Enough about business models; what else do I need to consider?
Changing your colour or brand of lipstick doesn’t remove the risk of it smudging; it might change the likelihood or situation which causes it to happen but it doesn’t entirely remove the possibility.
This series of blogs has, so far, looked at how business models are changing to take advantage of digitalisation and globalisation. In this blog, I will look at the organisation from a different perspective and considers the risks facing them in an increasingly digital global market place.
It is true that each and every business faces their own unique set of risks, however in the same way that business models determine the organisations ability to capture value; understanding and managing business risks removes the likelihood of an organisation losing value. Globalisation and technological changes have introduced new risks while not necessarily removing those traditionally encountered. What are these new risks and how can they be better managed?
Hold on a moment; let’s put the (risk) brakes on. What about well-known risks that might be encountered in new ways?
McKinsey’s Digital Globalisation report (2016) highlights the emergence of small enterprises that become micro-multinationals and operate on a global basis from day one. While this represents opportunities for these organisations it also changes their exposure to risk. In this scenario small enterprises will face risks, such as currency risk, early on in their operations which they may never have encountered before. This has significant implications for demand and profitability as their products could become relatively cheaper or more expensive depending on exchange rate fluctuations. Likewise currency risk could also affect the cost of raw materials which can increasingly be purchased online from offshore suppliers.
The elephant in the room looms large…
Businesses are increasingly connected and digital. The impact of this combination is that information is stored in systems that are at risk of being misused by internal parties, external parties and things. Cyberattacks and the costs associated with them are, unsurprisingly, also on the increase (World Economic Forum, 2014).
Google can provide you with all of the examples necessary to prove that the risk of a cyberattack is real. Cyberattacks take many forms such as phishing or malware but the one that interests me is the risk of social engineering. This involves the use of personal but publically available information, such as social media posts or tweets to gain access to a user’s accounts which can then be used to introduce a threat such as malware onto the individual or enterprises’ network (Symantec, 2016). This is about the way we use and interact with technology. Traditional methods of protection such as firewalls aren’t necessarily effective.
However, those internal to your organisation pose an equally damaging direct threat. I’m assuming you’ve heard of Edward Snowden, Chelsea (formerly Bradley) Manning or Julian Assange? It’s likely you have, these individuals have become infamous for leaking information and using technology to disseminate it. The first two for obtaining the information during the course of their employment and the later for being the public face of WikiLeaks that made the material available online.
These are high profile cases which have had global implications but the existence of this kind of threat is just as relevant in our backyard where NZ is identified as being increasingly vulnerable to cyberattacks and, globally, for small and medium size business. Cyberattacks on enterprises with less than 250 employees are on the rise and cyber criminals do not discriminate based on organisational size if there is a profit to be made (Symantec, 2016).
It’s also important to recognise that the motivations for an attack are not always profit based and the term hacktivism is used to describe a politically or socially motivated cyberattack. This changes the risk mitigation strategies required for organisations. Mossack Fonseca, a Panama law firm, became world renowned when leaked legal documents exposed the practices of well-known individuals, corporations and countries.
So what, my business has been attacked; people have short memories and it will recover — right?
Not so fast, the implication of Web 2.0 and the explosion of social media means that information which was previously reported locally has the potential go viral and spread globally within a comparatively short amount of time. This introduces serious reputational risks as well as financial ones. Technology has provided the means for information about a company to exist in a medium that is searchable, cannot necessarily be removed as it is posted and repost or tweeted and retweeted and has global consequences.
It’s not just reputational or financial risk either, there are now regulatory risks as well. The US, UK and Europe have all introduced legislation which allows regulators to impose penalties in the event of a cyberattack where the organisation is shown to be negligent.
Now I’m worried; what can I do about it?
Mitigating the risk of a cyberattack requires businesses to identify those information assets which are critical for them, incorporate cyber resilience as key enterprise-wise risk management framework and ensure that the organisations leaders treat this issue with the respect it requires (World Economic Forum, 2014). Technology provides one line of defence but employees and individuals remain key to protecting a business against a cyber threat. Likewise it’s important to define how to react to a cyberattack if it arises (Symantec, 2016).
What about the risk of missing out?
Is this actually the biggest risk of all? The rhetoric that if you don’t disrupt you’ll become irrelevant and that market places are changing is a reality. Its not only supply chains and customer distribution channels that are effected; it’s also the commoditisation of products and processes that were previously unattainable for individual consumers. 3D printing being an example where people can create a range of goods rather than needing to buy them (McKinsey Global Institute, 2016). Peer-to-peer companies like Uber and AirBnB have created a sharing economy that is available to anyone with an internet connection while removing the advantage corporations had when they provided equivalent services that required capital intensive assets.
With that in mind; I’d like to conclude that yes enterprises are changing as a result of ICT and global commerce. The mechanisms by which they create and add value are impacted by the increasingly global nature of business and the technology that enables it. These factors disrupt the target market as well as how consumers can and want to interact with organisations. The risks facing today’s businesses are also changing and expanding as a result. Ultimately, being in business is about identifying the opportunities whether they be local, regional or global and taking advantage of them in a way that is most advantageous. This includes the use of new or old technology, mitigating new or old risks and adapting to new or changing business models. Simply put, these can all be identified as factors of doing business in todays’ world.
References
McKinsey Global Institute, J. (2016). Digital globalisation: The new era of global flows.
Symantec. (2016). Internet security threat report (№21). Symantec.
World Economic Forum. (2014). Risk and responsibility in a hyperconnected world.
