The top risks for 2018 provide interesting insight into changing risk profiles across the globe. Protiviti and North Carolina State University’s Enterprise Risk Management Initiative have completed the latest survey of 728 directors and C-level executives regarding the macroeconomic, strategic, and operational risks their organizations face.
1. The rapid speed of disruptive innovations and new technologies within the industry may outpace the organization’s ability to compete or manage risk appropriately. With advancements in digital technologies and rapidly changing business models, are organizations agile enough to respond to developments that alter customer expectations and require change to their core business models? Disruption of business models by digital innovations is a given in this environment. Even when executives are aware of emerging technologies that obviously have disruptive potential, it is often difficult for them to have the vision to anticipate the nature and extent of change and the decisiveness to act on that vision. In this environment, emotional attachment to the business model can be dangerous because significant adjustments to it are inevitable.
2. Resistance to change could restrict the organization from making necessary adjustments to the business model and core operations. This risk and the risk of disruptive change present a dilemma to companies. On the one hand, there is concern about inevitable disruptive change and, on the other hand, a fear the enterprise will not be agile and resilient enough to adapt to that inevitability. This resistance could lead to failure to innovate and force reactionary responses when it’s far too late.
3. The organization may not be sufficiently prepared to manage cyber threats that could significantly disrupt core operations and damage its brand. To no one’s surprise, this risk is listed among the top five risks in each of the four size categories of organizations we examined. Both directors and CEOs rated this risk as their second highest risk concern. Technological advancement is constantly outpacing the security protections companies have in place.
4. Regulatory changes and scrutiny may heighten, noticeably affecting the manner in which organizations’ products or services will be produced or delivered. Regulatory risk, which has been one of the top two risk concerns in all prior years that we have conducted this survey, has dropped some in 2018. However, it is still a major concern for executives and directors. Sixty-six percent of our respondents rated it as a “Significant Impact” risk.
5. The organization’s culture may not sufficiently encourage timely identification and escalation of significant risk issues that could notably affect core operations and achievement of strategic objectives. This issue, coupled with concerns over resistance to change, can be lethal if it leads to the organization’s leadership losing touch with business realities. If there are emerging risks and the organization’s leaders are not aware of them, the entity has a problem.
6. Succession challenges and the ability to attract and retain top talent may limit the ability to achieve operational targets. Likely triggered by a tightening labor market, this risk is especially prevalent for entities in the consumer products and services, healthcare and life sciences, and energy and utilities industries. To thrive in the digital age, organizations need to think and act digital, requiring a different set of capabilities and strengths. This risk indicates that directors and executives believe their organizations must up their game in acquiring, developing, and retaining the right talent.
7. Privacy, identity management, and information security risks may not be addressed with sufficient resources. Given the high-profile reports of hacking and other forms of cybersecurity intrusion reported in 2017, this risk is somewhat expected. As the digital world evolves and enables individuals to connect and share information, fresh exposures to sensitive customer and personal information and identity theft also spring up.
8. Economic conditions in markets the organization currently serves may significantly restrict growth opportunities. However, the drop in this risk’s ranking from prior years suggests that respondents seem more positive about macroeconomic issues going into 2018.
9. Inability to utilize data analytics to achieve market intelligence and increase productivity and efficiency may significantly affect core operations and strategic plans. Respondent concerns are growing regarding their company’s ability to harness the power of data and advanced analytics to achieve competitive advantage, manage operations, and respond to changing customer preferences. In the digital age, knowledge wins. Advanced analytics are the key to unlocking insights that can differentiate companies in the marketplace.
10. Companies that were not “born digital” face significant operational challenges. Companies that are not steeped in digital operational culture may not be able to meet performance expectations related to quality, time to market, cost, and innovation. Competitors with superior operations—and those digital companies with low operations costs—present notable risk that is only heightened in the digital economy. Hyperscalability of digital business models and lack of entry barriers enable new competitors to emerge and scale redefined customer experiences very quickly, making it difficult for incumbents to see change coming, much less react in a timely manner to preserve customer loyalty.
The overall message of this year’s study is that the rapid pace of change in the global marketplace creates a risky operating environment for entities of all types. The board of directors may want to evaluate its risk oversight focus for the coming year in the context of the nature of the entity’s risks inherent in its operations. If their companies have not identified these issues as risks, directors should consider their relevance and ask why not.
Directors and executives could be forgiven for feeling like digital transformation has materialized out of thin air to attack their business models and markets. For most sectors, “digital” has historically been confined to tactical efforts across websites, mobility, social media, and e-commerce. Digital efforts were important to marketing execution but certainly did not inform overall business model strategy, much less determine which companies won, lost, or failed to survive. And while everyone is familiar with the global Internet giants that have emerged over the past two decades to dominate markets and stock indices, until recently digital disruption had not yet penetrated beyond the traditional realms of media, content, and e-commerce.
The massive competitive challenges witnessed in these early domains have now arrived in every other sector. Billboards lining airport corridors proclaim the urgency for companies to digitally transform. Corporations are funding incubators, venture funds, and innovation programs, and are facing the task of shaping the future of work. Many consulting firms and agencies make claims to broader digital transformation expertise, regardless of their historic core capabilities.
It is easy for leaders to get lost amidst the clamor. What follows is an account of the past, present, and the possible future of digital business risks and strategy that could help your board discuss digital business model risk and winning strategies.
Tracing the Origins
Along with my co-author, I presented the foundations of digital transformation and the strategic and financial performance considerations in a previous article. To begin to grasp how digital transformation impacts value creation, and to build on the concepts outlined below, I suggest starting there. The basic competitive dynamics across all past and emerging digitization phases reinforce the business model risk that directors and executives should understand as digital disruption changes their sectors.
The graphic below describes the primary phases of digitization over the past two decades and the emerging waves.
Click the graph to enlarge in a new window.
A pattern emerges across the phases. First, a primary enabling technology emerges, targeting specific product and service domains within a selection of target sectors. As these products and services are digitized, leading companies within these target sectors bring to market entirely new business models based on the primary enabling technology of the phase. These companies bring new value propositions to market and rewrite the rules of competition in the sector. For example, Google reinvented advertising, Amazon.com reinvented retail, Uber and other ride-sharing companies are reinventing transportation, and Social Finance (SoFi) is reinventing loans. Existing companies in these target sectors that fail to evolve their business models lose market share or cease to exist, while new, dominant-phase leaders emerge.
This dynamic has been consistent across the first three digitization phases, resulting in massive disruption across the target sectors as well as a recalibration of the world’s most valuable companies list—despite the relatively small number of target sectors initially involved. Currently, the dominant digitization phase is driven by Internet of Things (IoT) and smart products technologies, with implications for all machines, all physical products and the companies that design, manufacture, sell, and operate them.
Artificial intelligence (AI) and machine learning technologies are also in broad, albeit early, deployment with implications for every sector of the economy, including forming the foundational elements of continued robotics and digitized biology and chemistry.
This is an admittedly simplified picture. Primary enabling technologies do not evolve in isolation from earlier phases, and the phases themselves do not end. For example, more and more content continues to be digitized (from newspapers to videos to augmented or virtual reality), while the scope of digital services continues to expand (from basic e-commerce to mobile payments to blockchains) and AI is reinventing all previous primary enabling technologies. Furthermore, leadership in one stage of digitization does not guarantee continued leadership as the cycle continues. Yahoo! was among the major winners of the original content digitization phase but failed to evolve, while Google, which emerged during the same phase, has consistently grown in line with emerging technologies. Meanwhile, General Electric Co. and General Motors Co. are bucking the trend of established companies falling to digital upstarts to assume leadership in the industrial IoT and automotive markets.
While it is helpful to understand the enabling digital technologies, it is primarily beneficial for directors at companies of all types to seek to understand the implications of these technologies on the products, industries, and business models of their companies, and ensure that their CEOs have a sound strategy to address these considerations.
Every sector is now in the crosshairs of digitization. Many business leaders not operating in the initial target industries, however, have never been trained on how to think about digital transformation strategically. So long as a company was not in a target sector of digitization, it was sufficient to deploy point solutions related to the primary enabling technology of each phase, such as websites, mobile applications, e-commerce offerings, and a social media presence—and, indeed, it has always been important for companies to keep up with these tactics. Directors and the C-suite should understand, however, that this approach is not sufficient when it is their own sectors that are the primary focus of digitization.
Ryan McManus is senior vice president of partnerships and corporate development for EVRYTHNG, the IoT Smart Products platform company and serves on the board of Nortech Systems, the advisory board of Carlabs AI, and two advisory boards with the Aspen Institute. He is the founder of Accenture’s Digital Business Strategy and Transformation practice, has served an advisor to Fortune 100 companies, and is the author of numerous articles on digital transformation and corporate strategy. Ryan earned his MBA from the University of Chicago Booth School of Business.
Want to hear more from Ryan? Attend his session at the 2017 Global Board Leaders’ Summit. Learn more and register here.
The rapid pace of technological advancements is causing tectonic shifts in the business risk landscape. Social media and artificial intelligence (AI) in particular are causing directors to reconsider how they think and talk about risk. Consequently, these topics were the focus of the first part of a roundtable discussion on the next generation of risk hosted by EisnerAmper LLP and the National Association of Corporate Directors (NACD) in New York last week.
There is an abundance of examples of companies that sustained severe reputational damage after being caught in the center of a social media storm. Most recently, credit reporting company Equifax made headlines after the company disclosed that it was the subject of a major data breach that compromised the information of roughly half of the U.S. population. The company’s offering of free credit monitoring to affected customers only made matters worse: several print and digital news outlets, including The New York Times, analyzed the terms of the offer, which suggested that by signing up for the service, a person relinquished his or her right to take legal action against Equifax. While the company later changed the legal language in another effort to assuage public concern, reestablishing its trustworthiness may be more of an uphill battle.
“Some of these things would have always been in the news, but the amount of time and the quickness with which news reaches an audience is unbelievable,” EisnerAmper Audit Partner Steven Kreit observed. “Boards need to make sure there’s a social media strategy throughout the company. Boards need to ask management what it has planned for and make sure they can react to those issues as they come up. It’s also important to have policies around social media. What is the CEO allowed to say? Are they allowed to have personal accounts and use that to disseminate company information?”
When attendees were asked if they knew their company’s social media policy backwards and forwards, few indicated that they did—but there was some debate as to how necessary this is. “I don’t think it’s appropriate for a board member to know the details of what the policy is,” one director opined. “What the board needs to know is that there’s a policy and that employees know what they can and cannot say about the company.”
Kreit agreed. “You don’t want to get too far into the weeds,” he said, “but a CEO may react to something in the middle of the night and that response may harm the company. And board members need to make sure the company doesn’t get hurt.”
While most of the discussion focused on preparing for the worst, one attendee observed that a company response plan that is effectively used to respond to negative feedback on social media can not only curb a damaging situation, but help to restore trust in the company.
Discussion then turned to AI. Here, some companies are ahead of the curve in applying technology that has the power to parse through massive amounts of data to make a determination about something. Take for example, IBM’s Watson, the supercomputer that famously competed on the game show Jeopardy!, facial recognition software and self-driving cars. Here, the risk is that AI is advancing so rapidly as a disruptor across nearly every industry. If a company isn’t paying attention now, the competition will leave it in the dust later. But AI is a broad subject area and identifying the elements that are most relevant to a board agenda—namely the risks—can initially seem daunting.
“These are conversations I rarely hear discussed around the boardroom table,” Kreit remarked. “And these are risks that keep changing.”
“An interesting exercise is to look at risk factors in public disclosures,” one attendee said. “We look at competitors and it’s easy to see what risks they are identifying in the same industry.”
“In the conversations I’ve had, it isn’t so much about whether the machine will do its own thing and crush humans as much as asking what fundamental technology are we not using to help us be more competitive and customer-focused,” one attendee offered. “The other thing is, technologists sometimes rely too much on technology. At some point, a human being has to put subjectivity in the mix to make sure the automated methodology you employed doesn’t come back and bite you. This conversation comes through the CISO [chief information security officer] on my board as well as the CTO [chief technology officer] together.” Another director remarked that these discussions take place on the audit committee level.
“It’s important to not think about technology and risk without it being an integral part of the strategy discussion,” another director piped in. “If it isn’t, I think it becomes an academic conversation and you’re walking ahead with one eye open and one eye closed.”
To this end, and in closing this portion of the roundtable, another attendee remarked on how board composition it critical in positioning the board to oversee this issue in the years ahead. “If you don’t have enough forward-looking people with experience from other industries, you’re doomed. Look at who you’re working with and have some sense of what you are [as an organization], what you want to be, and how you’re going to get there.”
Next week, the NACD Board Leaders’ Blog will feature roundtable discussion highlights that explore geopolitical and regulatory risks.