Making the most of your (next) data breach

first_imgIan Livingston, former CEO of BT Group, memorably stated: “There are two types of CEO, those that know their systems are being hacked – and those that don’t.”That was three years ago. While CEOs are undoubtedly more aware of the risks now, how many have employees who still play fast and loose with customers’ personal data? And how many senior managers have full control over their employees’ practices?Although much may have been invested to protect digital estates, many senior executives are unsure what personal data they retain and where, how well protected it is, who has access to it and – in an age of collaborative commerce, lengthening supply chains, and ecosystem delivery – precisely who is accountable for what.Some still rely on averages (“It won’t happen on my watch”) and apathy (“Everybody loses a little once in awhile”) to get them through any choppy water, should incidents occur and reach the public domain. But if you rely on crisis communications as your main defense (“We are investigating an incident we can’t comment on now; meanwhile the launch of x has delivered stunning figures…”), then there may be trouble ahead.With increasing transparency, tougher penalties, ongoing press interest, and the rise of socially-savvy, digitally-literate citizens and consumers, a casual approach to privacy has to change.Even the best defenses will succumb to attack sometimes. This is as much due to simple human error as it is to the asymmetry of security. The defender needs to protect perfectly on all fronts, while the attacker needs to find just one crack in the armor.Breaches are inevitable, and many customers understand that data loss happens regardless of how well-prepared a business is. How you act during and after a breach – and how you communicate with your members in the hours and days after discovery – is vital.Yes, some members will immediately leave in disgust, no matter what you do. But the vast majority of customers are more likely to leave because they feel your organization does not act with integrity.So how do you reduce the negative impact of any incident and make sure you “don’t waste a crisis,” should one occur?Redirect executive angst to infrastructure attention…If you run the department where the incident arose, you have to expect executives to focus on your operation and to be prepared to endure the heat of micro-management for awhile post-breach. This energy should soon be galvanized to address underlying issues you have probably been aware of for awhile, but which have been in the “vital but not urgent” budget category.Know in advance what to ask for once the immediate crisis is over while decision-makers have intimate awareness of your part of their business. For example, perhaps now is the time to move to the cloud – but have you reviewed the pros and cons from each stakeholder’s perspective?…and fresh opportunityInvestment shouldn’t stop at just fixing. Privacy confidence stems from the certainty that scrutiny brings.While there should be due caution about not rushing into another faux pas, a crisis handled well, and an intimate understanding of what data you hold, should give you new opportunities to engage anew with members. So long as they feel charmed and not persecuted by your renewed familiarity with them.Practice (don’t just document)Most businesses have well-documented if not oft-rehearsed or realistically-simulated emergency response plans. Practicing, not just writing down, your incident response plan builds organizational “muscle memory.” The best data breach is a staged one. One that reawakens people to the real world impacts that could occur if we mishandle the personal information entrusted to us.Institutionalizing the right habits is essential. Think how many people have read your fire policy and how many know what to do because the company has rehearsed a fire drill regularly. Then consider how much more likely a data breach is than a fire. 38SHARESShareShareSharePrintMailGooglePinterestDiggRedditStumbleuponDeliciousBufferTumblr,Nick Rhodes Nick Rhodes specializes in benefit realization and privacy. He has been with BAE Systems Applied Intelligence for 19 years helping clients plan, prioritize and push-through change. He works through the … Web: www.baesystems.com Detailslast_img read more

IPE Views: How big can an Apple grow?

first_imgJoseph Mariathasan wonders what, if anything, can check the technology giant’s astonishing growthApple was valued at more than $770bn (€687bn) at its peak in February, making it by far the single-most valuable listed company on the planet. Despite its mammoth size, its chief executive, Tim Cook, announced that it could grow at a rate more akin to a start-up. But how large can a company grow? For some companies, there may be a clear upper limit – how many cans of sweetened fizzy drinks can Coca-Cola sell to a global population, with increasing worries over an epidemic of obesity-related afflictions such as diabetes?That may be a reasonable question to ask of Coca-Cola, but can an analogous question be asked of Apple, with an enormous market, global distribution and a strong brand that, despite being enormous, still has a lot of growth in front of it? Will the limit to Apple’s growth be set when every person on earth has an iPhone?Mega companies were clearly growth companies at an early stage of their lives to reach their gargantuan sizes. But, at what stage should mega-cap mega brands be seen as purely post-growth and value/dividend plays? Deciding when a company such as Apple has reached that position is unclear. The limits to growth are clearly dependent on the business strategy a company chooses to follow. Apple is clearly not a one-trick pony. It is not just a hardware company like Dell, having built an ecosystem around a seamless integration of innovative products and applications way beyond production of commodity hardware. The limits to growth are further away for companies with three key characteristics. First, as famously outlined by Warren Buffet as the companies he favours, are those with an economic moat that protects them against competitors, with a well-known brand name, pricing power and a large portion of market demand. This can provide the ability to grow enormously, but, sometimes, disruptive technologies can overwhelm even the widest moat. Kodak is a classic example, where its domination of photography could not withstand the impact of digital technology. But Apple has become the ultimate consumer brand, with the ability to create interest in any new product or variation of an existing product by just adding the prefix ‘i’.A second economic driver for growth also requires high-quality companies to be able to get better as they get bigger. Bigger does not always mean better, and the banking industry is the prime example of this. Citibank has a global footprint, but its value lies in having a few particularly strong local franchises in countries like Mexico.The insurance industry is another case in point. Life insurance and property and casualty insurance are locally regulated and require capital to be domiciled in local markets, giving few benefits in size, beyond reducing the overall volatility of results. Reducing volatility benefits senior management but not shareholders who could gain equivalent diversification themselves. At the reinsurance level, however, size can bring benefits because of the nature of the business and the size of the transactions. For Apple, the iPhone ecosystem that has grown is a classic example of something that gets better the bigger it grows.The third key characteristic that virtually all mega companies have is the ability to seek customers in the emerging markets.Any constraints to its size are further away for Apple than for most other companies, as it has all the three factors for growth in spades. So what can be the limits to growth for Apple? “The biggest risk for most of the companies we own is anti-trust regulation in the US that will force them to split apart,” said one fund manager on his Apple weighting. “We don’t like that problem, but we certainly prefer it to others we might have!”That is exactly what happened to the old AT&T, which once dominated the US telephone market and was forced to split up in 1982 into seven regional telephone companies – the ‘baby Bells’. That is unlikely to happen to Apple, given that it does not operate in oligopolistic markets and its innovations have attracted rapid and ferocious competition.There appears to be no limits to size for Apple. But then, AT&T, at its height, employed 1m people. Apple employs less than one-tenth of that. A great investment for its shareholders but perhaps also a sign of the problems society faces with the new generation of mega companies that are great at producing returns for shareholders but lousy at producing jobs.Joseph Mariathasan is a contributing editor at IPElast_img read more