#07 Sept-Nov 2022 20 CHF
PRODUCTS v DATA
EMBRACING THE METAVERSE BEWARE OF BOSSWARE
CYBER RESILIENCE PROTECT AND SURVIVE
AUTONOMY AT WORK
POWER OF FAILURE ibyimd.org
21052 Dubai
21323 Grand Piano
10280 Flower Bouquet
LESS ACTION. M O R E S AT I S FA C T I O N . A D U LT S W E L C O M E
Experience LEGO ® Sets for Adults – rewarding and creatively challenging sets to suit all interests. LEGO.com/Adults
LEGO and the LEGO logo are trademarks of the LEGO Group. ©2021 The LEGO Group.
[ Foreword ]
Risks and rewards in the cyber age
I
n IMD classrooms, both physical and virtual, disruption and upheaval have featured prominently this year. In conversations among executives and with faculty, the business- and leadership implications of geopolitical turbulence, supply chain disruptions, and the climate crisis have come up time and again. This was particularly true during Orchestrating Winning Performance, our signature program for 400 leaders that we were able to hold on our beautiful Lausanne campus for the first time since 2019. Despite the formidable tasks ahead, participants left both challenged and inspired to tackle problems, old and new, with fresh approaches and novel ideas. Of course, any list of disruptive forces in our world is incomplete without an examination of the myriad ways in which digital technology has opened up unprecedented opportunities, while also challenging leaders and organizations in new ways.
Coverphoto: i-Stock, Montage: IMD, Illustration: Jörn Kaspuhl
This seventh issue of I by IMD is focused on this duality — the promise and pitfalls of technology. Take the metaverse, which McKinsey believes could generate up to $5 trillion in impact by 2030— the size of Japan’s economy. Angelika Gifford, EMEA Vice President at Meta, shares practical advice on how to embrace what’s ahead with barely concealed excitement: “We have a once-in-a-lifetime opportunity to ask what really matters to people.” If a human-centric metaverse is on the positive side of the digital ledger, pervasive electronic surveillance is surely on the other. As University of Michigan Professor Jerry Davis highlights, the pandemic has accelerated the diffusion of “bossware”, tools to monitor employees and their productivity. Studies show that hundreds of companies now track their employees’ every keystroke and click, often without their knowledge. My colleague Öykü Isik, who directs IMD’s cybersecurity programs, explains why every manager, regardless of industry or role, should
pay more attention to cyber-resilience, urging the creation through collaborative efforts of a “minimum level of cyber hygiene” globally. Our subsequent survey of the cyber-resilience landscape is enabled by a terrific group of entrepreneurs, executives, and scholars whose various contributions illuminate the state of play. As always, I by IMD is packed with practical insights from our faculty. Leadership guru George Kohlrieser reminds us that the most effective leaders admit that they don’t know it all. Arturo Bris highlights that the war for talent is now fully intertwined with the quest for national competitiveness. Mohan Subramaniam, our newest colleague, argues that data, not products, now drive revenue in many sectors. Alfredo De Massis and Ivan Miroshnychenko explore why family firms rarely stand out when it comes to sustainability. And future readiness expert Howard Yu presents evidence that greater diversity in industries such as pharma is associated with more innovation. Finally, my personal highlight, a fascinating portrait of Jessica Tan, the dynamic co-CEO of Ping An, China’s largest insurer, based on a dialogue with IMD President Jean-François Manzoni. Tan is the architect of Ping An’s highly disruptive digital ecosystem-based business model. Access a video version of the conversation simply by scanning the QR code at the end of the article. Despite the technology-related risks highlighted in this issue, I remain an unabashed technophile amazed by the value leaders like Tan can create for millions. But as more of our lives becomes digital, the need for responsible leaders who can innovate and disrupt without jeopardizing our security or imperiling our dignity has never been greater. In this spirit, #onward. ■
David Bach, Dean of Innovation at IMD Sept-Nov 2022 • I by IMD 1
[ CONTENTS ] 04 [ In good company ]
Jerry Davis discusses the negative impact of so-called “bossware”, which
companies are using to spy on their employees.
06 [ Strategy ]
Angelika Gifford, a senior executive at Meta, offers expert guidance on how
to make the most of the rapidly developing technologies of the metaverse.
[ Cyber-resilience ]
The rise of cybercrime poses a major threat to organizations around the world. In a 27-page analysis, specialists examine the key issues and offer valuable insights into how to keep you and your company safe from attack.
10 The volume and sophistication of cyberattacks are growing alarmingly. Organizations must work together to turn the tide, warns Öykü Işik, head of IMD’s Cybersecurity risk and strategy program. 12 Akshay Joshi suggests five
practical steps to plug the gaps in your organization’s digital security.
15 Peter Bauer, co-founder and
24 Legal expert Edite Ligere
explains why she thinks the temptation to introduce a global framework to tackle cybercrime should be resisted.
26 Dave Chatterjee, host of the Cybersecurity Readiness podcast, suggests ways for C-suite executives to plan and implement effective security measures.
30 Passwords are often the weakest
CEO of the cybersecurity company Mimecast, tells of his 20-year battle against computer criminals.
link in the cybersecurity chain. Data security business leader Sandra Tobler examines the alternatives in an interview with Öykü Işik.
18 Every part of your business is
34 Johan Gerber, who is responsible
at risk, not just IT, and negligence on cyber-security issues could lead to heavy fines, warn Jeanne Boillet, Salvatore Cantale, and Mitchell Scherr.
22 Our specially commissioned
infographic details which nations and sectors are the most and least cyber secure, along with a rundown of the biggest data breaches. 2 I by IMD • Sept-Nov 2022
for cybersecurity at Mastercard, says he’s on a mission to protect the global financial system from criminal attack … and blockchain could be the secret weapon.
36 Manufacturers are for the first
time bearing the brunt of cyberattacks. Defending a company’s downstream supply chains is just as important as making the core business cybersecure, explains Stephen Phipson.
10
38 [ Psychology ]
Arnaud Henneville-Wedholm tried to ‘take down’ Facebook and failed miserably. He describes how the lessons learned from this setback helped to make him stronger.
41 [ In the mind’s eye ]
The world is complex, and today’s leaders cannot be expected to know it all. Admit your weaknesses and turn to experts for help, advises George Kohlrieser.
42 [ CEO dialogue ]
Jessica Tan, co-CEO of financial service giant Ping An, reveals in an in-depth conversation with Jean-François Manzoni, how her commitment to integrating technology into all aspects of the business has yielded such excellent results.
54
38
30
24
54 [ Sustainability ]
60 [ The forecaster ]
46 [ Strategy ]
Competitive strategy in today’s world relies on data revenues, not products. Mohan Subramaniam offers three ways to think like a tech giant and boost the bottom line.
50 [ World view ]
Illustration: Jörn Kaspuhl, Photos: i-Stock, Jaanus Jagomagi, Francois van Ac via Unsplash (2), Wikipedia, ZVG, Wikipedia
A new generation of workers is demanding autonomy and flexibility. Employers need to find innovative ways to attract and retain talent if they are to succeed, argues Arturo Bris.
50
With many companies falling to acknowledge the importance of tackling nature loss, Andy Beanland, of the World Business Council for Sustainable Development, argues for a shift in attitude that recognizes biodiversity as material to business.
56 [ Family business ] 52 [ Sustainability ]
In an edited extract from their new book, Squaring the Sustainability Circle, Annette Stube, Lene Bjørn Serpa, John Kornerup Bang and Nigel Salter explain why it is imperative for companies to integrate sustainability into their core strategy at the highest level.
Family-run businesses are under performing on environmental issues, with the older generation generally being reluctant to spend money on reform. Alfredo De Massis and Ivan Miroshnychenko explain their research and say why a change of attitude is so important.
Howard Yu explains why algorithms working collectively can teach humans a lesson when it comes to minimizing bias.
64 [ Preview ]
Join us in December, when I by Imd will demystify the world of family enterprises, explore how they are getting themselves future-ready, and peek into the secretive world of family offices.
Sept-Nov 2022 • I by IMD 3
[ In good company ]
No hiding place: ‘bossware’ is spying on you in the home, office and car More than 500 technologies have been created to monitor employees and contract workers to ensure efficiency and compliance. It’s a sinister turn of events, but there is a better way, argues Jerry Davis
Even non-employee contractors are monitored via surveillance tech on their phones and computers, or on mandatory microphones, cameras, and bracelets. A recent report by Coworker.org offers a compendium of over 500 new technologies created to monitor laborers and their work. The rapid spread of “bossware" is once again confirming that dystopian fiction is usually the most accurate predictor of how new technologies from Silicon Valley will be implemented. But it also gives us an opportunity to re-imagine how information technologies are implemented “at work”.
Big Brother comes to the office…
Using electronic technologies to monitor workers is nothing new. Financial institutions have long been in the vanguard of surveilling employees and their communications. That makes sense: these companies are subject to stringent compliance regulations and must be hyper-vigilant in protecting their clients from fraud and other financial shenanigans. 4 I by IMD • Sept-Nov 2022
Much of this technology simply entailed scanning employee emails and other communications for suspicious words and phrases, or irregular communications with those outside their departments that might signal something untoward. Peter Thiel’s data-mining company Palantir was an early contributor. In 2009 JP Morgan Chase engaged Palantir to track internal communications for suspicious activity. According to Bloomberg, the group “vacuumed up emails and browser histories, GPS locations from company-issued smartphones, printer and download activity, and transcripts of digitally recorded phone conversations. Palantir’s software aggregated, searched, sorted, and analyzed these records, surfacing keywords and patterns of behavior that [were] flagged for potential abuse of corporate assets”. Social network analysis allowed the firm to zero in on suspects. As technology advanced, so did the reach of surveillance methods. The current monitoring tech at JPMorgan, WADU (Workplace Activity Data Utility), also adds in calendar entries, badge swipes to enter offices, time spent on Zoom and other apps, and more. Employees were not universally delighted by this system. Of course, once such tools are built to monitor communications in an industry with strict compliance standards, they can be adapted and imitated widely. And what counts as suspicious behavior will vary by employers: what looks like a conspiracy to the compliance department at a bank might look like a union-organizing effort to a retailer or coffee chain. (Note to HR: under US law, communications around labor organizing are protected.)
Illustration: Jörn Kaspuhl
W
hen the pandemic shuttered workplaces around the world and sent millions to work from home, some of us imagined a faint silver lining: at least the boss would not be wandering the floor and looking over our shoulder. Perhaps at home we could get our work done in peace and on our own schedule. But while many more of us now are able to work in our pajamas, at least on some days, workplace surveillance has extended its tentacles into our homes, our cars, and our remote workplaces.
…and the warehouse and factory and store
Workplace surveillance is not just for office workers. Amazon warehouses are famous for their productivity tracking applications, which can automate the firing process for laborers who don't make their quota. According to the technology website The Verge, “Amazon’s system tracks the rates of each individual associate’s productivity … and automatically generates any warnings or terminations regarding quality or productivity without input from supervisors”. This relentless “culture of surveillance” is one of the reasons given for the unionization push at Amazon warehouses. The tech giant is also seeking to automate other aspects of supervision, for example, through a wristband that guides warehouse packers' hand movements through vibrations.
‘Contract lawyers scanning documents from home are tracked by AI-based facial recognition software to see if they are paying attention, or if an unauthorized person (or cat) has entered the room’
Surveilling the remote workforce
The massive impromptu shift to work-from-home created a dilemma for corporate employers accustomed to monitoring and managing labor in person. But surveillance technologies have expanded to meet the moment, turning the world into a panopticon enabled by GPS, cameras, smartphones, and the Internet. Amazon delivery drivers endure AIenabled cameras that monitor their movements and facial expressions as well as traffic outside the vehicle. “A car cuts me off to move into my lane, and the camera, in this really dystopian dark, robotic voice, shouts at me,” said one driver, quoted by the website Business Insider. Home care workers are tracked by electronic visit verification apps on their mobile phones. The glitch-prone software is charged with regularly shorting the hours of low-paid essential workers as it monitors their movements from client to client. Many jobs mostly entail staring at a screen and typing on a keyboard or talking to people, either of which can be done from almost anywhere. Surveillance software vendors are rising to the challenge. Contract lawyers scanning documents from home are tracked by AI-based facial recognition software to see if they are paying attention, or if an unauthorized person (or cat) has entered the room, or if they might be using their phone to take a picture of what's on screen. Any of these events might get them kicked off the system, requiring an elaborate procedure to log in again – or perhaps the loss of employment. Similar technology is used to monitor students taking college admissions exams from home, where a stray glance or a trip to the restroom may be enough to be ejected from the high-stakes test. Once admitted, there is more of the same: 17 medical students at Dartmouth were
accused of cheating on remote exams, evidently because background updates in their college's learning management system were flagged as unauthorized use of materials. (The charges were dropped.) And colleges' efforts to track student movements on campus during the pandemic quickly turned Orwellian: one Michigan college sought to require students to tape a “bio-button” to their chest to be sure they were social-distancing appropriately. History shows that once implemented and accepted (more or less), these technologies are not rolled back.
What next?
The pandemic uncovered just how much work could be done from remote locations without an in-person boss. Many of us fear that the spread of “algorithmic management” will lead to a large-scale shift to the use of contractors at the expense of employees. Rana Foroohar reported the comment of an American CEO at this year's Davos meeting: “If you can do it in Tahoe, you can do it in India.” Remote contract workers can have all the paranoid surveillance of an on-site employee with none of the security or protections, spending their off-hours scouting for mouse-jigglers and other countermeasures to the corporate Stasi. But there is an alternative. Research finds that “transparency” that flows in only one direction has many costs, both to the mental health of workers and to workplace innovation. Why don't we use this techdriven moment of reckoning to enable open-book management and more democracy at work? After all, the same phone that can be used to track a worker's every movement can also be used to enable those workers to receive information, engage in reasoned dialogue, and exercise voice. Transparency can flow in both directions. The transaction costs of democracy have declined dramatically – we could be using apps like Loomio to turn workplaces into democracies, rather than echoing the authoritarian tendencies spreading through the political world. ■
Jerry Davis is the Gilbert and Ruth Whitaker Professor of Business Administration and Professor of Sociology at the University of Michigan’s Ross School of Business. He has published widely in management, sociology and finance. His latest book, Taming Corporate Power in the 21st Century (Cambridge University Press, 2022), part of the Cambridge Elements Series on Reinventing Capitalism, has recently been published.
Sept-Nov 2022 • I by IMD 5
The quarterly magazine is part of IbyIMD+ subscription To enjoy the full experience, please log in or subscribe to IbyIMD+
Login or subscribe