TMT executives have come to expect a certain amount of disruptive digital and technological change, but they sense that the changes – and related risk and uncertainty of — are intensifying with the growth of artificial intelligence, 5G, the Internet of Things, and other innovations.
To prepare their companies for the next wave, business leaders are focusing on shaping more resilient, enterprise-wide cyber cultures. In companies under margin pressures, primarily in the media and telecom sectors, there also are efforts to address rising and unexpected costs associated with digital and technological change.
There is at least one area of appetizing risk and opportunity that is seen through a haze of uncertainty shared by nearly every TMT company: Finding ways to monetize the huge mounds of data collected in the course of normal business operations through relationships with customers and business partners.
Based on Willis Towers Watson’s latest research, TMT executives expect continued or heightened uncertainty in these areas:
Future innovation will be comparatively less around product and process enhancement and become more of an active search for new ideas, new technologies and new solutions.
Existing business models and strategies have sometimes been barriers to innovation. This has to change.
Innovation can be stifled in team siloes; it’s usually better to support innovation with a mix of different functions and talent.
Employees require constant and quality “upskilling” to understand and effectively deploy new technology and expanding digital capabilities.
External subject matter experts and thought leaders can be invaluable, especially in partnership with knowledgeable, empowered staff.
Bureaucracy has a vital role but should not stand in the way of innovation and slow momentum.
Balancing cost & benefits.
The TMT sector and the telecom sector in particular, will remain under financial pressure to make necessary investments, with M&A on the table as an option for some companies.
Monetizing data requires sophisticated technology and investment, but new revenue potential merits careful cost/benefit analysis.
Data and more accurate modeling will be used more effectively for future business strategy and projects.
Methodical data collection and analytics are vital success factors, but we find that TMT companies often fail to apply data effectively. Data may be used brilliantly in some areas of the business, such as tracing consumer interests or arranging just-in-time deliveries. But other areas of the business, such as developing a business strategy or process design, are often neglected.
Companies should establish a formal organizational and governance structure to preside over data collection, management and application. Without real data ownership and management responsibility, revenue opportunities vanish, and business ventures may go unexploited.
Unexploited data-related opportunities include risk management, too. This may be an area where the internal rotation of skilled staff highlighted in the talent trend could be deployed to build expertise and bring fresh eyes to internal risks and opportunities.
More robust data analytics can help companies better assess their own risks and shop optimate insurance and risk-financing strategies for themselves, as well as with third parties and other business partners.
Despite a history of working with third parties, TMT companies too often exclude them from risk identification and mitigation procedures that might be rigorously applied to internal operations. Contractors and their outside business partners need to be held to the same high risk management standards that a company would apply to itself.
Companies should also consider getting past their reluctance to share data with their insurers. Insurers are using data, including client data, to provide rates that reflect a company’s risk profile rather than a broad industry grouping. For companies with good risk management practices, including risk identification and mitigation, insurers may be inclined to provide more cost-effective insurance and risk management programs.
George Zarkadakis – Great Britain Leader, Future of Work
Back to reading page
The first problematic area is known as “surveillance capitalism” when personal data collected by applications and processed by AI algorithms clash without established notions of privacy and safety. Regulations such as EU’s GDPR or CCPA and its equivalents in the United States have been put in place to provide a legal framework for data rights. This is welcome as companies can ensure their compliance and avoid regulatory risk. Nevertheless, there is a serious reputation risk that cannot be mitigated by simply abiding by regulation.
Companies that acquire and process data must show sensibility and communicate clearly how they protect the privacy and rights of their customers. The problem of surveillance capitalism is more acute in the workplace, whereby companies see the value of analyzing employee data to get better insights.
Therefore, companies should address the concerns of the workforce by ensuring effective anonymization of personal data and demonstrating how AI-powered analytics can deliver value to employees.
The second area is closely related to surveillance capitalism and questions the established notion that valuable personal data should only deliver economic benefits to the corporations that use it. This is essentially a problem of data governance. The European Union is currently proposing the Data Governance Act 2021 that includes a proposal for “data intermediaries”. These new organizations could be data aggregators governed by data stewards with fiduciary responsibility to the data providers.
We may indeed see a new data ecosystem emerging within the next decade where the collection and curation of personal data is completely decoupled from the processing of that data.
The third problem area is algorithmic autonomy. An example would be an Uber algorithm “deactivating” a driver based on the analysis of their rating and data. By removing worker due process automatic algorithms in gig platforms are perpetuating suspicion and mistrust in AI technologies. It is therefore advisable that companies reintroduce humans in the loop of sensitive business processes to ensure fair treatment of workers.
Finally, the fourth area is an extension of the problem of algorithmic autonomy in inclusion versus exclusion of customers and workers. Given that algorithms are trained on historical data that are inherently biased, an AI system can easily propagate and amplify prejudice. This can be detrimental to the inclusion of customers in the benefits of AI, such as in getting a fair credit score, or the unjust exclusion of workers from employment with the subsequent loss in diversity.
Companies should aim to mitigate all four risk categories as they embed AI algorithms in their operations and processes and as they optimize their data warehouses and data lakes around new, data-driven business models. Fairness, reliability and safety, privacy and security, inclusiveness, transparency and accountability must be the principles of developing “ethical-by-design” AI and data applications.
Asked to identify major risks surrounding digitalization and technological advances, TMT executives reveal growing concerns about their ability to generate value from vast pools of data even as they wrestle with the disruptive impact of rapid technological change.
The compelling need to monetize data surfaced among the major new risks identified by business leaders who are eager to better leverage data to inform strategy and operational decisions while capturing additional value for their products and services.
Our latest research and related discussions with TMT business leaders identified other important challenges, including risks associated with:
The absence of an enterprise-wide cyber culture and the ability of leadership to position their companies to cope with change.
Rising and unexpected costs associated with rapidly evolving digital/technological solutions.
Disruptive digital and technological change is not a new exposure for TMT companies. Many business leaders say they have become increasingly confident about their ability to stay abreast of change while being fully aware they will hit potholes along the way. This confidence has been tested by the COVID-19 pandemic.
The pandemic’s impact on business models and operations, notably in the media and telecom segments, has been far-reaching. It has placed a premium on enterprise resilience and in some cases, accelerated organizational changes that in ordinary times may have taken years to implement.
The first problematic area is known as “surveillance capitalism” when personal data collected by applications and processed by AI algorithms clash without established ...
Read more
Although COVID-19 driven change has been urgent and unavoidable, the pandemic may be distracting business leadership from a focus on other pressing business objectives, such as the need to better monetize internal and external data generated by digital and technological advances. Monetizing data remains broadly unexploited (or under-exploited) despite its proven value in determining consumer buying habits and preferences or contributing to strategic and operational change.
While it’s clear that effective data collection and analytics are vital success factors, companies have often failed to establish the organizational and governance structure necessary to gather and deploy data effectively. Without clear data ownership and management responsibility, a company is unlikely to exploit data effectively. This leadership challenge will become more pronounced as the industry moves into a future more defined by AI, the internet of things (IoT), 5G and other innovations.
Cost is also cited as a barrier to monetizing data – a concept that seems counterintuitive. Spending money to make money is, after all, a basic business precept. But if your margins are squeezed, it may seem prudent to deploy capital around next generation gadgets or technology, with data exploitation taking a back seat. While some companies have made money rapidly during the pandemic, others feel significant margin pressures as they contend with the cost of organizational change, new technology and related difficulties in applying data analytics.
Media and telecom companies in particular, are having to manage spending to redeploy capital in areas that offer significant growth potential.
A 2021 Accenture global study found that digital adoption – defined to include artificial intelligence and data analytics – could release more than $5 trillion in profitable growth. The professional services company said that “future-ready” organizations are more than 10 times as likely to use analytics at scale with diverse data sets to yield actionable insights and inform decision-making. Insurance and high-tech industries tended to be more future-ready than other segments, the study concluded.
While corporate performance and profitability is top of mind for all TMT companies, it was more likely to be cited as a concern among telecom executives. The pace of change requires ongoing and growing investments in digital transformation and technology. A good example is the transition from 3G to 4G to 5G broadband networks. Each generational shift has demanded new investment.
PwC’s Strategy&, a strategy consulting team, has estimated that TMT companies will be investing billions to build up equipment, network density and spectrum. But Strategy& notes that monetization of a large-scale investment proved to be a problem in 4G’s wake. After 4G’s 2012 introduction, for example, conventional telephone services plummeted, driving industry diversification and the application of new business models.
The growth of 5G looks to be much more disruptive than 4G, but TMT companies have little choice but to make heavy 5G investments to remain competitive. Business models will no doubt change again with 5G and widespread use of artificial intelligence, the internet of things (IoT) and other developments that are likely to accelerate.
Some telecoms plan to better understand and to mitigate 5G risks by rigorously modeling various technical and business scenarios, including the identification of new revenue sources.
To a great degree, the ability to adjust to change and embrace innovation is influenced by the size of the company and the nature of its leadership. Bigger companies typically have greater financial and technological resources, but size may work against them for reasons that include:
A large customer and shareholder base that may resist far-reaching strategic and operational change, slowing innovation.
Corporate bureaucracies or siloed operations that resist change or thwart effective implementation.
TMT executives say they can mitigate the failure-to-innovate risk by instilling cultural values that welcome and leverage change. In the short term, organic options can include formation of small teams in which effective leaders have senior management support to plow through internal barriers to change. However, this approach must be done carefully to avoid a “silo trap” that excludes vital cross-functional collaboration.
Other companies are finding that it’s easier to acquire outside talent – a team, perhaps, or even talent though corporate mergers and acquisitions. Business partnerships can also boost innovation if accompanied with good system and process design.
Whether TMT companies have out-performed expectations or not, nearly all are finding that their business models and risk profiles have changed significantly amid the rush of technological change. Risk management must change, too. This is something we have seen ourselves through our work around cybersecurity focused organizational and cultural transformation. The section below is provided to provide further insight to this type of work.
Fredrik Motzfeldt – Willis Towers Watson Great Britain TMT Industry Group Leader
Technology and digitalization combined is changing business models and the requirements for improved cyber risk management and security leadership ...
Technology and digitalization combined is changing business models and the requirements for improved cyber risk management and security leadership, including addressing talent and skills requirements, are rapidly shifting.
Willis Towers Watson works with a wide range of organizations to help create cyber-smart and cyber-resilient capabilities that will help them thrive in today’s challenging risk landscape. It is through this willingness to evolve and effective top-down leadership that these organizations have improved their cyber risk profile and preparedness.Working with our large global clients, we have identified key challenges in terms of effectively addressing organizational vulnerabilities and skills deficits that exist around the introduction of technology. Deploying a set of proprietary cyber analytics and risk assessment tools, we have identified and implemented a
number of recommendations across the entire enterprise in regard to cyber risk from people, capital and technology.
The ‘human’ cyber risk Willis Towers Watson’s research, including data from the cyber claims we report on behalf of clients, shows that employee negligence, malicious behavior, and other activity are the root cause of 91% of all cyber incidents.
The effective prevention and mitigation of cyber risk therefore is largely a human behavior challenge. In response, companies seeking to enhance their cyber security need to assess and analyze the elements of their organizations’ cultures that drive both positive and negative cybersecurity attitudes and behaviors among employees, including senior leadership.
Building on our extensive research in this field, and leveraging traditional employee engagement methodology, Willis Towers Watson designed a Cyber Risk Culture Survey (CRCS) that probes an individual’s awareness and understanding of cyber risk, their own actions, and the emphasis that their organization places (or not) on addressing cyber risk. In working with our clients, we have established a number of measures that mark successful corporate behaviors that can ameliorate risk. They include:
In-depth cyber vulnerability assessment, incident response planning, and risk quantification through modeling and analysis designed to protect and manage capital with improved return on investments and improved business continuity.
Development and implementation of enterprise-wide cyber risk strategies that help minimize, mitigate, and manage cyber risk, including evaluation of talent and risk issues to ensure that the client’s approach to cyber is as comprehensive as possible.
Precise and enhanced security training targeted to the right people in critical roles and geographies.
Effective budget allocation by identifying and fixing governance, communication and leadership shortcomings that are primary contributors to cyber exposures.
Benchmarking cyber risk culture improvements against organizations that are consistently strong cybersecurity performers as well as breached companies and industry peers.
Analysis of workforce plan by role, identifying talent deficits and surpluses, emerging skills and gaps and executing a strategy to improve employees’ “Cyber IQ”. Delivery of metrics and dashboards to ensure improved Board-level communication and understanding of the organization’s overall cyber posture, including assessment of the potential operational, regulatory and reputational impacts from relevant cyber scenarios.
Context
A telecommunications company is committed to its data protection brand. The Board and management team wanted to ensure their newly appointed chief information security officer (CISO) and cybersecurity business (formerly part of IT as well as decentralized) were ready from a skills, talent and structure perspective to fulfill a more proactive cybersecurity capability. They wanted to be lean but ensure they identified the base needed to provide a protected environment and prepare for the future.
Willis Towers Watson applied its Cybersecurity Work Readiness methodology in working with the CISO, direct reports and area HRBPs to evaluate current capabilities, identify gaps, and develop a plan and strategy.
Approach
Review of Willis Towers Watson Cybersecurity Work model (defined responsibilities by specialty area) with six division leaders to align and establish a common framework for cybersecurity work and work levels.
Completed an industry benchmarking study, sponsored by the client, on organization structure and roles.
Facilitated CISO and leader meetings focused on the evaluation of talent across all units, accounting for skills, fit, supply/demand gaps, sourcing and work alternatives.
Applied Willis Towers Watson’s cybersecurity skills framework to identify primary and secondary skills most important given current business/IS strategies and capabilities.
Led the prioritization of talent gaps to create one integrated plan.
Worked directly with the CISO on organization structure design alternatives with adjustments for interim state and future state; CISO also completed Willis Towers Watson’s Saville Wave and received one-on-one coaching through the change by the Willis Towers Watson engagement lead.
Facilitated an HR meeting with HR COE leads and CISO, selected function leads to set new HR strategies and practices to close gaps, optimize talent practices.
Resulted in suspending the group nearly doubling in size due to its lack of alignment across the six divisions; identified 22% talent deficit with critical talent gaps; included working through alternative talent strategies (e.g. even the utilization of non-permanent talent for a few select roles), new HR practices (e.g. talent acquisition) and organizational structure.
More robust data analytics can help companies better assess their own risks and shape optimal insurance and risk financing strategies for themselves as well as with third parties and other business partners.
Despite a long history working with third parties, TMT companies too often exclude them from risk identification and mitigation procedures that are rigorously applied to internal operations. This isn’t a universal problem but happens often enough. Contractors and other outside business partners need to be held to the same high risk management standards that a company would apply to itself.
For their part, insurers are using data, including client data, to provide rates that reflect a company’s risk profile rather than a broader industry grouping. For companies that have an effective risk management program, this opens the door to more cost-effective insurance and risk management programs (see Joe Hurley’s insight box for more details).
Talent and workforce issues surface throughout the exposures linked to digitalization and technological advances. Organic or in-house talent is being developed and nurtured at many companies with upskilling programs such as courses or workshops for employees. In the most effective settings, these programs are combined with broader efforts to build employee satisfaction and create new routes to career development.
A good example can be found in the AT&T University and the AT&T Aspire programs, employee development efforts that support AT&T’s position as a diversified provider of high-speed connectivity, software-based entertainment, premium content and tailored advertising. The company reported in 2019 alone that it invested $200 million and 16 million hours in employee training and development.
(This topic is discussed at greater length in the global talent & skills race section).
In our work with TMT business leaders, there was one overarching theme: Without constant innovation, they fear being left behind by their TMT rivals or pushed aside by nimble, growth-hungry start-up companies backed by ample capital. They don’t see innovation as simply improving existing products and services. They also look for innovations that might leapfrog existing products or services.
A classic example of innovation failure is a one-time market leader in cell phones that was pushed aside when it didn’t anticipate the smartphone revolution. Post-mortems point to a culture that discouraged innovation, poor strategic planning, and what might be called a form of institutional lethargy. “There are a lot of examples of companies that become obsolete by not anticipating or promptly reacting to technological change that threatens their existing business model,” one executive said. “We don’t intend to be among them.” He said his company encourages risk-taking with the full knowledge that some risks simply don’t pay off.
Think of the time when Apple teetered on bankruptcy. Just before Steve Jobs returned in 1997 to the then-ailing company, he cited a failure to innovate as its problem. As he told a Wall Street Week journalist, “I think Apple still has a future; there are some awfully good people there and there is tremendous brand loyalty to that company. I think the way out is not to slash and burn, it’s to innovate. That’s how Apple got to its glory, and that’s how Apple could return to it.”
The use of siloed teams, in our experience, is more often than not likely to result in failure. Consider that Google breaks down internal barriers by having employees move from team to team in six-month rotations to support its work with artificial intelligence. The idea is to have someone learn and contribute to an AI project and then carry that information to another part of the business.
The takeaway is that innovation stories can be stirring, but innovation can’t breathe on its own. The potential for successful innovation depends on the fertile soil of corporate leadership and culture, including the ease in spreading and nurturing new ideas.
With the adaptation of innovation comes new opportunities, led by the access to rich data, but also exposure to new risks. We have included the following Willis Towers Watson Special Insight pieces to illustrate these points.
Joe Hurley – Willis Towers Watson U.S. S&G Practice Leader
As a technology company, you are the mecca for data! There is a misconception that sharing too much data with insurers will hurt as opposed to help you. However, we are starting to see insurers reward companies that are open to sharing data with the end goal of ultimately achieving more cost-effective insurance. The historical underwriting approach of applying a composite or blended rate to price policies will slowly become obsolete, especially for companies in the sharing and gig economy.
Look at the micro-mobility industry (bikes and scooters), which has become increasingly popular over the past few years.
A major Lloyd’s of London syndicate insurer is on the cutting edge in terms of utilizing “usage-based pricing” (UBI) coupled with different pricing rates under one policy.
This insurer is starting to apply different rates based on different risk profiles.
For instance, a scooter ride taken in the middle of the day is rated lower than those same rides taken after 9 p.m. when it’s dark.
A scooter ride taken on the outer edges of a city (less congested) is rated lower than a scooter ride taken in the heart of a city’s financial district (highly congested).
With this new approach, you may no longer have pieces of your business that negatively impact pricing for the entire insurance policy. The UBI model is becoming more and more prevalent, and it’s the most efficient and accurate way to price risk. However, it’s not possible without the willingness by technology companies to share data.
As a technology company, you are the mecca for data! There is a misconception that sharing too much data with insurers will hurt as opposed to help you. However, we are ...
Tom Srail, Willis Towers Watson Cyber Risk Team
Artificial intelligence, machine learning and autonomous systems are evolving forms of hardware and software that can make decisions and learn from experience ...
A global jumble of data protection and privacy laws is likely to challenge TMT companies for years to come, especially as financial penalties and sanctions toughen. But related risks and uncertainty may be tempered if European GDPR standards, continuing to inspire regulators globally, become a de facto global standard.
Artificial intelligence, machine learning and autonomous systems are evolving forms of hardware and software that can make decisions and learn from experience with little human involvement. More organizations are deploying these systems in operations, products and services, including self-driving cars, delivery robots/drones, HR/employee decisions and financial/market decisions.
The liability “supply chain” of organizations involved in a loss continues to grow and may complicate historic contractual arrangements. Insurance for negligence, E&O and liabilities will transform from simpler contractual obligations to reflect more complex vendor and supplier nuances, regulator decisions, evolving legal precedent and other external factors. For example, current insurance programs (including general/public liability and professional indemnity/E&O) may not respond to the evolving risks of AI.
Technology, media and telecom companies should also expect a rough ride if they are perceived to engage in anti-competitive practices, either in terms a market dominance (a bigger problem for technology companies) or mergers and acquisitions that might be seen as anti-competitive or against consumer interests.
Meanwhile, all TMT companies need to be alert to environmental, social and governance (ESG) issues with regulatory and legal implications highlighted in the earlier trends. In combination, how TMT companies handle these issues will have a profound impact on corporate brands and reputations, according to TMT executives. Areas of risk and uncertainty include:
Intellectual property infringement, a perennial problem, has been complicated by the global pandemic. Improvised technical arrangements combined with careless or bored homebound employees have fueled new waves of IP loss or theft. Third party business partners also have infringed on IP rights, in some cases by calculating that the benefits outweigh the cost of legal defense.
More broadly, public policy leaders and regulators have focused on the comparative market positions of leading tech companies, even when smaller telecom and media companies pursue mergers and acquisitions that are suspected of limiting competition or consumer choice. The pattern is global, with regulatory actions stepping up pace in Europe and Asia, as well as the U.S.
Reputational risk is in some ways harder to measure and harder to define. It can come from any direction. Consumers are rightly concerned about how their data is gathered and used, and sloppy data protection and privacy practices can cause serious long-term damage to an image – or a balance sheet. If a merger is seen as a move to jack up prices or limit consumer choice, the parties may pay a heavy cost both in terms of reputation and in dealing with new barriers to a transformational strategic shift. Forward-looking business are including brand impact and financial consequences in every business decision.
Go to next chapter
(continues on next page)
