WEF 2017 - the future of the digital economy is more security spend
- Summary:
- Security, security, security - the pain point of the digital economy isn't going anywhere according to a panel session at the World Economic Forum in Davos.
Billed as a discussion on the future of the digital economy, a panel session at the World Economic Forum turned rapidly into a set of dire warnings about cyber-security.
That might be read as pragmatism or as paranoia, depending on your point of view, but the one thing all panelists agreed upon was the importance of trust in what SAP CEO Bill McDermott called:
a consumer-to-business economy.The consumer is in charge of everything. Whether they are shopping for a product or they are a patient in healthcare, they expect precision personal service. They want what they want in the form that they want it in. Trust is what the bond means with that consumer. There is an implicit expectation that if I do business with you, I can trust you.
That means returning to the mantra of ‘the single view of the customer’, which now involves understanding multiple channels:
[Customers] want you to know exactly who they are on all those channels. Once I have the single view of the customer, that means the Big Data challenge has to be coalesced, no matter what channel I’m dealing with you, including social…More and more I believe that inter-enterprise computing and the secure nature of those transactions is going to be an expectation on the part of the ultimate consumer. The reality is that when you’re brand-led company, you won’t last very long if your consumers aren’t secure.
For a company like SAP, that means revisiting concepts of security. McDermott declared:
Security is the system. The core business has to be a secure system. The way security has changed for us is that it’s not just that we have to make the most secure system, we have to be very concerned with the customer and how they’re securing their systems for their customers.
McDermott highlighted a new area of security concern in the form of the contingent workforce:
If you think about the fastest growing labor market in the world today, it’s temporary workers - 45% growth in temporary workers around the globe, not just a US thing. How, in a world where you’re in a talent war, do you attract and retain the best people. And how do you bring them in with a surge when you’re on a project, yet make sure those people are who you think they are and that you can account for them?
If you ask most CEOs today how many employees they have, they generally undershoot it by about 20% because there is this shadow workforce which they have no handle on whatsoever. How can you have a business network that is secure, that gets the customers the best people but also secures those people so that you know who they are and exactly what they’re all about.
The wider world
With the drive to connect everything and everyone, it’s also essential now to look beyond the corporate firewall and out into the ecosystem of suppliers and customers. This is something that is as true in B2B as it is in B2C, said Steve Bolze, CEO at GE Power, who argued that customers are increasingly trust-conscious:
Every conversation with the customer starts from, ‘How is my data going to be protected? Is is within their specific site, within their country, how’s it going to work?’. Then we get in an area where they want to share their data on a pilot basis. We’ll work with an airline, we’ll work with a power company. Nobody is saying, “Because of the risk, I’m not going!’. They are going on this digital transformation, but they have to be clear how they do that.
Once you get past the idea that the data is secure, [the question is] are you looking at all of the data? The amount of data that’s coming in is astronomically growing. The foundation needs to be secure. There’s an expectation that it is, but I think more and more people understand that there are going to be some issues. It’s trust. When issues come about, you have to be very, very transparent.
Bolze described digital transformation within his company as the single biggest thing right now and predicted that this would be the case for another 20 years. All of this has meant investing in its own security enhancements and capabilities to cover off not only current threats, but potential ones that cannot presently be predicted:
Our security budget is at least 3x what it used to be two or three years ago. Some of that is just security. The threat is higher. If you go through a digital transformation, this is hard, it takes many years. We’ve been at it five years. This is not for the faint-of-heart. We’ve put in a billion dollars a year for five years. Our chairman says many times, ‘We’re at step ten of a hundred and we don’t necessarily know what step fifteen or twenty are’. You will mess a few things up as you go, but you have to go on.
With that in mind, and assuming that no business can ever be 100% secure, it’s vital that organizations cover themselves against new and changing threats, advised Inge Beale, CEO at insurance giant Lloyd’s.
She argued that there are two types of firms in the world when it comes to cyber-security:
There are those firms who know they’ve been hacked and attacked and those who have been hacked and attacked. It is getting on the boardroom agendas, but some of the survey work we’ve done recently, particularly in Europe, is showing a certain amount of complacency still. Perhaps the CIO or the CDO doesn’t want to be seen to be doing a bad job so they’re saying, ‘We’ve got everything under control’. They’re defending their role and their job. But it is really up to the Board to keep pushing on this. No business can say that they are safe on this.
That’s presumably why the cost of insurance has risen. Beale said:
The amount of money people have spent on cyber-insurance has tripled over the past five years. It’s anticipated that that will triple again in the next five years. It’s costing a lot.
What’s needed is a new mindset around security where it becomes part of the corporate DNA, she added:
We don’t track how much we’re spending on security because it’s being built into every single thing. Think about your business continuity planning. You’re doing your disaster scenarios. We used to do ‘What if the River Thames flooded the building?’. Now we spend our time and effort doing, ‘What if we get hacked?’. It is difficult to assess how much we spend on security because it is just the way that we do business these days.
The question of perception is also an important one, noted Beale. Security and the threat of compromised data is not a new issue, but it’s one that’s become more prominent for a particular reason:
Our industry, insurance, has traditionally been very paper-based, but [with] stacks and stacks of data. But people didn’t really think of it as sharing data. It’s only now since we’ve started to digitalise our processes, when the data can suddenly be shared more easily, that people are getting more worried about it. Years ago nobody worried about putting down all this data and sharing it with others. It was all pieces of data, but they were on pieces of paper. It’s interesting just what the concept is of what is data these days. Everything is in some way. It’s digitalisation [of data] and the ease of spreading it that causes concern.
My take
An interesting set of views, if hardly the Future of the Digital Economy topic that was billed. There were some platitudes - the biggest security threat comes from human beings etc etc - that have been trotted out for years. But the big takeaway was the border between security and trust. The former keeps the CEO out of jail, but all the security tech in the world doesn’t help organisation thrive if there’s no trust with its customers.