The Global Outlook for 2016

With unease over interest rates, plummeting oil prices and China’s stock market plunge, business leaders had to navigate many economic factors last year. Now, Criticaleye takes a look at the current global economy and asks leaders about their focus for the year ahead.

“Concerns about potential economic fragility in emerging markets commanded considerable attention in the second half of 2015. In particular, the possibility of slower growth in China as it moves to a consumer-led economy,” says Barry Naisbitt, Chief Economist at Santander UK.

The other headline-grabber was the US Federal Reserve’s decision to raise interest rates – the first increase since 2006. “Contrasted to this, the European Central Bank (ECB) is still undertaking quantitative easing and has cut deposit interest rates,” Barry comments.

“As 2015’s drop in inflation was due to the sharp fall in oil and other commodity prices – which started back in 2014 – unless those falls are repeated, it looks most likely that inflation will pick up again in 2016.”

Economic growth in both the US and UK is expected to continue, although not at a storming pace. “The IMF expects growth of 2.8 per cent in the US and 1.6 per cent in the Eurozone,” Barry notes.

When it comes to the UK, household earnings have increased due to the sharp fall in inflation, according to Barry. “If productivity growth picks up, then employment is likely to rise and result in a stronger overall economic position.”

Matthew Blagg, CEO at Criticaleye says all eyes are on China as it “addresses its structural issues” and he expects ripples to appear globally in commodity and oil prices.

Global wage inflation, and specifically the UK’s national living wage, is set to have a big impact on many industries, notes Matthew.

“Productivity will be hugely important. I think the tactical capability of leadership teams will be challenged. Organisations that haven’t aligned the strategy with capability will struggle,” he says. “Well-run businesses that get the balance right between income, reward, productivity and profit will do incredibly well.”

We spoke to a range of business leaders to find out what challenges and opportunities they expect to face this year:

Sandy Stash
Group Vice President, Safety, Sustainability & External Affairs
Tullow Oil 

In 2015, the largest challenge was the steep and rapid decline in the price of oil. The challenges that’s brought have included a need for fairly quick action on everything from capital budgets to operating expenses. All indicators say that challenge will continue this year.

But this also brings an opportunity to catch our breaths and work on making the business more efficient. We’re figuring out how to do more with less; how to simplify processes. One thing we did last year was to integrate all of our management systems into a single common one. That allowed us to streamline and clarify what we do.

As a leader, it’s a great time to knock down organisational barriers and encourage the team to explore better ways of doing things. It’s easy to get duplication and overlap when a company grows quickly.

When I look back on my career, some of the biggest opportunities came during downturns as people get the opportunity to enhance or expand their skills.

Phil Smith
CEO, UK&I
Cisco Systems 

The biggest opportunities for Cisco in the year ahead lie with cybersecurity and risk, the software-defined data centre and the Internet of Things (IoT).

The IoT is a big drive for Cisco because connecting things is the essence of what we do. Over the next five years, the number of connected devices a typical country might have is set to rise from tens of millions to tens of billions; this is happening faster in the UK than elsewhere. I also think we’re going to see big growth in the use of robots and autonomous systems.

In 2015, we acquired 11 companies and formed many great partnerships including one with Apple, optimising our networks for iPads and iPhones to function better in the work environment. There’s a recognition that while as consumers we’ve all got devices in our hands, when it comes to business we only use a fraction of their capability.

We’ll continue to look for opportunities in the year ahead and with $50 billion on the balance sheet in cash, we’ve got strong buying power in an interesting and evolving market.

Chris Riquier
CEO
TNS Asia Pacific 

The ongoing challenge for the market research industry is how to capitalise on new data sources created by the digitalisation of business and media. Today, we are presented with exponentially increasing volumes of data from new sources and new skills are required to monetise the opportunity.

We’re witnessing a huge number of start-ups in the industry, primarily focussed on analytics and new media. Many of the skills we require have been built within start-ups, so we’re constantly looking at increasing the number of partnerships with capabilities that complement our strengths.

China will also continue to be a key driver of growth. Five years ago, our client base was heavily dominated by Western multinationals whereas today the majority of growth is coming from local Chinese firms.

We’ve seen a greater degree of stability in our Chinese business this past year. Previously, there were significant fluctuations within individual sectors that were booming and then plateauing, making it difficult to manage supply and demand.

Now we know demand is mainly driven by domestic consumption, so it’s easier to predict the direction of our business and the degree of investment needed.

John Duffy
CEO 
Finsbury Food Group 

In 2014, our UK speciality bakery Group made £256 million in sales, which was ahead of expectations. The food service market typically grows at about five per cent per annum compound, but our organic growth in 2014 was about six per cent and our food service growth was close to ten.

We made two strong acquisitions in 2015, which broadened our channel offering. We welcomed Marks & Spencer as a large customer, plus moved into the food service channel through our acquisition of Fletchers and into the coffee shop sector with the acquisition of Johnstone’s Cake Business.

As an employer of over 3,000 staff at eight UK sites, we’re having to get our heads around increases to the national living wage, pension contributions and the new apprenticeship tax, which could be half a per cent on your payroll.

As well as prioritising further strong growth, planning for that through automation, skill development and productivity improvements is going to be quite a key thrust for our sector and Group. To address this, we increased our capital spend from just over £7 million in 2015 to about £11 million for 2016.

Anthony Fletcher
CEO
Graze 

I’m watching Europe like a hawk. Graze has been able to successfully internationalise into one country; of course it’s something we want to look at repeating. However, legislation seems to be getting more complicated. My worry is that there are more barriers to companies that want to transact over multiple territories.

Last year we launched in supermarkets including Sainsbury’s, Tesco, Asda and Waitrose. The roll out has been rapid. We’re also trialling in Odeon cinemas; that’s doing very well.

Being in more than one channel is an advantage. It’s more convenient for customers and sales have been strong. We’re absolutely looking to roll out to more retailers this year.

We’ve also made new senior hires. This links to our future vision for multi-channel expansion; we’re bringing in executives with skills to drive that. For instance, we’ve brought in someone from Expedia with a lot of experience in an international technology business.

Lucy Dimes
Former COO, Equiniti
Non-executive Director, Berendsen

Last year, in my roles as Chief Operating Officer at Equiniti and Non-Exec for Berendsen, technological advancements and digital channels featured continually as methods of competitive advantage, as well as potential threats and sources of industry disruption.

Financial services are at the very beginning of disrupting business models by using technology and digital channels to give customers what they really want. I expect to see a lot more of this in 2016.

More broadly, as the Internet of Things becomes a reality, I envisage lots more ‘machine-to-machine’ innovations and apps coming to market.

For investors 2015 was a mixture of confidence and cautiousness − capital was there but investors were looking for less risk and more certainty. So, while IPOs like Equiniti’s were successful and plentiful, multiples were more realistic than previous years and I expect that to continue in the year ahead.

Justin Ash
CEO 
Oasis Healthcare 

We’re going through an exciting growth phase. Back in 2014, we bought 110 new practices on top of the 200 we had before, which we’ve been busy integrating. It’s gone very well and in 2015, we bought an additional 40 sites.  We’re going to exceed £300 million turnover for 2015… which is a dramatic growth on prior years.

Branded dentistry is a growing global trend, so I’m certain we’ll internationalise at some point… but we’ll do that when we’ve consolidated more of the UK opportunities.

The world of healthcare is going digital and we see a lot of potential there for winning patients, building relationships and keeping them informed.

We offer very clear, national, single price points; the ability to book online and out of hours opening. I think the reason why we’re growing faster than the market is because we’ve led on this. The consumer feedback is very positive. It will challenge the market to consider these things.

 

By Mary-Anne Baldwin, Editor, Corporate and Dawn Murden, Editor, Advisory

 

Do you have a view on this subject? If you have an opinion that you’d like to share, please email us
Join Mark Gregory, UK&I Chief Economist for EY, at our Executive Breakfast where he will open a discussion on this year’s key business challenges and opportunities.

 

https://twitter.com/criticaleyeuk

 

Advertisements

Cyber Security and the Board

You don’t have to be on the board of TalkTalk or Carphone Warehouse for cyber security to be at the forefront of your mind right now. The reality is that no company is immune to hacking and executive and non-executive directors need to address cyber risks thoroughly by asking the right questions.

Last month, TalkTalk was victim to a significant attack on its website, with fears that customers’ bank details were hacked. Also in August, the personal details of 2.4 million Carphone Warehouse customers were reportedly compromised by cyber criminals.

Both incidents created a storm in the press and the companies are yet to determine how much reputational and monetary damage was caused.

The problem is far-reaching. According to the latest data from the UK Government’s Department for Business, Innovation and Skills, 81 per cent of large corporations and 60 per cent of small businesses reported a cyber breach in 2014, with the worst costing between an estimated £600,000 and £1.15 million.

“We’re seeing some very sophisticated attacks on critical infrastructure. It’s no longer a matter of just covering the basics,” says Justin Lowe, Cyber Security Expert at PA Consulting Group.

The board must be asking the right questions to mitigate risks, Justin adds. “They need to be gaining confidence that their organisation has a good grip on what personal and sensitive information it holds. Then they need to build confidence in shareholders and stakeholders that they are adequately protected,” he says.

Estella Judson, Key Account Director for the Advisory Practice at Criticaleye, comments: “Cyber security is a risk that boards must tackle comprehensively. In fact, it should be a top item on the risk register. No company is exempt from the threats.”

Criticaleye spoke to seasoned business leaders to reveal the top five cyber security questions they’re posing in the boardroom:

1) Which of our assets, if breached, would have the biggest impact on our business? 

According to Paul Brennan, Chairman of OnApp, a board needs to define the company’s most valuable assets. “Every board director should be asking how they can protect the assets of their business, clients, customers, partners and employees,” he says. “Inevitably the more we enable people to interact and transact in an online world, the more we expose their data to attack.”

You need to think about all the different threats the company faces, says Crawford Gillies, Non-executive Director at Standard Life and Barclays, and Chairman of Control Risks. “It might be intellectual property, or strategic plans, or customer information,” he adds.

2) Do we think our protection mechanisms are proportionate and accurate? 

By starting with the assets and their value, boards can then look at what defences should be in place. Justin comments: “So many times I hear security managers say: ‘I’ve proposed this but it never got approved.’ You need accountability at board level to support those important investment decisions.”

Paul notes that a lot of companies now have their chief information officer on the board. “They can’t just be someone who is coming to the board to present. They need to understand the strategic goals and imperatives of the business… and as a peer, be held to scrutiny about what is being done to control risks.”

There should be an assessment of the vulnerabilities and a clear strategy to defend them. Alastair Lyons, Chairman at Admiral Group, says: “One would expect a presentation to include the standard protections, such as penetration testing, encrypting, locking down laptops and having very limited access of company devices to the internet.”

3) Are we adequately prepared to respond to a security breach? 

When it comes to cyber attacks, boards should think in terms of ‘when’, not ‘if’, notes Sarah Bates, Chair of St James’s Place.

“All of us, both privately and [in a business environment], rely to a greater or lesser extent on the internet, which was designed to be open and [as a result] can be vulnerable. There are many people with harmful motives who are very clever and determined, seeking to use the internet as a back door into our lives,” she adds.

There should be clearly established protocols for reaction to a cyber attack, both in terms of internal actions and external communications. Alistair comments: “In the event of an attack there may be need to inform customers, suppliers, regulators and the media; who should do what, how and when? There should also be a realistic assessment of the cost, in particular the reputational damage.

“Similarly, if a hack disables the company’s systems it should have a disaster recovery programme in place. How fast can it get itself working again? How up-to-date and reliable is that backup?”

4) Do we have a suitable risk culture? 

The weakest link is often the people, not the systems, says Jeremy Lloyd, Chief Technical Director at ICSA Software International.

“Board-level executive sponsorship is vital. The executive in charge will need to ensure a cohesive strategy is adopted across a variety of departments, such as IT, Risk and Compliance, and HR,” Jeremy continues. “Most importantly this person must be able to break through the traditional departmental boundaries to execute cross-organisational culture change.”

Crawford notes that companies are putting more emphasis on risk culture, especially those in the financial services, which are under regulatory pressure.

“Focusing on the technological barriers is necessary but not sufficient, which takes you to the whole issue of risk culture,” he explains. “How do you get people to be aware of cyber risk at all times, particularly those with access to valuable data or valuable assets?”

5) Are we constantly improving our understanding and implementation of cyber security? 

“Breaches like that of TalkTalk are big news for a week and trigger discussion. However, there is a worry that as the headlines fade so may vigilance,” says Estella. “Cyber security can’t be something ‘over there’ in the IT function. Threats frequently change so you need to constantly update the information at the board level.”

Boards should discuss cyber security at least on a quarterly basis and every board report should have a risk update and commentary of assurance.

Jeremy comments: “With the significant number of cyber breaches this year it’s clear that, even in these modern digital times, organisations are not properly taking account of the potentially devastating effects on their share price, reputation, and especially customers. It should be a top five item on the risk register.”

By Dawn Murden, Editor, Advisory

Do you agree with the questions posed above? Would you ask something different? If you have an opinion you’d like to share, please email Dawn at:dawn@criticaleye.com

https://twitter.com/criticaleyeuk

Why the Internet of Things Means Business

Comm update_17 December3If the Internet of Things (IoT) achieves the scale many experts are predicting, the changes will be far reaching. From how energy is used, to simply going to the fridge for a snack, the widespread adoption of sensors to connect machines so they can, in effect, ‘talk’ to one another has the potential to transform the delivery and capability of products and services.

It’s certainly not an exaggeration to say the IoT is already happening and is only set to get bigger. In 2013, approximately 10 billion sensors were shipped worldwide, and this year that figure will be just over 24 billion. By 2017, it’s estimated that nearly half of all IP traffic will be from non-PC devices (2013: 33 per cent).

“It will have a transformational effect over the next five years,” says Matthew Smith, Global Head of Market Development for the Internet of Things at Cisco Systems. “What we’ll see in the first phase will be a lot of process improvements – it’ll be processes that already exist that can be combined.

“So if you have a supply chain, you’ll be able to combine that with your e-commerce strategy and your fleet delivery and transport to make sure everything is ‘talking’ to each other at the same time. You’ll receive real-time updates and that really allows you to conduct the scenario planning that is required.”

It will lead to increased volumes of data. Geraint Anderson, Non-executive Director at component supplier Volex, says: “The competitive advantage will lie in how to make sense of all this information and use it to inform decision-making. It’s about understanding key trends and issues by sifting through the volume of information that is available.”

Paul Brennan, Chairman of cloud storage provider OnApp, says: “The Internet of Things is a huge opportunity for data mining. If you’re running a company that is, for example, going to be looking after and maintaining office complexes, student accommodation or hospitals, this will provide the ability to analyse the data within different systems.

“So if you’re looking at the optimal way to heat apartments in cold countries for instance, you can start to do things very intelligently in order to manage the flow of energy, as opposed to a monolithic approach which is to turn the temperature up for the entire building.”

As a result, significant growth can be expected in device manufacturing. “There will be software companies which are writing the applications and the programmatics to help manage and optimise the Internet of Things,” says Paul. “It will then be people looking at the way in which they can integrate [the various elements] across the IoT platform.”

Get connected

There is a lot of excitement and speculation about the impact the IoT can have on healthcare. Matthew says: “In the longer term, there will be things happening we haven’t thought of yet. So, if you have a [fitness tracker wristband like] Fitbit, it could be connected to your refrigerator, which could be connected to your supermarket [order] and your scales, so you know what you’re eating and [why] you weigh [what you do].

“From there, you can gauge how much exercise you’re taking and [this information] can be [seen by your] doctor, who can then provide real-time healthcare advice rather than sick-care. All of this can be connected to the insurance company you use, which can start to provide dynamic pricing.”

This new eco-system, or the ‘sharing economy’ as it has been described, will lead to the creation of different business models. However, as every part of our lives becomes tracked and open to scrutiny, there are understandably concerns about privacy and how secure this information actually is.

Steve Muylle, Criticaleye Thought Leader and Professor & Partner at Vlerick Business School, says: “There are quite a few risks, such as security. If you look at health, what if somebody hacked your medical records and changed your drug prescription?

“It goes beyond that. If you are in a hospital and the Internet of Things is used to treat you, what if that treatment was changed automatically by hackers?”

Transparency over data policies will be increasingly important for organisations and, ultimately, they will have to invest more on protecting customer information. Heather Savory, Independent Chair of the Open Data User Group, which provides advice to the UK Government’s Data Strategy Board, comments that “cyber security is going to be absolutely paramount because since you’ve got automatic control of things, you need to be sure somebody can’t tamper with automated processes”.

That said, the positives brought about by greater interconnectivity should be kept in mind. “There are real issues around how people fear personalisation,” says Heather. “But the Internet of Things isn’t about Big Brother, it’s just about using data more effectively for the benefit of the economy.”

Fact or science fiction?

As ever, there is a lot of PR and marketing about the IoT and some of the expectations around what can be achieved may prove to be outlandish or downright silly.

Ultimately, the growth of the IoT will depend on customer demand, reliability and the price points being right, as was seen with Web 2.0 and mobile.

Matthew of Cisco doesn’t doubt for a second that once critical mass is gained, the impact of the IoT will be game-changing. “We’re looking at this over the next ten years being a $19 trillion opportunity… In fact, it will be five times as a big as the internet.”

While difficulties can be expected, from technical issues around the compatibility of devices to regulatory scrutiny, there is a strong sense that the IoT is something that businesses need to be paying close attention to.

I hope to see you soon

Matthew

www.twitter.com/criticaleyeuk

5 Ways to Tackle Cyber Crime

Comm update_5 NovemberWhile organisations are spending significant amounts of money trying to keep cyber criminals at bay, financial investment alone won’t be enough to deter governments, hacktivists or nefarious gangs, nor will it prevent carelessness among employees. Increasingly, it’s apparent that senior executives need to step up and take the lead, and ensure everyone within the organisation knows the part they must play in creating a truly effective defence.
In other words, delegating responsibility to an IT specialist won’t be good enough. Unless boards and executives understand the extent of the risks, it’ll only be a matter of time before security weaknesses are exploited. Criticaleye spoke to a range of leaders and advisors to find out how organisations can beat cyber crime:

1) Scope Out the Risks

If security structures are to be successful, leaders need to identify where the cyber threats to their company originate and what’s being targeted. Malcolm Marshall, Global Head of Information Protection and Business Resilience at KPMG, comments: “You’ve got four key players: foreign governments typically [want] commercially valuable data… or intellectual property that they can pass on to one of their own country’s companies.

“Criminals are after any data that can be converted into financial benefit. Hacktivists [look for] information that suits their ideological beliefs, such as evidence that a particular company is evil or unethical, and the insider [is usually out for]… revenge or financial gain.”

Insulating yourself from every threat is impossible. Sue Kean, Chief Risk Officer at FTSE 100 financial conglomerate Old Mutual, explains: “It’s important to set a meaningful risk appetite. Step one is [prioritising] data and, for all but the most highly restricted items, a zero tolerance approach to cyber risk is just not going to be feasible. We have to accept that there could be occasional breaches.

“If there are breaches, we’ve [then] got to have good enough detection to pick it up and take corrective action quickly.”

Peter Shore, Chairman of Arqiva, a provider of television and radio broadcast infrastructure, says: “You need to prioritise your systems and put a defence around them according to how critical they are…

“In some cases what you try to do is entirely segregate a system from others which are more widespread and, by nature, less secure.”

2) Choose a Leader

Selecting the right person to lead the cyber security agenda is vital. Whether it’s the CRO, CIO, COO or CFO, the specific responsibilities will vary considerably depending on the organisation and how threat levels are perceived. What is clear is that they need to be constantly communicating with the executive committee and be thinking across the organisation, rather than about their own silo.

According to Malcolm, critical decisions can’t be left solely in the hands of the IT function. “Capable though they are, they do not have the full picture. They’ll often [prioritise] things that don’t necessarily need protecting and fail to identify those that a chief executive, COO or market-facing executive will understand to be critical to their collateral success or reputational integrity.”

A similar point is made by John Lewis, Chief Operating Officer at mobile communication provider Airwave Solutions: “Quite often you will get demands from the business to make things easier, which often means bringing in greater security risk. So, having someone who understands the risks in some detail but can then balance the risk-reward decision is important.”

Whoever takes the lead must clearly identify the key action points, communicate them to their executive colleagues and ensure they’re being executed. Gavin Walker, Chief Information Officer at air navigation service provider NATS comments: “My challenge is to make sure that those risks are owned by the business. I can create the right mechanisms, the right policies and the right standards to work to, but we need to be very clear that everyone takes responsibility for implementation.”

3) Engage the Board

According to Heather Savory, Independent Chair of the Open Data User Group, which advises the UK Government on the value of the data it collects, boards are being short-sighted if they fail to treat cyber security as a priority.

“Too many organisations have strong governance around financial risk – primarily because they are required to report their financial status publicly – but pay little attention to IT risks until disaster strikes,” she says.

Brian Stevenson, Criticaleye Board Mentor and Non-executive Director of the Agricultural Bank at China (UK), comments: “There has to be line of sight from the main board to wherever your key risks are located. It’s about having the ability to probe an organisation and to satisfy yourself that its defences are adequate.”

As with all fast-moving, specialist areas, organisations have a duty to ensure their non-executives are kept up-to-date. “We might get external speakers in to take the board through the wider national threats – that’s something I would certainly recommend,” says John.

For Peter, this is where the skills and experience of an IT executive can come in particularly handy. “Our board members can ask for a session with our CIO or chief IT guy if they feel it’s necessary to get up to speed and fulfil their obligations as a director.”

4) Educate Your Stakeholders

Employees are potentially a company’s biggest vulnerability when it comes to cyber security. However, for organisations that devote sufficient resource to informing them about the risks, staff can become a powerful asset.

“We’re having to raise the level of education that we provide to our staff,” says Alan Towndrow, Group Information Systems Director at international asset advisor, M&G Investments. “We’re making sure our employees are aware of phishing emails and the social engineering that takes place. This is just as true in their private lives as it is at work.”

Leaders need to communicate the security strategy and explain exactly why it’s central to a business’ success. John explains: “People get frustrated by the security measures because, naturally, they make things more difficult. Giving some exposure as to why… we have those processes in place helps make it real for them.”

As is often the case, actions speak louder than words. Gavin says: “The executives at NATS lead by example because they understand how big the risk is. If cyber crime isn’t being taken seriously by them, it’s unlikely it’ll stick with the rest of the organisation.”

According to Ruchir Rodrigues, Managing Director of Digital for Barclays’ Personal and Corporate Banking Group, UK and Europe, this education should extend beyond an organisation’s employees. “An area of concern for us is that fraudsters use different methods to get information from the customer themselves.

“We need to reach a point where certain behaviours and practices are ingrained in customers’ brains… so [if, for example, someone phones you] whoever is claiming to be on the call, do not give them any passwords [or sensitive bank details]. It’s that kind of awareness you have to drive.”

Collaborating with your competitors may be necessary for this because it’s a job too big for any single business to tackle alone. Ruchir continues: “Banks are coming together to agree certain principles or frameworks that we will all have in place… This has to be industry wide.”

5) Continually Reassess Your Position

Investment in cyber security should no longer be seen as a one-off, technical fix. Leaders have to regularly invest time and money into assessing the threats, their systems and cultural practices, or they’ll quickly find themselves at risk.

The proliferation of internet enabled devices and mobile working, as well as an increasing reliance on cloud technology, is raising a number of questions. Alan comments: “There’s a growing awareness that the infrastructure that businesses use can expose them to vulnerabilities, so work needs to be done to respond and to develop strategies that allow you to come up with higher levels of security.”

Gavin says: “This isn’t something you just pick up, put a bit of effort into and then put down again. It’s here forever and it’s just going to get worse or more complicated. So, it’s a journey… that all organisations are going to have to live with for a long time.”
***

 

Increasingly, companies rely on the integrity of their digital capability to maintain the way they operate and their reputation. That’s why time invested in understanding the macro issues and how your company is responding is never wasted.

As Malcolm says: “Security is not something [that should] get in the way of doing business but is something that enables you to do it more safely. Hopefully that means something to [you and] your customers.”

I hope to see you soon

Matthew

www.twitter.com/criticaleyeuk