Technology and its associated risks and opportunities will continue to dominate the business landscape in 2017 and beyond, writes Domini Stuart.
A few months ago, a group of Pittsburgh Uber users made history by riding in a self-driving car. This was a research exercise, but by 2021, Uberâs human drivers could all be out of a job. This is the Exponential Age, where a company that famously disrupted the taxi industry just a few years ago is already disrupting its own business model.
Paul Fiumara, partner at accountancy firm DFK Hirn Newey, says he would rather call this process a transformation. ââDisruptionâ sounds as though itâs something to put up with until normal service is resumed, like an interruption to a television program,â he says. âThe changes brought about by advances in digital technologies are permanent and profound. They reflect a redistribution of power from institutions and businesses to citizens and consumers, and also from larger, slower-moving corporations to smaller, more agile businesses that can innovate quickly with lower capital investment. The old saying that if you do what youâve always done, youâll get what youâve always got, no longer applies. In my view, if you do what youâve always done, youâll soon be out of business.â
Companies in every industry are also being overtaken by new entrants into the market. âDirectors canât put their heads in the sand and think it wonât happen to them,â says Dr Monique Beedles FAICD, principal strategy advisor at consultancy firm, Teak Yew, and author of Asset Management for Directors, published in 2016 by the Australian Institute of Company Directors (AICD). âWhile itâs important to think about how we can protect ourselves, a strategic approach also means looking at opportunities. The best ways to take advantage of the latest technologies, or technologies in the pipeline, in order to create a competitive advantage, should be on every boardâs agenda.â
Itâs up to the board to ensure that their organisation has an effective innovation strategy in place and the technology to support it.
âYou canât respond to digital disruption if you donât have agile and flexible IT. I see this as being a material challenge for many boards in 2017,â says Dr Greg Spencer MAICD, senior partner at Beyond Technology Consulting. âAs digital disruption shifts up a gear, companies have to get on the front foot and start addressing any institutionalised IT problems.â
Some companies hope to fast track a technology upgrade by acquiring a digital upstart. âThis can work, but unless you do thorough IT due diligence at the start, you could find that the integration process is very costly,â says Spencer.
âThere can also be massive issues buried just beneath the surface. We have been called in a few times after the event and found things like business systems built around unlicensed software or licences that are non-transferable. If the start-up has been cutting corners, a $100 million acquisition could end up costing you $200 million to fix.â Mobile technology takes priority
The first full touchscreen smartphones were launched barely 10 years ago, yet they have revolutionised the way we live, shop and communicate. According to the 2016 Deloitte Global Mobile Consumer Survey, Australians interact with a smart phone 480 million times a day â a 9 per cent increase on the previous year.
âMobility will continue to be the number one technology enabler over the next 10 years,â says Colin Panagakis GAICD, director, Asia Pacific at BoardPad. âIt needs to be a priority â boards should all be pushing management to adopt the best mobile technology for their clients and employees, and to work out how they can best utilise mobile technology to grow their business.â
For many people, a screen is their primary source of information. âWe expect to be able to engage digitally,â says Alison Cairns, partner, IT Advisory at EY. âAs consumers and customers, we have become accustomed to having information and services quite literally at our fingertips.â
Much of this information is gleaned from social media. âThis is having a significant effect on the success or failure of many organisations,â says Fiumara. âThe market is evolving and directors should remember that consumers often pay closer attention to what other consumers have to say, than to expert opinion or marketing.â
New ways of thinking
Governance in the digital age demands a new way of thinking. âThereâs still a very prevalent mechanistic and hierarchical assumption about how a company should look,â says Beedles.
âBut the companies that are being disruptive donât make the assumption that they must use the same organisational structures and business models that have been in place for 200 years. Boards should put aside their preconceptions when theyâre thinking about how they can achieve their aims. Their approach must be customer-centric â asking themselves âwhat do our customers want and how can we deliver it?â not, âhow can we find people who will buy whatever we build or make or sell?â This level of creativity requires input from a diverse group of directors.â
Boards must also be equipped to take a strategic approach to investing in technology. âAs with any other investment, you should have a robust business case and a strategic rationale,â says Beedles. âBut sometimes thereâs a sense of fait accompli â that we must spend a lot of money on the latest technology without being sure of how it will add value to the business.â
Many boards are appointing directors with some knowledge of technology. âThey will often tip upside down conservative thought processes that have been successful in the past but are unlikely to remain so in the future,â says Panagakis.
In order to make sound decisions, all directors must be able to understand the information that is provided for them â but that doesnât mean they must learn how to code. âDirectors need to be able to recognise good IT governance, apply the same standards they would to any other board decision and be prepared to bring in expert advice whenever itâs needed,â says Spencer.
âBut I think things like coding boot camps can do more harm than good. In IT, stale knowledge is very dangerous and if youâre not in the industry, anything you learn is pretty much out of date as soon as youâve learned it.â
Continuing threats
Cloud computing is now integral to the way the majority of businesses operate, and while most directors are now aware of the associated risks, they canât afford to take their eyes off the ball.
âBoards should be asking how security, data privacy and data sovereignty will continue to be assessed over time as more and more workloads are moved to cloud,â says Cairns. âOf course, security, compliance and governance need to be robust but these areas are, at times, overlooked or may need to be refreshed as an organisation moves to the digitally-enabled platforms they need for digital transformation.â
Boards also need to be realistic about the possible impact of a security breach. âJames Spaltro, former executive director of information security at Sony Pictures Entertainment, famously said that he would not invest $10 million to avoid a possible $1 million loss,â says Beedles.
âItâs a valid business decision to accept the risk, but when the 2014 cyber-attack brought the company to a standstill, the direct costs were over $100 million. This doesnât include the reputational cost to the organisation and its directors, or the flow-on impacts to individual staff and customers whose personal information, such as their social security number, had been released.â
Predicting the outcome is a difficult exercise as it relies on a lot of unknowns and unknowables. âWhat is important is that the board treats its valuable intangible assets in the same way as it treats its valuable physical assets,â says Beedles.
Unnecessary risk
As cyber criminals become more sophisticated and organised, the scale of their attacks is increasing.
âThe latest super hacks and massive data breaches could put a company out of business and in some cases, company directors might find themselves personally liable,â says Shara Evans, a technology futurist, keynote speaker and chief executive officer of Market Clarity, a technology analyst firm.
âYet companies are continuing to store information in a way that makes the consequences of a deliberate, or even an accidental breach, much more significant than they need to be. For example, itâs not a good idea to store everything related to one person in a single data base.â
As well as monitoring internal procedures, such as who has access to data and what kinds of approvals are required before information can be disclosed, directors should bear in mind that an attack may not be direct.
âThe criminals who attacked Target in 2014 were able to access millions of their customersâ private data and credit card information via a heating, ventilation and air conditioning maintenance supplier,â says Evans.
One simple precaution is to ensure that the company isnât routinely collecting data it doesnât need. âLast week I wanted to do a software trial with a very well-known vendor and one of the pieces of information they required for registration was my birthday,â says Evans.
âI deal with cybersecurity on a regular basis and I know a lot about identity fraud, so Iâm very cognisant of the information organisations are collecting about me and how it could be abused. In cases where they donât need to know my birthday I use a fake one.â
In general, the less information you collect and store the lower your risk. âEven if itâs important for your business to classify the age demographics of your client base, you donât need specific dates,â says Evans. âItâs safer to ask them what age range they fall into.â
Directors should also be careful with their own personal information. âOne of the issues with mobile technology is its ability to collect metadata such as where you are, where you go and what you buy,â says Panagakis. âNot many people read the fine print when they download an app so they probably donât realise that many of them, particularly free ones, collect information which is then extracted and stored for marketing or other purposes. For directors, this could pose a significant threat to corporate governance â and the risks will continue to increase.â
Complex decisions
Many directors will soon find themselves confronting issues that sounded like science fiction at the start of their career. For example, their company vehicles could be self-driving in less than a decade.
âBoards should give some thought now to the implications, particularly in terms of liability,â says Evans. âFor instance, who would be at fault in an accident involving a car that was in autonomous mode? The employee sitting in the car, but not driving? The company that owns the car? The manufacturer? The software programmer? And what if someone hacks into the infrastructure systems that interact with driverless vehicles such as stops signs, speed limit signs and traffic lights? These will soon be very real issues that need to be resolved.â
Evans suggests that next year all boards should ensure they have access to a technologist who can alert them to emerging technologies and how they could be used both for and against the company.
âHaving that over-the-horizon foresight will allow directors to navigate their company into the future they want, rather than having the future just happen to them.â
10 top tips for 2017
- Every organisation needs an innovation strategy and IT systems that are agile and flexible enough to support it.
- Mobile technology should be a priority.
- Companies no longer need to be limited by the organisational structures and business models that have been in place for 200 years.
- Creativity that goes beyond traditional strategy requires diversity of thinking.
- Failing to seek out opportunities that lie in new and emerging technologies is as big a risk as failing to protect an organisation against cyber-crime.
- Successful organisations are customer centric.
- Social media can have a significant impact on the success of and organisation; customers tend to trust the opinions of other customers.
- The data you collect and store is a valuable corporate asset.
- Internal security procedures must be regularly reviewed and updated.
- Cyber criminals can hack into your data via a third party with access to your systems.
Already a member?
Login to view this content