By Imran Gulamhuseinwala, Partner, Ernst & Young LLP

Disruptive technologies such as blockchain are evolving rapidly. The blockchain was initially created as the pragmatic solution to the inherent problems of anonymity and double spend in the distributed Bitcoin ecosystem. Nowadays, these distributed ledger systems cover the entire value chain from customer wallets and client-driven applications to transaction and money exchanges.

So, what exactly is blockchain? Unlike a traditional database where data entries are changed directly, the blockchain acts as a transaction history where new transactions are added to prior records without erasing any past transactions. With the appropriate encryption rights, anyone can access the ledger and verify past transactions with confidence which negates the need to trust the participants in the original transaction. In addition, the blockchain is “distributed”, which means there is only one version of it, albeit multiple copies are accessible in real time.

In short, the advantages of blockchain are:

• Access to a golden source of transactions providing a basis for non-repudiation, governance, fraud prevention, financial data and reporting.
• Accurate and timely notification of changes driving improvements in aggregated risk and capital opportunities, as well as big data strategies.
• Ability to integrate an ecosystem of third parties to reduce the costs of their global platforms, improve customer and market reach and develop new propositions.

For example, imagine an insurance policy between two parties where the transaction (or collection of identities, confidential data and contract) is entered into the blockchain ledger. When a future payment is made, contract amended or claim submitted, the integrity of that transaction can be verified independently from the transaction participants, because every party has a copy of the shared ledger. In the case of complex multi-party reinsurance contracts (where data is aggregated, reused and risks passed from participant to participant in a complex negotiation), there is only a single “view” of the source risk data.

A world of opportunities

Insurance in today’s society is based on a chain of trust between clients and insurers. This bond of trust is founded upon an intangible “promise to pay,” and a unique combination of expertise, service quality, capital and security. However, a “trustless” system that reduces the need for identity management, ownership and management of data can provide long-term strategic benefits to insurers and customers, such as:

1. Fraud detection and risk prevention: Blockchains can help eliminate error, negligence and fraud by providing a decentralized digital repository to independently authenticate customers, policies and claims. This displaces the roles of third parties, prevents duplication and provides a verifiable record of all transactions. Based on a blockchain’s ability to provide a ledger and encrypted personal data, insurers can reduce fraud and liability associated with immediate payments across borders and multiple currencies.
2. Innovation via disruption: There are several ways in which blockchains can help innovate the insurance business model. For example, a number of leading global insurers are developing alliances with payment business models (and Bitcoin technologies) to achieve capital efficiencies with single global ledgers and to expand their networks. Driving automation to capture risk data in facilities and contracts also offers new opportunities to build market knowledge, automate payments and attract financing risk. In addition, blockchain technology will likely power innovations in micro-insurance and micro-finance. These peer-to-peer networks for mobile payments of premiums, claims, loans and other transactions will pass from mobile phone to mobile phone in a smart contract-based cloud environment and require authentication of contracts and customers in new markets to operate distributed authenticated corporations.
3. Cyber liability: Blockchain adds a new real-time surveillance capability for security professionals enabling digital assets to be verified independently and in real time.

All that glitters is not gold

But despite all the opportunities there are at this stage, ongoing concerns around blockchain over scalability, implementation capability, practical integration with established businesses and governance structures exist. Regulators are concerned that the core infrastructure is unstable, the protection against data theft are unproven and the legal enforceability of smart contracts is untested.

In a nutshell, blockchain has the potential to transform the way the insurance industry functions, creating a level of transparency and accountability not previously possible. Insurers have to face the reality of the disruptive forces in their market and make sure they initiate the necessary steps to adapt, using this new technology to its fullest.

By Michael Yadgar, Partner, SAP Leader Americas, Advisory, Ernst & Young LLP.

According to a Constellation Research survey, digital disruption destroyed 52% of Fortune 500 companies from 2000 to 2014. They ceased to exist through bankruptcy, consolidation or acquisition. FinTech, medtech, cartech, mediatech, the internet of things (IoT) — these are only a few of the disruptive trends and technologies that have impacted companies once thought of as industry titans.

Mighty banks are competing with peer-to-peer lending. Hospitals have to contend with retail-style clinics and savvy consumer demands for personalized care. Taxis are having to make way for car sharing and cab-hailing apps. Cable companies are scrambling to adapt to on-demand streaming video before they find themselves outdated alongside video retailers. Unleashing the power of digital technology, big data and analytics, and even IoT can fundamentally transform everything from operating models to cultures to entire enterprises. This is especially true for the finance function, which finds itself needing to adopt an increasing level of agility in predicting and responding to these new competitors.

For CFOs, the key to turning the art of the possible into the science of the achievable can lie in improving the opportunities provided by the proliferation of data and technology. Armed with these tools, CFOs may be able to transform the finance function into an efficient, agile unit capable of anticipating, addressing and responding to business needs as fast as they arise. But to be successful, CFOs need their CIO colleagues to help them achieve this vision:

1. Transform the finance function: CFOs begin by transforming their own function. This includes strategically aligning the finance strategy to the business, operating cost-effectively and taking advantage of today’s technology so that they have the agility to react to both internal and external factors before or as they arise. This also means forging an alliance with the CIO and the IT function. In today’s climate, finance transformation and IT transformation go hand in hand. A true collaboration between the CFO and the CIO could create an opportunity to reduce the cost of finance and improve agility.
2. Undertake a process review: CFOs will want to undertake a thorough review of all underlying processes. Many companies have updated their technology, but haven’t improved processes to take full advantage of the new platforms. In addition, merger and acquisition activities may have created multiple complex processes that impede agility. The finance function, in particular, continues to use manual processes that are prone to human error and slow access to data that can otherwise potentially be available in nanoseconds. Let’s take the close process as an example. Traditionally, finance needs anywhere from 7 to 20 days to consolidate and close the books after month-end. However, the function can often be hampered by too many databases and too many complex closing rules. By streamlining the processes to take advantage of an ERP platform, such as SAP S/4 HANA with its in-memory technology, the finance function could potentially reduce month-end close from 20 days to 2 hours, freeing up valuable finance resources to concentrate on vital business needs. CIOs working together with their finance colleagues to assess the right technology to support this, could be instrumental in implementing these.
3. Employ big data and analytics: Many companies are sitting on a wealth of data but have no strategic idea how to use it. Collaborating with the CIO and the IT function, CFOs can help the company leverage big data and analytics capabilities along with new technology platform capabilities to help interconnect internal and external data platforms. This can combine data mining with historical internal figures to assist the business in developing more accurate planning cycles, benchmarking against competitors, identifying and proactively addressing disruptive trends, and making smarter investment decisions.
4. Innovate, innovate and innovate: If the demise of once-great companies has taught others anything, it’s that digital disruption is real and unavoidable. The question for companies is not whether they should make a move, but when. For any number of understandable reasons, companies, particularly large companies, can be very risk-averse. They many not want to be pioneers. But if they want to survive, they must innovate at least some parts of their business to remain competitive. Agile finance functions can greatly enhance their companies’ ability to innovate.

With the right technology to harness a company’s data, the right processes in place to interpret it and a consistent means to measure and report, CFOs can play a vital role in helping their companies navigate the increasingly disruptive trends shaking the foundations of today’s business environment. With the CIO’s collaboration, they will have a strong partner at their side to turn the art of the possible into the science of the achievable.

By Patrick Fink, Manager, Advisory, Ernst & Young GmbH.

Identity access management (IAM), as it is known today, refers to the management of the entire life cycle of digital identity and its controlled access to a specific information asset. Tomorrow, however, as information needs of organizations grow, and as the interaction points to access information increases, IAM will be about making the right information assets accessible to the right stakeholders.

Many companies still struggle to identify clearly which users should have access to which information assets. Overcoming this complexity effectively to help drive cost advantages and to realize added value for the business is important. Managing complexity requires a holistic IAM that integrates business and IT, and is adapted to an organization’s risk appetite and security needs. For this reason, the future of IAM will, more than ever, be an important component of risk management and the internal control system, but it will also increasingly make use of new technology developments such as the Internet of Things (IoT) and big data.

Choosing the right IAM approach

Currently, many organizations are still following the “need-to-know” principle as it is frequently required by law – this allows access to data or functions that users require for their daily business, without an explicit focus on the company’s key risks. In the future, however, a risk-based approach that concentrates on critical and sensitive IT systems and data will need to overtake the need-to-know approach. As a consequence, access to data or functions that are not considered critical can be combined; authorization structures can be simplified and complexity can be reduced.

This risk-based approach can also play an essential role in helping to manage complexity in the future, especially when the evolution of the IoT creates millions of new identities and vast amounts of data that need to be managed from a risk perspective. CIOs are well-placed to work with companies’ risk management and security teams on an IAM approach that is future proof, takes advantage of new technologies and offers the best possible security for the organization.

Four steps to consider when upgrading your IAM

Choosing the right access model: There are two primary models, “role-based access control (RBAC)” and “attribute access control (ABAC).” In RBAC, roles are defined and sets of authorizations for data and functions are assigned to them. One or more roles are then assigned to individual users to grant them specific accesses. ABAC is a newer model and relies on user attributes for access decisions. ABAC policies are rules that evaluate access on the basis of sets of attributes, such as the user’s location. This model typically requires less maintenance and overhead, but is complex in design and implementation. A combination of approaches is likely to be required to cover all aspects of access control in the future. To choose the right access model, organizations should clearly focus on the optimal support of an organization’s needs.

Big data enters the picture: Big data presents additional opportunities. Because it enables fast reaction times, it supports IAM’s potential future integration and handling of cloud services and smart, non-PC devices all of which require dynamic and real-time access decisions to be made based on individual risk situations and threat levels. To support this decision process, big data analysis could be used to evaluate the massive amount of security data created via IAM systems and processes. CIOs will be at the forefront of providing the right tools and methods to do so, and also to create the mechanisms to analyze and interpret the output data.

IoT follows suit: According to Gartner, by 2020, “the internet of things will redefine the concept of ‘identity management’ to include what people own, share and use.” The design of fit-for-purpose authentication, provisioning and governance solutions could bring cost advantages. However, to achieve this, organizations would need to consider shifting from the current preventative focus of IAM to a more detective focus. Otherwise, managing the complex multitude of different interfaces, devices or services that access critical and sensitive functions or data could be very taxing and costly. CIOs will consider the future IAM when choosing the IoT platform they want to deploy in their organization to design the proper security.

The shift to user-friendliness: User self-service tools these days are often complex and frustrating for employees, causing many users to leave the self-service tool and call the help desk. It will be the CIOs task to guide on the functionality of self-service tools to make sure they are increasingly user friendly, with an easy-to-use multichannel integration, primarily via smartphone. This would can help to reduce operating cost and employee frustration, and improve productivity.

Why is now the time to start thinking about IAM?

A robust IAM plan can help organizations avoid potentially very expensive ad hoc solutions. And cost advantages from IAM can be easier realized by closer process integration and automation. Using a holistic and highly automated IAM, such an integration could be accelerated and even standardized. This could also help increase business agility, enable better analysis and understanding of employee and customer behavior. This new knowledge could also help support the optimization of business processes, and help drive competitive advantage.

By Gary R. Godfrey, Principal, Advisory Services, Ernst & Young LLP.

Even in this age of e-commerce, it is the store that is the hub of retail activity: still today the majority of sales happen through retail stores, also because many consumers are ordering online and picking up their goods in a physical location.

Traditionally, elements such as service, marketing and product presentation were the differentiations and integral part of customer experience. Today, however, elements such as information and insights are part of this mix too. These days, customers’ smartphones often have more information about products in stock than the sales associate at the store has.
So, how can retailers enhance the in-store experience of their information-rich consumers? The answer could mostly be technology. Certain in-store technologies are gaining momentum:

• Near-field communication (NFC): Using NFC technology, stores can push information — including offers, product information and ratings — to the consumers’ phones when they are in the vicinity.
• Barcodes: Two-dimensional bar codes on products, when scanned, provide consumers with relevant product information. Bar codes on groceries can even provide information on where the product was grown and how. In other words, a simple bar code can provide consumers information about the overall supply chain.
• Tablets: Untethering the manager from a desktop in the back office of a store is key. Putting key management data about labor, sales, inventory, etc., in the hands of a manager on a tablet allows them to be more up-to-date on what is happening in their department or store in a more real-time fashion while still being on the floor. Salespeople can use tablets for product lookup to share information with the consumer on the floor, inventory lookup, order and ship to home and line-busting or for mobile checkout.
• Augmented reality: Digital mirrors, for example, use augmented reality to show you how different clothes and accessories look on you without you having to actually try them. Furniture retailers use this technology to show customers how a piece of furniture would look in a home – before buying.
• Virtual reality: Using interactive displays and walls, products can be displayed in an interactive fashion virtually. The virtual nature of this lets retailers promote a product anywhere and let the purchase happen at the store later.
• Smart shelves: Weight-driven sensors on smart shelves keep track of inventory, letting the store know which product is being taken off the shelf when – live. This gives retailers unprecedented insights on customer behavior and also drastically reduces the time it usually takes to replenish out-of-stock inventory.
• Digital shelf label: This is taking off as a way for retailers to update pricing more easily and dynamically. These labels can be used to present information such as product data, reviews, promotions, etc. This can also be used to support a “pick to light” capability in the store for store fulfillment of orders.
• Digital signage: Retailers are moving to digital menus, price boards and signage in the store. Lower cost to update and maintain, more accurate and updated information, more dynamic interface from a customer engagement perspective are all driving increased adoption.

Opportunities for the CIO

To enhance the retail consumers experience by employing technology, CIOs can look at the investment in technology from different angles, working closely with other business functions. They can be putting the necessary processes in place and supporting agility to try out and rapidly implement different technologies.

In-store devices can provide stores and CIOs with vast amounts of consumer metadata. Using this data to increase ROI is something the CIO, and the chief customer officer or the chief strategy officer, can be working out together.

CIOs can also assess legacy infrastructure to make it more responsive, deciding where and how to invest in emerging technologies. Rolling out a consistent experience across all stores of the retail chain can also pose challenges.

Retailers are generally open to adopting technology where there is a clear value proposition. The millennial, tech-savvy consumers are changing our ideas of what consumer expectations are. And that, in turn, is fundamentally changing the role of the store. This change in consumer preference isn’t only a challenge. If you look at it more closely, it is also an opportunity. It is an opportunity for retailers to interact with clients in ways that have only been imagined until now.

By Tim Best, Executive Director, Advisory, Ernst & Young LLP.

In spite of the digital explosion, it is often the case that the utility CIO’s budget has remained more or less the same. The CIO is often busy maintaining legacy systems, running transformation projects on billing and metering solutions and possibly doesn’t have the time nor the funds to take up digital initiatives. As a result, digital is often taken care of elsewhere in the business, e.g., the marketing team — sometimes all by themselves and sometimes with help of third parties.

What is interesting is that oftentimes these digital initiatives happen without the knowledge of the CIO. In fact, more than one-third of the spend on technology is made outside the CIO’s oversight and control.

This disconnect can expose utilities to multiple risks:

• Financial risks: Lack of coordination with IT can lead to duplicated efforts and wasted money. When IT is not part of the team running digital initiatives, vendors may be likely to charge the less-knowledgeable team a higher rate.

• Data breaches: Hackers can often target the weakest connection in your systems, and if initiatives are implemented without the CIOs knowledge they might not have the same security standard than the rest of the companies IT. This can lead to unauthorized access and use of critical customer data. In addition to reputational damage, this can also result in financial damage via fines and penalties.

• Intellectual property loss: Hacking can lead to loss of IP information that could be copied or used for all the wrong purposes.

• Share price manipulation: Hacking is also done to manipulate share prices. Hackers use the dip in share prices as a result of the news about an attack to realize gains.

• Reputational and brand inconsistency: Implementing a digital initiative that has a totally different image from the rest of the utility can lead to reputational and brand-related inconsistencies.

The best way to avoid these risks out is to get CIOs and marketing heads to work together on digital initiatives. Digital impacts every single aspect of the business, it is too big to be under a single person’s domain. Digital is everybody’s job.

Define the purpose of your digital initiatives

There are a number of steps utility companies can take to help better integrate their digital projects, especially as smart technologies gain further importance.

1. Define clear accountability: Some companies have digital officers to take ownership of digital initiatives; however, their role varies depending on the organization. A digital officer could be someone running websites and applications or they could be transformational IT leaders with the scope of becoming the next CEO. It all depends on where they are positioned and what the company wants them to do. CIOs are extending their remits from back-office IT to digital to act as a collaborative partner of this potential new leader.
2. Create new business units: Some companies have created new business units to run digital. For example, one large international utility has recently launched its Digital Transformation Unit, which will drive the digitalization of the company’s retail business across all markets and report directly to the board of management. CIOs are establishing relationships with newly created business units to ensure IT is linked to the digital evolution of the company.
3. Adopt and integrate: Albeit that there might be certain stakeholders who are more affected than others by digital disruption, the impact of digital is still felt in every single part of the business: it has implications for the business model, the customer experience, the workforce, technology, operations, risk management, cybersecurity, data privacy and so on. Cross-functional input is therefore needed. To increase the chances of success we believe that utilities must align their digital strategy and capabilities with the overall company purpose and ensure every digital project delivers a clear value, avoiding “pet projects” or technology-driven projects.
4. Innovate: A few companies are already innovating around digital to help improve customer engagement. But there is still a huge opportunity for others. For example, companies have co-created products with customers and opened up patents to spur development and to collaborate with entrepreneurs. Some have also got help from digital-savvy employees to help upskill those who are yet to catch up digitally. CIOs are becoming business enablers supporting digital innovation to help innovations yield results in terms of increased revenues whilst managing costs.

Digital presents utilities with plenty of opportunities to engage better with customers and to increase margins. But to realize that, utilities will have to get all their functions, including IT, legal, risk and cybersecurity leaders to unite around a shared vision — one that is built from the bottom up, embraced by everyone and protected by everyone. There’s no room for silo mentalities anymore.

By Thomas Bornemann, Partner, Advisory, Ernst & Young LLP.

Just recently Gary Godfrey issued a post about technologies that improve the in-store consumer experience in this blog. One of them being digital shelf technology, which has created quite a stir in the consumer products industry. Retailers have identified great potential in combining a new generation of digital label and shelving technologies with the in-hand functionality of the consumer’s smartphone to provide consumers with a seamless, digital experience.

Integrating the store into the omni-channel world in a way that delights consumers could help reignite the commercial performance of retailers and manufacturers. But how can they achieve this goal? Adopting the right technologies is a key part of the answer.

Digital shelving — why now?

Retailers in some markets have been using electronic shelf labeling (ESL) for years. But the newer generations of digital shelf technology can transform what is possible. They offer the ability to connect better electronic labeling with the functionality of the shopper’s own smartphone, and then to integrate both with the retailer’s computer systems. They can also help to bridge the gap between the online and in-store experience, to enable retailers to compete with non-store fulfillment models. The demand for digital shelving continues to gain momentum for the following reasons:

• Establishing better price points: Digital shelving is able to give both retailers and manufacturers greater visibility across their supply chains. A retailer could use live data about how its customers are behaving in front of the shelf, and to help identify and fine-tune the sales tactics that are most effective for a specific product in a specific store. By combining that increased knowledge with sophisticated analytics, they could optimize prices in the store.

• Eliminating out-of-stock (OOS) issue: Some of the pilot results indicate investment in digital shelving could even help solve the OOS problem. The prospect of eliminating OOS could potentially make the business case for digital shelf investment on its own, almost regardless of the implementation cost.

• Creating a win-win situation: Another important benefit of digital shelving is that stakeholders across the industry — both retailers and manufacturers — could potentially come out as winners alike by collaborating on trials and work together. The true measure of what’s in stock is what the consumer actually sees on the shelf, not what the inventory system says is somewhere in the store.

The next big thing to succeed

CIOs in consumer products realize that the key to successful implementation of digital shelving is none other than analytics. There are two important reasons for this.

1. Analytics needs to be an integral part of any proper pilot. If a retailer can’t capture, analyze and interpret the data from its test efforts, then it risks learning nothing of value or, worse still, going off down the wrong track, based on false evidence.
2. Retailers need to ensure the prices, promotions and whatever else they display on their shelves are informed by reliable, real-time commercial analytics for effective investment. They also need to be confident that the data they collect about what’s happening at the shelf is gathered into a system of analytics and is actually used to make the decisions that matter.

Many CIOs have identified digital shelving as the next big trend of the consumer products industry. Retailers using digital shelving technologies effectively may find they are better executing omni-channel strategies, to offer consumers a seamless online and in-store experience. That in turn, could help them to be in a stronger position to make their sales and marketing efforts more effective, make their stores more relevant and engaging in an omni-channel context, and also help fend off online-only competitors.

To learn more about this topic, view this video by Forbes Insights on how disruptive technologies such as digital shelves are transforming the consumer products and retail industry:

By Errol Gardner, Global Technology Leader, EY.

As our world is becoming increasingly digital, the questions at the board-level are becoming ever more focused on the opportunities and risks facing organizations today. How can we use digital solutions to increase the speed of our supply chain operations? Are our systems able to keep up with the pace of change? Does disruption apply to our organization? Should we store our data on the cloud? What are our competitors doing? What actions are our regulators taking?

What about cybersecurity?

Cybersecurity is a complex topic and often viewed outside of the sphere of concern for many of the C—suite. We work with CIOs who have the challenge of convincing the board to focus on the risks the digital world brings and how it applies to enterprise strategy. If that is you, you’re not alone. According to the EY Global Information Security Survey (GISS) 2015, 54% of organizations do not have a role or department in their information security function that is focusing on emerging technology and its impact and 36% said that they would not be able to detect a sophisticated cyber attack.

How does cybersecurity enable a digital world?

Cybersecurity is not an inhibitor in the digital world; rather, it is a way to help make the digital world operational and sustainable. Cybersecurity is key to helping unlock innovation and expansion, and a tailored organization and risk-centric approach to cybersecurity can adjust the balance of the digital world back toward sustainability and safety.

What this means is that while organizations are talking about cybersecurity and making progress in improving the way they respond to today’s cyber threats and attacks, there is also a need for considerable improvement and investment in cybersecurity operations to take advantage of the opportunities the digital world brings.

Convincing your board colleagues to invest and shape the response to cybersecurity
The GISS investigates the most important cybersecurity issues facing businesses today. It captures the responses of thousands of participants, and findings and conclusions are based on those insights and on our extensive global experience working with clients to help improve their cybersecurity.

Last year, 1755 participants around the globe and across all sectors took time to focus on questions that revealed how they could create trust in the digital world. Our 2016 survey will explore the important issue of how organizations are managing that trust.

Insights from the survey will look at how cybersecurity impacts an organization’s strategy and growth agenda every day, and highlight what best practice looks like. It will explain the skills and actions that your board colleagues need to enable your organization to lead the way in cybersecurity as an enabler.

Operating in a digital world invites new challenges and threats, which are translated into actions and discussion points at your next board meeting. Survey participants receive an individual peer comparison report to understand how they stand against organizations of a similar size and sector.

Having these insights means the next question you will be able to ask is ‘how are we managing our cybersecurity to support our digital business?’ If you wish to participate in GISS 2016, speak with your EY contact or find out more by visiting ey.com/cybersecurity.

By Dr. Aleksander Poniewierski, Partner and IoT Leader, EY.

As consumers, we see the internet of things (IoT) as something that makes our lives easier. The millions of sensors that gather trillions of bytes of data chart our behaviors, measure our activity, and connect us to ourselves and others in ways we could never have imagined only a few years ago.

Now, companies are jumping on the bandwagon, using IoT for more industrial purposes. By attaching sensors to the trillions of machines in millions of factories of all sizes, and then analyzing the captured data, companies could improve efficiency and equipment uptime, and significantly enhance machine performance. Manufacturing and industrial companies are also finding that they could take advantage of the Industrial Internet of Things (IIoT) in the way consumer companies do: by using the data to assess client behaviors, measure satisfaction, and develop new products and services to maximize revenue. And those companies are looking to their CIOs to gain the most of IIOT, find the right provider and assess the risk when implementing it.

IIoT can help provide quick wins without a crippling up-front investment

For many industrial companies, investing in their own IIoT infrastructure can be cost prohibitive. Luckily, industrial machine manufacturing giants such as GE, as well as IT firms such as SAP and Microsoft, are investing heavily into this new infrastructure. They are building connected cloud-based platforms and providing services that can help manage, analyze and store the data that a company’s machine sensors collect.

Working together, this model provides a win-win solution for both the client and the managed service provider. Clients pay for usage. There’s no up-front investment in systems or infrastructure, and they are able to achieve tangible benefits in relatively short periods of time. The advantage for the managed service provider is the ability to collect and aggregate the petabytes of data they gather from their clients, conduct their own analyses and provide valuable insights based not only on their own data, but that from across industries and geographies.

What organizations look for in an IIoT managed services provider

Given the number of high-profile, well-regarded IIoT managed service providers now in the market, the question industrial manufacturers looking to take advantage of IIoT should be asking is: how do I know which vendor to choose?

In the consumer world, the evaluation process can be based on a number of features. Want a new car? Shoppers can compare price, consumer safety reports, luxury add-ons and any other criteria that are important to them as an individual. With IIoT vendors, they’re all offering one main feature: to connect industrial machines, and to manage and store the data they provide. Often, prices among managed service providers are similar as well.

So, where does the differentiated value lie? There are three areas that companies are considering when choosing the right managed services provider:

1. Applications and intellectual property (IP): One key differentiator is in the IP and apps that a vendor offers, much the way it is when choosing a smart phone. Many of the handsets and embedded features are similar, and the prices comparable. Even the cloud storage options are on par. Where smart phone providers diverge is in the available apps.Similarly, when it comes to IIoT vendors, companies need to understand the cloud platform they are offering, as well as the calculations, analytics capabilities, knowledge repositories and IP they have available in their app stores.
2. Strategic alignment: Vendor technology and alignment to a client’s business strategy is important today, but it will become absolutely critical in the future as vendors devise niche products and services for different industries and market segments. For example, vendors such as Nokia want to be the platform of choice for smart cities. GE, on the other hand, wants to capture the industrial manufacturing market. However, unlike 20 years ago when, following a three-year implementation period, there would have been no new options, by the time a company has finished implementing an IIoT platform today, it could find that there are 5 or 10 other options available that may now be more suitable to its needs. Because technology, particularly IIoT, is moving so quickly, it’s really important that companies have a deep understanding of not only the existing features, but also what a vendor’s innovation plans are over the next months and years.
3. Security: IIoT offers some huge opportunities for organizations in helping to reduce costs, improve operational efficiency and maximize revenues. But it also brings with it a lot of new threats. Cyber threats are the obvious consideration. Industrial machinery used to be considered relatively safe from cyber attacks because it wasn’t connected to the internet. Now, with everything connected, hackers can gain access to anything, anywhere. The less obvious risk is around IP protection and privacy. Companies also need to be aware of both the regulatory and legal implications associated with gathering, storing and managing personally identifiable information. Companies may not have to spend money investing in IIoT, but they do have to invest heavily in protecting their assets once they are connected.

IIoT offers a world of opportunity … but be mindful of the risks

The fourth industrial revolution is here, and it’s exciting. IIoT offers a whole new world of opportunities for organizations that can help to boost bottom lines and accelerate performance — provided they are mindful of the risks.

By Drazen Nikolic, Partner, Advisory, Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft.

When separate entities (both businesses and individuals) converge into rich networks with variable sets of relationships between producers and consumers, businesses have to move beyond traditional industry silos and go from organization-centricity to ecosystem-centricity. This trend led, in the last couple of years, to the rise of the platform as a business and organizational model. Today’s biggest, fastest-growing and most disruptive companies are founded on platform-based business models: Apple, eBay, Uber and Alphabet, to name just a few.

Platforms can connect people, organizations and resources in an interactive ecosystem that helps parties exchange value. Any industry for which information is an important ingredient — and yes, this concerns almost all companies — is a potential candidate for a platform-based business model. One example is the modern health care ecosystem. In the traditional ecosystem, patients relied solely on their physician. But today’s patient, thanks to platform-enabled business, is more empowered to have access to products and services from different providers and suppliers — from sport and fitness, nutrition and wellness, and the technology and data arenas — giving the patient additional sources of expert guidance. This interaction via a platform can provide the health care provider with data that can be used in the development of new therapies and improving current treatments and offerings, thereby improving products and services.

There are several trends to consider when evaluating a change to a platform-based business model, and CIOs can play a significant role in each of them.

Breaking with tradition: Platform principles and designs are counterintuitive to traditional ways of doing business, and to implement them successfully, organizations need to move away from linear supply chains and conventional service models. This shift requires new ways of thinking and implies a new business logic. With their expertise, CIOs can be at the forefront of creating massive opportunities by helping to shape the business architecture, integrating existing systems and defining the right processes.

Focus on the customer journey: Today’s customers are active, independent partners in an ecosystem, sitting at the center of its strategy and reshaping their own needs. Collaboration can be enabled with the right technology, by a digital experience platform that serves providers and consumers along every step of their journey and offers individual value propositions across the networked ecosystem. Consequently, CIOs can help companies to create a digital experience and technology strategy that is informed by the needs and digital behaviors of their stakeholders. In fact, the platform should aim to pinpoint and affect every user’s journey to benefit customers while simultaneously improving the business performance of both the organization, e.g., by automating internal processes with the help of robotics and the organization’s partners.

Dealing with data — part 1: An important element of a platform-based business model is to find the right balance between sharing the company data and protecting it. CIOs could influence the assessment of how much information has to be shared with the participants on the platform or the platform provider, considering business risks. Platforms bring an increased threat of uncontrolled data disclosure; understanding cybersecurity and data protection is, therefore, an inevitable prerequisite for sustainable success in the digital era. CIOs should have a well-articulated security and privacy strategy in place when setting up a digital business platform. They will need to work together with business leaders to ensure data is protected, regulatory obligations are met and that the available data is efficiently used for the business’s benefit.

Dealing with data — part 2: Trade on business platforms generates tremendous amounts of data that can be analyzed to help sell better — and more — products and services. Consequently, companies face the need for new roles in the organization such as data scientists and chief data officers (CDOs) to exploit the available information. It will be important for CIOs to work with these roles to help ensure the available data is generated and used in the best possible way.

Increasing levels of partnership and collaboration: As each individual collaborates for the mutual benefit of the entire ecosystem, this can ultimately lead to more information, allowing more choices and creating more value. Single companies can no longer own or create everything themselves — this would be too costly and time intensive. Consequently, the need to enter alliances and partnerships across the business platform to meet new growth opportunities arises. CIOs are actively helping to assess the technical fit of alliance partners that are complementary to the companies’ own offers, thus enabling them to create additional value to their customers.

With platform-based businesses models, traditional industries, such as hotels and television channels, are in a state of upheaval and disruption. And other industries are not far behind. Businesses that do a better job of harnessing the power of platforms may be able to turn disruption into a competitive advantage. For CIOs, it is important to understand that platforms are business models and not technological systems alone, although technology plays an integral part. Getting engaged in the business aspect of platform-based models allows CIOs once again to position themselves as strong business partners, rather than only gatekeepers of technology.

By Frank Thewihsen, Partner, Advisory, Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft.

Additive manufacturing, better known in the market as 3D printing (3DP), has been evolving over the past 30 years and is now largely being adopted by an increasing number of major companies. Adoption rates are increasing as companies are realizing the benefits of 3DP, with the quality and availability of printing materials improving all the time.

Aerospace companies and the high-tech industry have been at the forefront of using the advantages of 3DP, but there are other early adopters that benefit from the technology, such as the health care industry. For example, 3DP can enable a more patient-centric approach through the customization of prosthetics and dentistry, and by enabling bio-printing, where scientists print human-sized bones, cartilage and teeth implants. Experts from the World Economic Forum even predict that, by 2024, it will be possible to print usable human organs, which will revolutionize lives.

The potential benefits of 3DP are manifold and can include some, or all, of the following:

• A reduced time to market and shortened product development design cycle
• Reduced process time via improved tools, less waste, fewer production or assembly steps and reduced lead time via functional integration of parts
• More flexible maintenance processes, lower maintenance costs and cost-efficient industrial engineering
• Reduced inventory and logistics handling, transportation and related costs
• Flexibility in delivery of spare parts, reduced costs of spare parts production and after-market care

Business trends are driving increasing adoption
As mentioned above, 3DP printing has been around for a while. So why is it emerging as a hot topic now? There are a number of trends that influence and increase the adoption of 3DP.

Firstly, individualization and customer co-creation are hot topics in the market. Want to personalize your sneakers? No problem: the 3DP industry has enabled manufacturers to print parts as close to the time of assembly as possible, which allows for a reduction in inventory and the possibility of producing many more product types.

Secondly, innovation and development in larger groups of people are crucial. The 3DP technology makes it possible for individuals or collaborative teams to manufacture end products with fewer barriers to innovation. For example, for intra-company collaboration, design teams can “fax” their parts across the world so that other teams can continue working on them.

Lastly, the performance of 3D printers and materials have significantly improved in terms of speed, quality, available materials and cost. Therefore, business cases for serial production — far beyond solely prototyping — are more favorable now for 3DP technology.

How does this new manufacturing technology create challenges for a CIO?
Looking into the many potential benefits of 3DP, as well as the trends driving adoption right now, why aren’t all organizations on their way to implementing it? Well, there are some key concerns that can stand in the way of organizations’ 3DP ambitions. And, while CIOs don’t seem to be the obvious candidates to influence the production technology, they can still help resolve some of the challenges:

• IP and data protection: Historically, production often took place in-house, and CIOs had to create the necessary IT environment for it. In today’s 3DP scenario, manufacturing and printing can happen at different places – in-house, in a printing bureau or at client side. Therefore, public access to blueprints raises copyright and intellectual property (IP) concerns. CIOs at the “sending,” but also at the “receiving,” end can help put systems in place that ensure IP and data protection, and secure original product quality without the risk of any digital manipulation of the product.

• Setting the scene for success: While choosing the core 3DP technology is not a task for the CIO, they still need to have a say in deciding how printers can be connected within the company and to the outside world, and what base prerequisites need to be fulfilled before a new production technology can be deployed.

• Quality control: With current laws clearly out of sync with this rapidly emerging technology, 3DP leads to many unanswered questions around liability. Engineers and CIOs contribute to standardizing quality control mechanisms across production processes, ensuring close cooperation with 3DP systems providers and printing bureaus.

For the CIO, 3DP is an inevitable emerging area of focus. And, even if core 3DP technology might be out of the scope of the CIO, the information and information security-related aspects are not. It is important, therefore, that the CIO works with engineers and product development staff on the information risk-related aspects of 3DP, in order to make the transition smooth and its continued implementation successful.

To learn more about 3DP, take a look at this recently issued EY report at ey.com/3Dprinting.

By Tony Klimas, Global Finance Practice Leader, EY.

Having worked in industry and then consulting for a number of years, I can’t help but observe that history often repeats itself. This is especially true for the technological advancements happening today — their impact being analogous to the transformation from mainframe computing to client-server models in the early- to mid-90s.

Back then, this transformation brought new challenges, but also capabilities that changed the face and core of all businesses. Today’s technologies have the same potential to alter the finance function significantly in a positive way. And today’s CFOs need to be very involved in understanding how these technologies will empower not only the finance function itself, but also the relationship between finance and the rest of the business, especially when it comes to investment decisions and strategic implications.

For the CIOs, this will be an opportunity to guide CFOs proactively through technological advancements, introducing them to new and useful tools and ultimately equipping them with the right knowledge to succeed.

I believe there are five technologies that will play a significant role in transforming the finance function:

• Advanced data analytics and forecasting can help in managing strategic risks through scenario analysis and sophisticated modeling techniques. This technology enables leaders to have a better understanding of the financial implications of key strategic and operational decisions, and to provide better and faster information to relevant stakeholders.
• Robotic process automation (RPA) helps reduce cost by automating key processes, and improves quality through reduction in error rates. RPA can help maintain consistency, control and traceability while performing large volumes of repetitive tasks — at a lower cost. Automation will have a significant impact on the transactions performed in the “back office.”
• Cloud-based infrastructure and cloud-based SaaS applications will streamline operations, reduce costs and increase flexibility. These technologies help facilitate data storage and application distribution in a way that can be accessed anywhere and improves disaster recovery capability.
• Artificial intelligence (AI) systems are capable of ingesting information and instructions, learning from interactions with human beings and responding to new situations and questions in a human-like way. AI is useful for analyzing large amounts of unstructured data and finding patterns in large data sets that might indicate fraud or other concerns. Many AI-based customer service applications also exist.
• Blockchain technology is not yet widely understood but, in some ways, it is the most important emerging technology for the near future. In finance functions, blockchain will not only simplify audits and improve the control environment, it will also create new and innovative ways to increase transparency and conduct external communication, leading to increased valuations and value creation.

To support CFOs properly, there are several actions that CIOs should consider:

Partner with the CFO: Often, the CIO reports to the CFO. We’re also seeing an increasing number of CIOs reporting directly to the CEO. In any case, the CIO and the CFO need to share strategic objectives and work together to avoid underinvestment in technology – which is easier said than done. The responsibility for maintaining cost disciplines, and insufficient understanding of IT issues, can often lead CFOs to disagree with CIOs on adopting new technology. Shared strategic vision and goals will help avoid this problem.

Look for emerging technologies and understand their role in creating value: One way of enhancing the CIO-CFO relationship is to demonstrate expertise in identifying emerging technologies and staying one step ahead of the competition in harnessing them. In addition to extra time enjoying that competitive advantage, this will also help ensure that investment decisions can be made in a thoughtful and nuanced way.

Do not wait and see: Historically, there have been times when it was best to wait and see how others would approach new technologies before jumping in. Today, it is not one of those times. Transformation is inevitable, and a conservative wait-and-see approach could lead to a distinct competitive disadvantage making your company lag behind more aggressive competitors.

New technology is having significant impacts on how business is done, and smart companies are realizing that technology can provide strategic advantage by driving new business models, opening new markets and creating new capabilities. As perceptions about IT change from “cost center” to “strategic asset,” CIOs are playing a more important strategic role. CIOs who understand this and position themselves to help the CFO and other top executives will find a large degree of both personal and professional success.

Learn more at The DNA of the CFO – 2016. In this report, we look at how technology changes the finance function and what that means for the workforce. I am looking forward to contributing another blog post about this interesting topic soon.

By Tony Klimas, Global Finance Practice Leader, EY.

In my previous post, I discussed how CIOs and CFOs can work together to aid the introduction of the latest technology into the larger enterprise, including the CFO’s key role in supporting the investment decision process. However, new technology investments only drive value if the people using the technology have the skills to exploit its potential.

Now, more than ever, complex enabling technology plays an increasing role in driving business value. To help realize that value, employees must be capable of understanding the potential of technological innovation and embracing the rapid pace of change that comes with that new capability. Recruiting, retaining and developing the right people to meet these demands is pivotal. As workforce demographics shift from an aging, experienced workforce, to one populated by enthusiastic, more digitally-savvy, inexperienced millennials, these pressures increase further.

The challenge for CFOs of the future is to harness new technology, new skills and enhanced business processes to build a more forward-looking, adaptable and resilient finance function. The operating model needs to support this shift, allowing the finance function to exploit technological capabilities further while reinforcing business partnership activities. Going forward, this will become even more critical as much of the routine finance activity is automated. The focus of finance will shift further down the path away from processing data to making data-driven decisions in a highly connected business environment, where the lines are blurring between customers, suppliers and other stakeholders.

The future finance operating model. Source: EY study, Is the future of finance new technology, or new people? Preparing for the future finance function

A recent EY study, Is the future of finance new technology, or new people? Preparing for the future finance function, discusses the finance function of tomorrow having several distinct attributes when it comes to the new operating model, including the following:

• The ability to automate finance processes in outsourced or captive finance factories, with small teams managing exceptions
• Insights driven by combining finance data with external information to help model and predict business outcomes, and identify opportunities
• Better alignment with business, with employees working more alongside key internal stakeholders and participating in strategic decision-making focused on helping manage uncertainty through strategic risk management

Amid so much change, the CFO is facing the task of hiring the right people for the evolving roles in the new operating model, while educating existing staff about shifting responsibilities.

The CIO is in a good position to support CFOs going forward, helping ensure the finance function is equipped with the right skills, tools and knowledge. As is increasingly the case, there needs to be close collaboration between the two. Some thoughts on what the CIO can do are as follows:

Help CFOs define and find the talent they need

CIOs are well positioned to help CFOs deal with the increasing influence of digital technology on the finance operating model. Skills related to data and the use of data — including statistics and data science, and even behavioral science skills — will be critical in helping the finance function of the future turn data into strategic insight. CIOs can work with finance to help define the profile of the right talent and assist with recruitment and retention. If done correctly, this will allow the hiring of blended skillsets with strong finance and accounting knowledge, coupled with expertise in emerging technologies, such as blockchain and artificial intelligence (AI). These cross-functional people will be positioned to lead technology-driven changes to the finance operating model and to identify the implications of digital for the business model and growth agenda.

Help build external partnerships

Software and technology companies, key suppliers, customers and other important stakeholders are playing an increasing role in day-to-day business as companies become more connected. As a result, organizations are often looking to partner with third parties to address business challenges and stay on top of innovation. Alliances with universities, start-ups and other third parties are also essential to remain nimble and adapt continually. When these external alliances are made to meet technological ends, the CIO’s participation will be invaluable: advising on the right partners, level of partnership and technology advantages that are to be gained. By working closely with the CFO, the CIO can ensure the right technologies are used to drive value for the overall business in a cost-effective way. This will help avoid the pitfall of pursuing technology for technology’s sake.

Plan ahead to face tomorrow’s talent needs

As the increasing automation of transactional finance tasks alters the finance professional’s traditional career path, finance leaders will relook at how they intend to develop people to acquire the breadth of skills necessary to progress through the finance function, and nurture the finance leaders of the future. Demand for certain IT and digital skills will continue to grow for the next decade, but for future generations, the skills needed may be different. Many jobs that are done today will be largely automated by then. CIOs and CFOs will have to work together to predict these trends and come up with a long-term talent development road map and plan to address them, making sure the finance function is well equipped with the right people in the long run. This is another aspect of the finance resourcing where the CIO can team with the CFO, potentially creating rotational assignments and the loaning of resources across both business functions.

By Uwe Michael Mueller, EMEIA Performance Improvement Leader, EY.

If you and I were talking right now, face to face and in a room full of CIOs, we would have a lot to discuss about cybersecurity. In the spirit of information sharing and collaboration against a common enemy who threatens us all, we would tell each other what we were doing, the tools we have, the size of the team and the budget, and we would commiserate with those who, despite having done everything seemingly right, still suffered a significant attack that threw their organization into chaos.

What CIOs want to know about our cybersecurity is: “Is it working?”, “Am I doing the right things?”, ”Is there some back door I have left open that I don’t know about?”. Maybe your organization is one that recognizes that cybersecurity is not just the responsibility of the CIO or CISO any more — it’s a shared responsibility. The board needs to support your efforts, and the employees need to learn — and try their best — to stay out of trouble and not open that email, or lose that device. Does that make you feel more confident? With the organization fully behind you, are you feeling more hopeful?

Probably not, if you are honest. So what’s missing? If the devil is in the detail (or in your network), then maybe your concerns are very specific; so let’s break it down.

Firstly, are you concerned about how sharp your senses are? Can you see the cyber attacker as he starts to prowl around your perimeter? Would you know if someone was beginning to dig a tunnel or launch a rocket over your fences? Would you spot him if he got into a disguise and then hid in the shadows?

Secondly, what if the attack was from a new weapon? A new, more sophisticated weapon that you hadn’t experienced before. Would your defenses be able to resist something new and more powerful?

Thirdly, would your organization know how to react to an attack? Do you have a plan and do you know what role you would play in it? What would be the first thing you would do?

EY’s latest Global Information Security Survey will be published by the end of this month. From studying the results of that survey, from listening to our clients day to day, and from watching the cyber risk and threat landscape evolve, our cybersecurity practitioners hear these questions all the time. They understand how critical it is that IT and cybersecurity leaders have the answers and are confident they know what to do.

The survey results will indicate where organizations are today in the strength and maturity of their cybersecurity capabilities. Last year, the survey indicated there had been some improvements, with more still needed, so will this year demonstrate that cybersecurity is improved again and organizations are closer to defeating the enemy? I suspect, since we all live in the real world, there will be some good news and some not-so-good news. What organizations need though is some hope, and a reminder they are doing a good job. Maybe not perfect, but they have come a long way and, if the survey can give them some guidance about where to get to next, then that provides something to work on.

I’m expecting to learn a lot from this year’s results. I understand that 1735 CIOs, CISOs and other cybersecurity professionals took part. Now I don’t know about you, but I’ve never been in a room with that many professionals before, all talking and sharing (anonymously of course!) precise information about their experiences, capabilities and concerns. So if you want to hear what they have to say, look out for the report. We will post it here when it comes out. Then we should talk again and keep the conversations going. Like the room, we are all in it together, so let’s continue to help each other out.

By Stephan Salmann, Partner, Advisory, Ernst & Young GmbH Wirtschaftsprüfungsgesellschaft.

Thanks to the internet, today’s consumers are on an equal footing with every company and organization. They do not hesitate to turn to social media to voice their opinions about issues on which they feel strongly — be it positive or negative. While many companies embrace positive feedback on social media channels, others have had the painful experience of one tweet or post creating a ripple that results in a chorus of outrage. This chorus against companies, businesses, individuals — or even political parties — is called a flame war.

Anyone can be affected by flame wars — regardless of whether they’re active on social media or not. Social media crises can be instigated from the outside: for example, by parties with strategic intentions. But more worryingly, most of the time, flame wars originate from within the organization — as a result of inappropriate employee behavior, negative customer experiences, violation of ethical principles and other injustices or inappropriate reactions.

The six phases of a flame war are:

1. Calm: crisis starting as a tweet (like 53% of all social media crises) or a Facebook post (17%)
2. Breeze: moderate social media activity via just one channel
3. Strong breeze: extensive activity across multiple channels
4. Storm: extensive online media coverage
5. Hurricane: full media coverage online and offline, including TV, radio and newspapers
6. Post-critical phase: when the storm has receded

Since most of the detection and coping mechanisms around flame wars are technology infused, the CIO needs to work closely with marketing and customer care departments to implement measure to detect, deal with, and learn from flame wars.

Detection and early warning systems

Efficient automated analysis tools provide structure to the otherwise unstructured data obtained while monitoring social media activities and allow the organization to process that data. Modern tools help to achieve effective detection through advanced linguistic analysis, such as part-of-speech tagging (POST). Creating alerts on the basis of previously defined growth rates and a predefined blacklist of words — as opposed to performing individual assessments on ever-growing content — saves time. But it is important not to limit ourselves to the blacklists and keep track of the growth rates of different word combinations, as it is not possible to predict which word combinations will cause problems. CIOs should contain their instincts to automate response to flame wars. Every flame war — big or small — is critical and has to be dealt with by people, rather than by bots.

Dealing with a flame war

The speed with which companies identify and react to a potential crisis influences its overall impact and magnitude. In an optimal situation, potentially critical social media posts are recognized early and stemmed by specific countermeasures. Once a flame war is detected, defined processes need to kick in. They will be supported by a knowledge base listing all possible countermeasures that help employees in making balanced decisions on how to react. All social media channels used by the organization should be prepared with potential content to use in the event of an emergency. And, externally, influencers such as bloggers and social media editors need to be briefed in advance and activated on demand to help in a crisis situation. Although training employees to respond to flame wars doesn’t fall under the purview of CIOs, they can still do their part by running mock drills and keeping everyone on their toes and ready to react — quickly and in the correct way.

The post-war phase

Once the war is over, the CIO should ensure that valuable lessons are learnt from it and that the generated data is analyzed. The overall loss of reputation is easily observed but difficult to measure. However, loss of revenue, business and contracts, and fall in share prices, are quantifiable indicators. CIOs can help organizations by putting tools in place to measure reputational damage, identify root causes and prevent recurrence. Data on how employees dealt with the situation is also a valuable source of information that will help the company to improve its reaction mechanisms going forward.

Only extensive analyses will help organizations to react better to future crises. If handled carefully, flame wars can be turned around in favor of the company to create more fans and followers. Ultimately, it’s important to look on the positive side of things, as every problem is also an opportunity and a learning experience.

By Martyn Whistler, Associate Director, Knowledge, Ernst & Young LLP.

Very often these days, we hear people expressing fear about how artificial intelligence (AI) will take over the world and rule humanity – or at least business life. Most of these conversations validate my own fears: that our own understanding of AI – both soft AI (which aids us in tasks such as sending texts, booking hotels or restaurant reservations and ordering taxis) and hard AI (which makes decisions on its own and mimics or even replaces human intelligence) – is inaccurate or incomplete.

We might not have realized it, but AI has become almost omnipresent now. It is part of virtual personal assistants, voice recognition software, call centers, weather forecasting, power grids and even large industrial processes. If you look at the conversations around digital in recent years, they have been mostly about connecting devices, networks and data to create a digital environment from where data can be collected and manipulated. By introducing AI into these connected environments, I believe it is possible to achieve results that have previously been considered impossible.

The obvious benefits and the not-so-obvious challenges

The more obvious benefits are efficiency and effectiveness. Organizations become more efficient by empowering bots to answer customer queries online or by using software to resolve customer queries before they get to a human handler. Efficiency gains can be significant. In power grids, for example, the traditional approach was to have engineers monitor grid functioning. They could push capacity but their goal was to keep the lights on. With AI, however, this monitoring can be more automated and the power grids can potentially be optimized to 100% of their capacity.  More importantly, the power grids can function more intelligently and help enable management to make decisions on where in the network to scale up or down, or on how to optimize networks to levels unattainable by solely human control.

AI can also help improve effectiveness by, for example, helping a doctor with a diagnosis. The AI-powered diagnosis can potentially be far more accurate than a human diagnosis, and the medical staff can focus on attending to the more human and subjective aspects of health care – so everybody wins.

There are obstacles to implementing AI too. Cost is certainly one. So are legacy and work forces with institutional knowledge that can act as roadblocks to addressing the low-hanging fruits. Although AI has evolved over the years, it still has significant untapped potential and scope for innovations. I wouldn’t say companies are yet to acknowledge the need to bring AI into their organizations, but that many are only starting to figure out where and how AI could fit into their organizations.

How can CIOs get the ball rolling?

Start experimentally: Adopting an enterprise-wide AI strategy in one go will not be easy, so CIOs can start small – probably by identifying challenges AI can help address and then expanding slowly to the rest of the organization. But, to get there, organizations should start by experimenting and learning from the challenges and to help stay ahead of peers when AI becomes more common.

Talk to C-suite peers to identify opportunities: There are sector-specific nuances that organizations will have to work out depending on the domain of their organization’s operation. However, regardless of the sector, AI could be implemented to help improve efficiency in almost all areas of an organization, including marketing, finance and logistics. So having conversations with peers such as the CFO, the CMO and supply chain leads are vital.

Spot the AI that your company can benefit from: There are many high-level research-oriented discussions happening around AI. While CIOs can benefit by following these discussions, their focus should also be on what can be implemented in their organizations today. The number of organizations offering AI solutions can itself seem overwhelming. Identifying a solution that works for your organization can be a challenging, and unavoidable, activity.

When AI controls decisions, who controls your company?

Before CIOs even try to answer this question, it is important to say that we are very far away from reaching the stage where AI can operate without human intervention. But when AI becomes common, organizations will have to learn to manage risk and make sure they have the right balance between the human and technological elements. AI, in other words, is a supplement to human decision-making, not a replacement. It can automate numerous transactions in sectors such as financial services. But can it replace salespeople in a retail store or the nurses and doctors in a hospital? Probably not. But it could certainly make their jobs easier and help them make good decisions; it could also free up their time to work on more value-added tasks and customer/patient focused activities. AI should not be seen with fear, but as an opportunity.

EY would love to hear from you. What are your experiences with AI? Share your ideas and comments, and let’s start a lively discussion!

By Manoj Jha, Director, Advisory Services, EY, India.

India has been quick to embrace digital technology and is one of the top three countries in the world in terms of its internet usage.

Startled by the power of internet

India is rapidly adopting digital technology with a focus on providing internet connectivity to a larger user base. It is expected to have surpassed the US and become the second-largest country in terms of internet user base as of December 2015 (402 million, up 33% year on year).¹  The mobile internet user base has grown at a robust rate of 77% year on year to 306 million during the same period.² Widespread availability of low-priced smartphones has enabled users to mobilize their digital world. The average consumption of mobile data per smartphone user in India is expected to reach 2.08GB per month by 2020, compared with to a mere 430MB in 2015.³ With such rapid growth, India is all set to adopt the next-generation digital technologies.

Enterprises are eager to join the rush for digital

In August 2014, the Indian Government launched the Digital India program with an estimated investment of INR1.13t over three to five years to widen digital access for India’s population.⁴ This opened up a plethora of opportunities for various companies to build broadband infrastructure, create identity solutions, design mobile-based payment systems and develop remote health care solutions. To join the rush for digital, various enterprises are looking to adopt next-generation technologies as a means to open up new channels for product and service delivery, improve employee productivity, customer experience and vendor satisfaction, and bring agility into the business model. However, many companies are so overwhelmed by the digital phenomenon that they are embracing the technology without understanding what their needs are and the best way to generate returns. They fail to understand which technologies should be deployed to suit the business’s requirements best and what kind of data needs to be analyzed. As a result, they are exposing themselves to multiple risks.

Does abrupt digital adoption result in digital transformation or digital chaos?

Digitalization is necessary, but the inability of organizations to articulate clearly their digital enterprise strategy and digital governance approach is creating digital chaos. This is because, currently, there are no established best practices for how to digitalize a business, only a few scattered examples. One India-based company provides an example of how digital chaos can impact the business. The organization puts new areas of technology, such as cloud computing and enterprise mobility, at the heart of its strategy. The idea was good in theory but, in practice, it proved to be the wrong move, as the company lost focus on its core business, resulting in a fall in both revenue growth and operating profit.

How can firms make sure they are benefiting from digital?

To drive the benefits from digitization, organizations should draw up a road map that puts digital thinking at the heart of the business. The objective is to define a clear digital strategy together with metrics that can measure the anticipated differential created by a digitalized versus traditional business. The expected return on investment should be calculated on implementation, as this will help the company decide on the feasibility of digital solutions (based on the nature of the business), secure money from investors and build a relevant digital strategy.

Data security is one of the key pillars of a digital strategy, as the threats of cybersecurity (e.g., identity theft, phishing, snooping and cyber terrorism) have become an increasing cause for concern with the adoption of next-generation technologies.

For example, one Indian conglomerate wanted to transform its existing IT setup so that it could automate some of its processes. While doing so, it focused primarily on implementing an information security environment to avoid any cybersecurity risks. It conducted a thorough review of the security architecture of its infrastructure components, sales management information system (SMIS) and marketing and distribution portal to assess any vulnerable areas and address any gaps in security. As a result, it could quickly identify areas in the IT environment where there was information leakage and create security frameworks to prevent the possibility of unauthorized access to critical data.

Digital governance is also vital, as it helps to establish rules and processes for sharing, editing, distributing and consuming data, thereby reducing the possibility of misuse.

A comprehensive digital governance model will require investment, but the benefits are worthwhile: improved performance, reputation and competitive advantage. An additional consideration for organizations is whether to adopt a dual-speed IT operating model. This would enable CIOs to focus on an IT ecosystem that comprises rapidly evolving digital solutions and robust enterprise IT that would sustain core business processes. This approach would help bring an element of balance between the company’s current technology and emerging disruptive technologies.

It is not all in the hands of business — governments can also play an important role in the successful implementation of digital technologies. By providing regulatory support to the ecosystem with adequate laws on data privacy and data handling, and by levying heavy fines in the event of data breaches, governments can help facilitate better governance for businesses and avoid abrupt or unplanned digital adoption.

Adopt digital, but with caution

Digital is no longer a distant dream. It is here. But any haste in its adoption can lead to more harm than good. A well thought-out digital strategy, together with adequate government support, can help organizations flourish in the digital era and translate their digital investments into tangible benefits.

Sources
¹R.P. Nair, “India to have the second-largest Internet user base in the world by December 2015: Report,” Yourstory website, http://yourstory.com/2015/11/india-internet-userbase-2015/, accessed June 2016.
²Neeraj M., “Mobile Internet Users In India 2016: 371 Mn by June, 76% Growth In 2015,” Dazeinfo website, http://dazeinfo.com/2016/02/08/mobile-internet-users-in-india- 2016-smartphone-adoption-2015/, accessed June 2016.
³Neeraj M., “Mobile Internet Users In India 2016: 371 Mn by June, 76% Growth In 2015,” Dazeinfo website, http://dazeinfo.com/2016/02/08/mobile-internet-users-in-india- 2016-smartphone-adoption-2015/, accessed June 2016
⁴S. Ghosh, “Digital India: Govt to spend up to Rs1.13 trillion in three-five years,” Mint website, http://www.livemint.com/ Politics/lBu1iUcwZNOYs9cXJCO7qM/Digital-India-Govt-tospend-up-to-Rs113-trillion-in-three.html, accessed June 2016.

By Maria Rey-Marston, Partner Advisory Supply Chain & Operations, Ernst & Young LLP.

In June 2007, the revolutionary iPhone came into our lives. If my memory is correct, over 700,000 units were sold over the first weekend. And thus started our evolution from physical beings to “phygital” beings. I use the word “phygital” for the world of interplay between physical and digital! With a few million people across the world connected to the internet, primarily through their smartphones, this interplay is changing business processes, operations and supply chain management, and also how we eat, play, work, date and live.

I agree that organizations are certainly exploring the potential of this interplay significantly. But we are only beginning to do so in areas such as cloud computing, the increasing connectivity and the computing power of smartphones. Not to mention the Internet of Things^* that some industries are employing in innovative ways — smart coolers in the beverages sector, smart oil fields in oil and gas, and connected insulin pumps in health care, to name a few.

The digital revolution that happened over the last decade is forcing us to change the way we look at supply chains. The traditional way of operations ran on two assumptions:

1. Demand was unknown, so we needed to forecast demand.
2.  Capacity was limited, be it production, distribution or labor capacity.

These assumptions are not relevant anymore. Firstly, demand has become a known parameter. If we are connected with at least a few thousand of the billions of people carrying smartphones, we have a good statistical representation from which real-time demand of the whole market can be obtained. Secondly, connectivity and shared economies have made capacity a less constrained parameter. Platforms that connect providers and customers are plentiful. People can avail themselves of the services of any number of people anytime without having to employ a single person.

All of this forces us look at the supply chain as more of a supply network — the demand response network (DRN). It also changes organizations’ strategies. In this new world, they should be responding to demand, instead of focusing on creating products — a shift that might be of interest, and is certainly one of relevance, to CIOs.

Why?

• Because it is the CIO’s function that can help enable and empower supply chains and operations — by helping them harness information about consumers, shoppers, suppliers, plants and production lines, and thereby build their own demand curves
• Because organizations would need the CIO’s help on areas such as cybersecurity, infrastructure, connectivity and data to harness demand signals and help harvest them with minimum distortion and latency
• And finally, because organizations would require help from the CIO’s office to connect them with providers that have the capacity to execute at lower cost-to-serve, and respond to demand in the fastest and most profitable way

DRNs could be introduced to a company by a CIO who takes the initiative to create awareness on the benefits of cutting-edge technologies and trends. It can also come as a requirement from the market. Either way, the move to a DRN never happens as one gigantic project; it happens gradually, like an evolution.

What could slow, or might already be slowing, this evolution is push-based product-centric views of business instead of the pull-based demand-driven view that a DRN demands. With a DRN, organizations should aim to fulfill demand signals when, with the traditional model, they create products and then decide whom to sell the product to. To run a sustainable demand-driven model, they need to harness and harvest demand signals accurately. Getting there might take time.

Learning to operate a network with resources that we don’t own will also be important. This change in mindset might also not be immediate.

Where there is change, there is also likely to be resistance — especially from those who are disrupted. However, to me, the change to a shared capacity and sharing economy model seems to be inevitable. Luckily for us, the views of the younger generations on property and ownership seem to be more aligned to the shared capacity models than those of my generation.

How are organizations going to respond to these changes in the coming months and years? How will the workforce adapt? I’m eager to see the interesting and inspiring events unfold. I hope you are too. And, I’m also positive that, even if organizations don’t have all the answers right now, they’ll figure things out, maybe with help from others, on their way.

If you’d like to learn more about creating a fit-for-future supply chain, check out a new series of short films from Maria Rey-Marston or read her viewpoint — When on-demand is the norm, can your supply chain respond?

Note
If you are interested to learn more about the Internet of Things, drop us an email to receive a personal invite on our upcoming webcast on this topic leveraging our recent thought leadership.

“Whenever you find yourself on the side of the majority, it is time to pause and reflect.”

Mark Twain

There is a certain comfort that established ways, set routines and having everything figured out provides. This stability is, of course, absolutely integral to a business’s smooth functioning. But also integral is challenging assumptions, and changing routines and status quos — in spite of the slight agony that might present, it’s the only way to open the doors to innovation.

With the holiday season around the corner, now might be an ideal time to reflect on our decisions during the year, and also take a pause from our own daily routines to renew our motivation, rigor and energy to innovate.

Being faced with new questions and new challenges constantly are all part of the interesting careers we have, but these challenges and questions also present us with opportunities to drive new momentum in our organizations and in our careers. And it is crucial that, no matter how comfortable and easy things get, we don’t fail to constantly remain innovative, astute, skeptical and, if necessary, a little paranoid.

The CIO’s bag of tricks is also taking a pause only to come back with new posts, insights and perspectives in a new year.

Happy holidays!

By Paul van Kessel, Global Leader, Cybersecurity services — EY Advisory.

Every CIO must have an incident response program as part of their cybersecurity strategy. I stressed the word “must” deliberately because your organization will undoubtedly be hacked one day — if it hasn’t been hacked already.

It’s critical to have that program in place because otherwise you may not have time to pull it together once the cyber attack happens. You will then be in full fire-fighting mode, supporting an organization that is in crisis and answering a barrage of questions from police and regulators, customers, investors and suppliers. Your priority would be to figure out if money or invaluable intellectual property has been stolen while trying to maintain routine business-as-usual activities as far as possible.

During a cyber attack, you must feel confident that your team understands the incident response program and knows exactly how to implement it to protect the organization. It will be too late to prevent the crisis — at that point, the crisis can only be managed. That’s why preparing a response plan for a breach in technology defenses is a critical component of any cyber-resilience strategy. Unfortunately, many organizations have yet to accept this uncomfortable fact.

Know your enemy

In EY’s 19th Global Information Security Survey 2016-17, which queried more than 1,700 CIOs, CISOs and other executives around the world, we identified three high-level components of a cybersecurity strategy. By enhancing their capabilities with respect to these components, organizations can better protect themselves from a cyber attack. The three components are:

1. Sharpen your senses
2. Upgrade your resistance to attacks
3. React better

Resistance, has traditionally been the area where organizations have focused most of their resources. As the board and executives have seen resistance as a priority, they have invested time and money in building powerful corporate shield involving controls, monitoring and internal audit. So unsurprisingly, our survey found that organizations’ capability was high in this area — but with some room for improvement in the reporting subcomponent.

Capability was lower in terms of anticipating cybersecurity threats (sharpening the senses), although many organizations have improved significantly in this respect in recent years. They are using cyber threat intelligence to scan the horizon for risks and installing monitoring mechanisms, such as security operating centers (SOCs), to identify and manage their vulnerabilities. Nevertheless, more progress needs to be made since almost two-thirds (64%) of respondents to our survey did not have, or only had an informal, threat intelligence program in place.

We can compare an organization with an effective cyber threat intelligence program to a goalkeeper on a soccer team. If a goalkeeper doesn’t anticipate the actions of the opposing team, they will not be able to see the ball coming; so the goalkeeper probably won’t be able to stop the ball. But when they can see the field clearly, they can anticipate the opponent’s moves, and see the angle from where the ball is coming from, and they are more likely to move in the right direction to stop the ball. Ultimately, no organization wants to be in a position where they concede the goal.

However, cyber threat intelligence, which is supplied by a host of external providers, will not give an organization sufficient visibility of the dangers it faces unless it is properly interpreted. So organizations also need to have effective internal cyber trend intelligence programs in place to make sense of the information they receive and to filter what’s important to their own business and sector.

Recently, a major player in the US leisure industry suffered a serious hack, with credit and debit card data stolen from millions of customers’ accounts. Less than a year previously, a Chinese company in the same sector had suffered a similar cyber attack. After the breaches, it quickly emerged that both companies used the same software and point-of-sale systems. This type of information, made available by companies that sell cyber trend intelligence, is an example of useful insight that would be relevant to other organizations in the industry that may use the same systems as those targeted in the attacks.

In denial

The third component of cybersecurity — the ability to react to an attack and to recover from it quickly — is the area where most organizations fail at present, according to our survey. This is the result of the very human inclination to believe that if you’ve done everything possible to prevent a cyber attack from occurring, it will not happen to your organization.

According to the findings from our survey, the corporate world lacks preparation in the event of a cyber breach. Overall, 42% of respondents said they did not have an agreed communications strategy or plan in place in the event of a significant attack. Furthermore, nearly two-thirds (62%) would not increase their cybersecurity spending after experiencing a breach that did not appear to do any harm.

Failing to prepare exposes your organization to operational and reputational risk. A truly cyber-resilient organization is ready to deal with the disruption caused by hacking through incident response capabilities, crisis management and then forensic investigation. It will have practiced its incident response program ahead of any event by using “war game” scenarios. It will also have a detailed communication plan that covers a range of eventualities, including a security breach that lasted several months before being noticed or a breach that needs to be kept confidential to give law enforcement agencies the chance to apprehend the cyber criminals.

What does a cyber-resilient organization look like?

To date, organizations have rightly focused on trying to build robust, resilient “fail-safe operations” that can withstand sudden cyber attacks. Yet, the unpredictable nature and unprecedented scale of the cyber threats that companies now face means that organizations must move from the fail-safe approach toward designing a system that is “safe to fail.”

A system that is safe to fail has been designed to absorb an attack, reduce the velocity and impact of it, and allow for the possibility of partial system failure as a way to limit damage to the organization’s systems more broadly. For example, in the event of a high-level threat to the system, a SOC can be configured to alert the system owner to the threat and to shut down the system to prevent the threat from spreading further.

A CIO looking to create a cyber-resilient organization in today’s world should have an investment program that balances the need to sense, resist and react to cyber threats. The outcome of this investment will be a cyber-resilient organization that:

1. Develops a “whole of organization” response to cyber threats, based on an in-depth understanding of the business and operational landscape
2. Maps and assesses the relationships the organization has across the cyber ecosystem, identifies what risks exist and performs a risk assessment
3. Determines the critical assets that need to be protected
4. Shares information about the risk and threat landscape so that the organization understands the broader risk landscape and is aware of any security gaps
5. Boasts exceptional leaders who can communicate clearly, give direction and set the right example in the event of an attack
6. Has created a culture of change readiness through simulation exercises and war games that challenge the existing crisis management, command and control center, manuals and plans
7. Conducts formal investigations and prepares for prosecution

To share your thoughts on this issue, connect with me on LinkedIn or Twitter.

By Cheryl Martin, Partner/Principal, Other Advisory.

Cyber risk is a bigger issue now than it’s ever been, but organizations still may not be taking a sufficiently broad view.

Picture a hacker.

Did you just picture a greasy, loft-bound “hacktivist” performing random attacks on corporations out of some vaguely directed sense of anarchy?

Or did you picture a large, multimember organization, possibly a nation state or a criminal network, whose attacks are planned months in advance and deployed with massive resource and well-defined strategic goals?

A decade ago, the first figure would have been the bogeyman of IT departments. But now, as major incidents have shown, it’s the latter that should cause real concern.

This changing threat landscape means that organizations may need to change their mentality fundamentally when it comes to addressing and mitigating cyber risk.

Perception is beginning to shift: in the EY 2016-17 Global Information Security Survey (GISS), from the 1,735 organizations surveyed, 56% of respondents rated criminal syndicates as the most likely source of attack. But how can organizational leadership respond to this new era of cyber threat?

Cybersecurity needs to get operational

An important thing for the C-suite to bear in mind is that cybersecurity is no longer just a technical responsibility — it should be an operational responsibility as well. For leadership, it should also be a question of “What steps do we need to take to manage threats as they emerge?”

Mitigating cyber risk doesn’t just mean allocating resources to your IT department so that it can buy and maintain the latest firewall. It also involves communicating the scale of the risk to stakeholders across the whole firm, and taking organizational steps to reduce that risk, such as mapping key assets and putting contingency plans in place.

Part of protecting an organization’s assets could be as simple as clarifying who should have access to what data within a company, and who shouldn’t. After all, according to the EY 2016-17 GISS, 74% of businesses say that careless employees are their top cyber vulnerability — a persistent finding since the internet became a common feature of the workplace.

Protecting the crown jewels

Another important thing to remember is that you probably can’t stop all cyber attacks. A degree of cyber exposure is to be expected. It’s not a question if, it’s a question of when.

One way that organizations can look at making their company more resilient is to understand and map what we call their “crown jewels.” These are the company’s most valuable assets, the assets that would-be cyber criminals would most like to get their hands on, and those whose compromise would cause the most damage to the company — whether that be reputational or financial.

Do you know your most valuable assets?

These crown jewels take some interesting forms. You may not be surprised to learn that customer payment details are an important asset for an online billing company. But for a pharmaceuticals company, the crown jewels might not be its chemical formulas, but its “operational tech” (OT), the machines that make its products.

A stolen patent can be contested in court; but a worm that sabotages precision machinery could set production back years. Other manufacturers could also be subjected to similar kinds of industrial sabotage — or even political sabotage.

The organization’s assets need mapping as well as protecting. This could mean installing discovery tools, which provide the organization with full visibility of its assets and its relative vulnerability, enabling the management of risk exposure.

The creation and operation of a cyber management framework

While we may have painted a picture of despair, filled with criminal syndicates and rogue employees looking to cause disruption at every step of the way, the reality is that if organizations can bring together a forward-thinking cybersecurity strategy combined with external expert resources, this can help enable proactive risk mitigation and support of the organizational strategy.

An effective cyber management framework can enable and encourage collaboration between the in-house cybersecurity function and a managed external function, often referred to as a managed security operations center (MSOC). Rather than an organization’s cybersecurity function being a group of techies shut away in one corner of the office, a MSOC approach takes a holistic, proactive view of cybersecurity, and more effectively contextualizes risk exposure.

This approach can address the need for cross-functional cooperation when managing cyber risk. A lack of clarity about other department needs, and their risk tolerance and operational requirements, can lead to suboptimal security solutions – which could create avoidable cyber vulnerabilities.

The heads of OT departments’ tend to be skilled engineers. But sometimes their understanding of technical operations and risk tolerance are at odds with other parts of the organization, including the IT department. By employing broad organizational risk mitigation strategies, the MSOC approach focuses on collaboration and aims to build solutions that cater to the needs of the various organizational stakeholders.

Forward-looking options can include technological functions, such as big data tools that learn the layout of your digital systems, and can distinguish between legitimate programs being uploaded by IT departments and genuinely hostile threats. However, the main aim is to bring together the diverse functions of the organization in the common understanding that maintaining operational resilience in the face of cyber threat is the responsibility of everyone in the organization, with a common goal of streamlining those responsibilities into one coherent strategy.

Keeping an eye on the big picture

Ultimately, a strong cyber risk management strategy should take account of the wider cyber risk landscape. That means continued understanding that the bad guys are bigger, badder and better organized than ever, and recognition of the impact this can have on organizations.

But it also means understanding that containing risk means more than just increasing your IT budget without a strategic focus. It should translate into an organizational understanding of what attackers want, what most needs protection, your tolerance to incidents, and clear articulation of the responsibilities of each person in the organization. The EY 2016-17 GISS describes how the concept of Sense – Resist – React to threats can help an organization achieve cyber resilience. The addition of an external MSOC to your cybersecurity capabilities could be your first significant step towards protecting your crown jewels.

To learn more about (Managed) SOC, watch our webcast “Is your biggest cyber risk the one you cannot see coming?”.