the globe. Employee engagement strategies must start at the top and work its way down. Only when these strategies attempt to boost engagement at all levels within the company can employers hope to deal with employee disengagement effectively.

4. Companies with higher engagement levels obtain 21 percent higher profits
Study after study shows a clear link between employee engagement and company profits. In fact, according to a study released by Forbes, companies with higher levels of employee engagement see a 21 percent increase in profits or more. This statistic alone should be enough to grab any business leader’s attention.

5. Only 11 percent of workers receive weekly recognition
There is a direct correlation between disengagement in the workplace and lack of recognition. Like everyone else, your employees want recognition for their hard work. Without consistent recognition, employee disengagement can skyrocket within your workplace. This level of disengagement can tempt even your best employees to leave. In fact, according to our recent study, nearly one in five employees stated their main reason for considering a new job was because they’re not being recognized.

6. Employee disengagement costs companies more than $450 billion a year
According to a Harvard Business Review report, employee disengagement costs employers anywhere from $450 billion to $550 billion every year. This amounts to an incredible amount of waste within the business sector. Many employers overlook most of these expenses because they fail to see the link between higher costs and low levels of employee engagement.

7. 21 percent of employees say that their employer never asks for feedback
Imagine trying to voice your opinion, and no one is listening. That is how many employees feel, and studies show that they might be right. In our recent report on disengagement in the workplace, more than 20 percent of respondents said that their employer was terrible at requesting feedback. In some cases, their employers never asked for feedback at all.

8. Only six out of 10 employees know what their job expectations are
It can be nearly impossible for employees to remain engaged in the workplace without having a clear understanding of their specific job expectations, as well as the company’s goals and missions. This fact may seem like an obvious point, but it might be just so obvious that many employers are overlooking it. According to Gallup’s report, only 60 percent of employees claim to know what their expectations are at work.

9. Higher employee engagement leads to fewer safety issues
Most employers don’t relate employee engagement with workplace safety, but maybe they should. A study of the healthcare industry showed that providers with high engagement levels have 70 percent lower safety incidents than companies with lower levels of employee engagement. This improvement in workplace safety can be attributed to enhanced employee feedback processes, comprehensive employee recognition programs, and more precise job expectations – all of which improve engagement rates.

10. Lack of inclusiveness can cause disengagement
There is good reason why 69 percent of executives surveyed by Deloitte cited diversity and inclusion as a top priority. Deloitte’s stats show that 39 percent of employees would leave their current company for one that had a more inclusive culture, and over half (53 percent) of millennials would do so.

A diverse workplace environment brings fresh perspective and it’s important to embrace diversity and inclusion in the workplace. Understand what truly engages and motivates your employees by collecting honest feedback.

We’re all familiar with the damage that can be caused by personality clashes in the workplace, but how can leaders ensure a harmonious balance between their organisation and its employees?

“Organisational culture is the sum of values and rituals which serve as ‘glue’ to integrate members of the organisation”

Building a culture of engagement, in which employees are seen (and see themselves) as stakeholders, will promote organisational harmony as well as creating additional financial benefits. A Gallup study found that companies with strong employee engagement saw higher productivity and were 22% more profitable than those with poor employee engagement. Unsurprisingly, employee retention was also significantly higher in these businesses.

“Trust is one important key to building a culture of high performance, whereby speed will go up and costs will go down.”

This statement by Stephen M. R. Covey (son of Dr Stephen R. Covey) in his book, ‘The Speed of Trust’, captures the essence of why trust (or lack thereof) is at the heart of every organisation’s culture. I refer to trust as the glue and the lubricant of culture. Trust is glue because it binds people together and converts routine work interactions into effective teamwork. Trust is also a lubricant because when it is present, as Covey suggests, things move faster with less expense. Let’s test this concept of the glue and the lubricant functions of trust.

Imagine for just a moment what your work culture would be like if there was absolutely no trust or mistrust between you and the people in your workgroup:

What if you couldn’t count on them to come to work on time or stay at their work when they were needed?

What if you feared anything you said might be reported to the media or to your competitors?

What would the day be like if you couldn’t trust anyone to do even the simplest task without making a mistake?

And what if the people in your group had absolutely no trust in you?

Stephen Covey taught a very simple but powerful metaphor of trust: the emotional bank account. This metaphor works on the same principle as a financial bank account – one can make deposits that build trust with others, and one can take withdrawals that diminish trust. You might consider the current state of your emotional bank account with important relationships.

It’s not all bad news. Boards are beginning to recognise and discuss the importance of building and maintaining a strong corporate culture, as recommended by the FRC’s report on culture and the role of boards.

But while the board itself may have a strong ethical culture, the challenge is to ensure that this “tone at the top”. and most people follow their lead. They have a duty to project and uphold the company ethos, vision and behaviours.

As the famous Tony Robbins once said:

‘Any time you sincerely want to make a change, the first thing you must do is to raise your standards. Stay committed to your decisions, but stay flexible in your approach.’

The Digital Boardroom is Not Always the Right Answer

Much has been written about the impact of the pandemic on our daily lives. Locked down in our homes, consumption of technology for business and leisure has reached unprecedented levels.

Many commentators have explored how this will play out post-lockdown; reduced international travel, sustained high levels of video calls and softening demand for office space are just some examples.

For technology businesses and investors, it is not what is happening in our homes that is most interesting, but the conversations happening in (virtual) boardrooms. The pandemic and resulting lockdown precipitated the biggest business continuity test imaginable. And it has not gone well. The failings of large organisations to address their technical debt have been thoroughly exposed.

“Keeping everyone involved when you don’t have those corridor conversations and that office osmosis brings a different kind of challenge,” says Andy Barratt – Managing Director, Ford of Britain and Henry Ford & Son (Cork) Ltd.

Tough times often call for tough measures. In the current environment, directors are likely to be ‘meeting’ more often than usual to discuss, take and implement significant decisions around their business’s response to the COVID-19 crisis.

But with limitations on social contact and gatherings, most boards are being forced to hold these important meetings virtually.

It is important (perhaps now more than ever given the scrutiny that decisions made during this crisis may face) that directors are careful to exercise their decision-making powers in line with the company’s constitution, and also, from a practical perspective, that the virtual meetings themselves are well structured and delivered.

In general, the larger the company, the worse they have fared. Short term focus on maintaining the share price, incentives that reward maintaining the status quo and support an “if it ain’t broke, don’t fix it” mentality, and the inertia that plagues large organisations, have left companies ill-prepared.

The ongoing wave of business disruption that is being led by many technology innovations and their resulting consequences is crashing at our shores.

Boards are concerned, and rightly so, about addressing these issues before their revenue streams, brands, share values and bottom lines are negatively affected.

Moreover, outside stakeholders from activist investors to regulators are starting to demand action and improvement in how companies manage digital risk. Whether leaders fix these deficiencies themselves or are forced to, change is widespread and unavoidable.

NTT Security’s Global Threat Intelligence Report identified a 350% increase in ransomware and called out spyware as the leading malware attack tactic, indicating that hackers are in it for the long haul — waiting for the chance that they know will come.

Boards also need to play the long game and this starts with understanding and governing technology fuelled disruption. Addressing this challenge boils down to improving boardroom digital diversity.

Corporate directors across industries can do this by introducing digital competencies into their boardroom and by actively developing the digital IQ of all of their board members.

Speed is everything in today’s tech-driven business world. In an effort to speed up even more, some so-called progressive business leaders are cancelling in-person meetings in favour of the latest high-tech solutions.

Face-to-face meetings allow for clearer communication. In addition to being able to read facial expressions, body language, and inflexion, in-person meetings often end up being more positive and considered more credible than online or virtual conversations.

Without non-verbal cues, you also run the risk of misinterpreting information. In fact, 60% of people regularly misread tone or message when communicating via email or phone, according to Entrepreneur.

Not only do in-person meetings tend to be more positive, but they also tend to be more productive. On average, an in-person meeting generates about 13.36 ideas versus a virtual meeting, which generates 10.43.

And although virtual meetings are sometimes more convenient, nearly 70% of people admit to browsing social media to pass the time during audio-only conference calls.

Even though there can be a prioritisation of speed over face time grossly underestimates the power of human interaction and the importance of face-to-face communication. If the point of business were simply to accomplish as many tasks as possible, then yes, an email would probably do. But that’s not what real leadership is about.

If you’ve ever been on the bad side of cyber miscommunication, you’ll agree that faster isn’t always better.

Managing a successful team and, consequently, a successful business requires personal connections and trust. Business is, in large part, about building relationships. Being a successful leader requires emotional intelligence as much as it requires drive, discipline and best practices.

Despite some benefits to video conferencing, studies show there is simply no substitute for the effective experience of face-to-face communications. In fact, research from Vanessa Bohns, associate professor of organizational behavior at Cornell University, shows face-to-face interactions are 34 times more successful than emails.

CEOs know that trust and camaraderie build great teams, create loyalty, and are the basis of moving a business forward. Wealth and success depend on it. That success comes from, and is built through, face-to-face interactions and experiences and cannot be replaced in the same way with virtual experiences.

“People still feel they are at a disadvantage when they are remote,” said Rob Enderle, president and principal analyst of the technology advisory firm Enderle Group, in an article for CIO Magazine. “Side meetings, individual breakouts and even social interaction after meetings are not addressed by current video conferencing solutions.”

Technology assists us with many tasks in one way or another every single day. While technology can be an amazing and valuable tool that helps us in numerous ways, the wrong tools and apps can be incredibly frustrating. Most people think of technology as their best friend or their worst enemy. For board directors where many are at or approaching retirement, technology tends to draw more jeers than cheers.

When board directors are using the right technology, it can increase the pace of their work from a snail’s pace to that of a roadrunner. The wrong technology slows the pace of business down, exacerbates mistakes, and opens up dangerous new opportunities for risks.

Boards become vulnerable. The right board management governance software assures compliance, solves security issues, and enhances good governance principles. Boards become productive and efficient and are better able to keep pace with today’s business practices.

Essentially, the right modern governance tools set the stage for ultimate corporate success and profitability.

The Wrong Technology Creates Board Meeting Inefficiencies

The pace of corporate business is such that board directors can no longer wait for quarterly reports and updates. Corporate business happens in real-time. Without the right technology, board directors are left out of the loop and in the dark.

Board directors need the ability to stay continually connected and engaged with management and the pulse of their organizations. The wrong tools and apps can hang them up.

Routine tasks simply take too long. Manual voting processes, delayed meeting RSVPs and paper processes bog down corporate secretaries. Last-minute agenda changes can increase labour time and other costs greatly. Preparing agendas and board meeting minutes takes a lot of time to complete and get approved with manual processes.

Security Is Sorely Lacking in Boardrooms and in Board Processes

Board directors are keenly aware of the high risks of cybercrime. If it hasn’t been drilled into them enough, the media continually reminds them by reporting new instances of data breaches.

By and large, board directors find IT to be too technical and confusing for them to make good decisions about how to protect the board and the company. Cybercrime is more sophisticated than ever. Hackers are working doggedly around the clock looking for ways to penetrate multiple layers of security to make corporations vulnerable.

Nearly everyone now uses email, but once again, the media tells us that using personal and business email accounts and other electronic apps for communication lacks the necessary security to protect confidential board business. Insecure communications also pose a risk of accidentally sending disclosures to the wrong parties with no controls to prevent it.

While security is sorely lacking in the technology realm, boards that continue to use dated paper processes can’t have the assurance that their important documents are safe. Paper documents may be difficult to find if they’re stored in multiple locations, which means that it takes a long time to get the right documents or risk not being able to find them at all. What is worse is that paper is subject to natural disasters such as fire, floods and damage by vermin.

Finally, recent events, however, have identified core values that need to be revisited and enhanced.

Many businesses have, in the past, viewed face-to-face meetings as a cost center or a luxury. The residual trauma of this global experience and the absence of in-person time with one another has now reconfirmed the value of such interactions, purpose and trust.

Successful leaders know that people are their most precious resource. Now they are also realizing that those people, meeting with one another face-to-face is a critical part of business, and more important than ever before.

Regular computer systems lack the features and security to prevent employees and others from gaining access to confidential information, giving control to all the wrong people.

Tech Equipment Can Be Too Complicated to Use

While many boards need to meet more often because of the pace of the organization’s needs, the costs and scheduling can be a nightmare. The travel, food and lodging expenses of bringing on board members from various states or other countries can be quite exorbitant. It can be difficult to quickly find dates that accommodate all directors because of waiting for responses via phone and email.

Technical equipment can be complicated to set up and use. Systems may be electronically incompatible with each other. Poor audio or video quality makes for unproductive meetings. Some pieces of boardroom equipment are less secure than other pieces, setting the stage for spreading pesky viruses. If all that isn’t bad enough, cybercriminals have been known to hack into boardroom cameras, placing company business at risk.

Nokia-chairman Risto Siilasmaa shared his thoughts on why directors should open their minds and consider new ways of thinking about the future even if a company is performing exceptionally.

“When your team considers only a single plan with no alternatives, alarm bells should ring. Not preparing for alternative scenarios – even the most unlikely ones – is a guarantee of being blindsided. Thinking in alternatives is not just about identifying options to an existing situation but about constantly imagining and manufacturing alternatives. By making this mindset part of your leadership team’s culture, you automatically start to come up with a higher number and wider range of alternatives.”