its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/its-not-just-about-cy… ·...
TRANSCRIPT
![Page 1: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/1.jpg)
March 15, 2015
Authored by: Jane Chwick
Technology: It's Not Just About Cyber
![Page 2: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/2.jpg)
1
Tech
nolo
gy: I
t's N
ot Ju
st A
bout
Cyb
er |
3/1
5/20
15
Technology: It 's Not Just About Cyber I n t r o d u c t i o n Cyber-attacks on businesses and governments are constantly in the headlines. Corporate Boards recognize the severity of this threat and are beginning to ask questions surrounding their company’s cyber capabilities. This is necessary, and a good start, but not sufficient.
Assessing and dealing with cyber threats are only a portion of the technology discussion that should take place in the boardroom. The importance of technology to a firm goes far beyond the risk of a cyber-attack. Non-cyber technology glitches have caused companies to declare bankruptcy overnight. Failure to keep up with technology innovation has also led some companies into bankruptcy. More common are examples of system glitches leading to downtime, and lost revenues. There are also numerous examples of increases in revenue as a result of investment in technology. Conversely, a lack of technology investment can result in a loss of revenue opportunity. It is therefore imperative, that Corporate Boards, as part of their corporate governance responsibilities, look at their companies through a technology lens and ensure that their management teams have an appropriate technology strategy, both to address revenue opportunities and to ensure appropriate risk management.
A l o o k a t s o m e r e a l e x a m p l e s Let's start with some real scenarios…..
The cyber examples are numerous and seen on an almost daily basis. Anthem, Target, Home Depot, JP Morgan, Sony have all fallen victim to significant cyber-attacks. But the list is much broader, and the frequency and breadth of impact is increasing. Many think cyber-attacks are merely directed at stealing credit cards or private information. However, the attacks are not limited to just stealing an individual’s information. They often result in the theft of sensitive intellectual property. In other cases the attacks have come in the form of brand defamation, i.e. a hacktivist organization may deface a company web site or social media page. The cyber-attack may also be done through a denial of service where a group may direct so much fake traffic to a company’s site that real business transactions cease.
Many technology outages, or ‘glitches’, are not caused by cyber-attacks. An instructive example of a technology glitch causing a firm to quickly lose significant value happened in August 2012 to Knight Capital. Knight Capital was a financial firm engaged in market making and electronic execution of financial products. On August 1, 2012 a technology error occurred while installing a new version of the trading system. The mistake caused major price moves on almost 150 stocks traded on the New York Stock Exchange. The glitch caused Knight Capital to buy and
ADVICE FOR DIRECTORS Create a process for technology oversight that is in line with that of financial reporting
- Ensure that the CIO has a seat at the table
- Include CIO succession planning as a priority for the board
- Add quarterly technology updates to the board agenda
- Hire an independent firm to review the technology strategy and controls on behalf of the board
![Page 3: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/3.jpg)
2
Tech
nolo
gy: I
t's N
ot Ju
st A
bout
Cyb
er |
3/1
5/20
15
sell millions of shares of over one hundred stocks in less than 45 minutes. Selling and covering those positions cost Knight Capital over $450mm, which was over 4 times its prior year’s profits. Knight Capital's share price went down over 75% in two days. As a result of that issue, 70% of Knight Capital was purchased by the firms that bailed them out. (Popper)
But Knight Capital is not the only firm to have faced significant impact from a technology outage. A few years ago the investment firm AXA Rosenberg paid $217 million to cover investor losses from what it called a "significant error" in the computer code for one of its investment models. (Eha)
Many stock exchanges have had to deal with technology issues. NASDAQ faced significant volume of orders in its pre-IPO auction process during the launch of the Facebook IPO. The Singapore Stock Exchange faced three technology caused outages in 2014. (Hope, Scaggs and Stumpf)
Retail firms have also faced their share of non-cyber technology issues. On this past Black Friday, the Best Buy website was unavailable all morning due to record levels of website traffic. In the same month, Comcast internet and cable customers were impacted by a lengthy outage caused by a problem with a software upgrade. (Brodkin)
There are many examples of companies that have profited by stayin ahead of the curve in terms of technology strategy and investment. Starbucks reported impressive financial results for the first quarter of 2015: revenues up 13% and earnings up 14%, despite the negative tail winds from foreign currency translation. The stock was up 6.6% on the earnings report and has increased 14% in the 6 weeks since the results were released. Howard Schultz, Starbucks CEO commented, “…. Starbucks is off to a fantastic start in fiscal 2015 …… the undeniable success of our card, mobile and digital strategies underscore the increasing strength of the Starbucks brand around the world …”. In later commentary, Schultz says, “… we are investing in technologies that will help our partners deliver a consistently elevated Starbucks experience to our customers, including introducing technologies to ease and simplify required store tasks, improving access to core business tools and resources and introducing partner apps ….” Given the investments in technology, Starbucks indicated that they expect earnings to accelerate to the high end of their 16% to 18% growth target in the second half of the year. (Starbucks investor call)
Panera Bread is having a different experience. The company reported 4th quarter revenues up 7% (adjusted for same number of weeks) and earnings up only 2%. The stock declined 11% on the earnings report. According to excerpts from most recent earnings conference call transcripts, “Our fourth quarter operating margin declined by 140 basis points versus last year, due to three factors: one, pressure on food cost and wages; two, the cost of initiatives that are bending the arc on transactions and comp in our core café business; three, expenses related to our strategic investments to make Panera a better competitive alternative and to enable expanded growth.” Later on the call, the company’s CEO, Ronald Shaich provided more detail on the company’s initiatives. “Let’s start our review with Panera 2.0. …. Our intention with 2.0 is to reduce the friction for the guest and to position Panera ahead of the curve, as the marketplace pivots into an increasingly digital environment …. Those individual elements include first web, mobile, kiosk and e-commerce ordering… there are substantial technology installations that must be managed in terms of hardware, software, and instruction…. Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera Bread investor call)
There is no guaranteed approach for preventing technology issues. However, there are ways to lessen the chance of occurrence, or lessen the impact if an issue does occur. And while there is no magic bullet for finding revenue opportunities or protecting market share through technology, understanding emerging technology trends across industries can help generate ideas for driving new revenue and protecting a firm’s current business.
![Page 4: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/4.jpg)
3
Tech
nolo
gy: I
t's N
ot Ju
st A
bout
Cyb
er |
3/1
5/20
15
A d v i c e f o r d i r e c t o r s Directors are not expected to prevent an accounting misstep or prevent a financial crisis, but they are expected to understand the company’s financial issues and have a robust discussion before making a decision or approving management’s plan. The same requirement and discussion is now required for technology too. What should a director do when this is not possible in technology related areas? One thing is clear. It is not okay to do nothing, hiding under the well-worn cover of “That’s management’s responsibility”. An increasingly important question for directors is, what is the process the director followed to discharge his or her fiduciary duties regarding the impact of technology? Recognizing the importance of technology is the first key step:
• Recognize that the board has accountability for technology strategy, risk and governance. It is no longer just the responsibility of management. Technology needs to be a regular part of the boardroom discussion.
• Recognize the importance of technology in all aspects of the company, as well as the
potential harm that the lack of controls can have on shareholder value. Managing technology risk goes far beyond ensuring proper cyber security controls.
• Recognize that technology innovation should be used to create revenue
opportunities. Every industry has its own challenges as does every company. A director needs to understand the technology opportunities that may exist related to their industry and company.
That all sounds good. Every article and conference and webinar says the same thing. Everyone tells the board which questions to ask. No one acknowledges that asking questions is not the same as having a give and take conversation on the subject of technology. Let’s go back to the notion of process. What would constitute a meaningful change in process such that an outsider (i.e. strike suit lawyer or activist) would agree that the board had followed a process which is similar to the oversight given to financial matters? Moving from recognition to action, here are some suggestions to help ensure and enable the proper focus:
• Ensure the CIO has a seat at the table – both with the most senior ranks of the firm, and in the boardroom. The CIO, like the CFO, should be a regular attendee of either the board meetings or the audit or risk committee. The CIO should also have a regular private session at one of these meetings. This relationship and dialogue is critically important.
• Ensure that CIO succession oversight is a priority for the board. Proper succession
for all C-‐suite positions is important for a board. CIO succession planning should be treated with the same importance.
• Ask the CEO for a quarterly review of all matters related to technology. Not only will
the board learn, the CEO will too. If the CIO doesn’t report directly to the CEO, ask questions about the structure of the management team.
![Page 5: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/5.jpg)
4
Tech
nolo
gy: I
t's N
ot Ju
st A
bout
Cyb
er |
3/1
5/20
15
• Form a technology committee. Treat technology with as much importance and concern about missteps as with financial reporting. Audit committees help boards fulfill their corporate governance and oversight capabilities as it relates to financial reporting. Technology issues are so broad that boards should consider establishing a technology committee to help fulfill governance and oversight with respect to technology strategy, governance and risk.
• Consider what you don’t know and hire independent technology advisors who
understand the strategic issues that boards deal with – people who can assess the technology strategy, risk and governance and report back to the board. Boards do not simply rely on the CFO. They use independent auditors to validate the books and records of the company. Technology is as important and as complicated. Independent , high level diagnostic reviews, on behalf of the board are a critical way to begin to help validate all aspects of technology.
Executing on these action items can go a long way in fulfilling a director’s accountability related to governance and oversight. Over time, following these suggestions will also naturally result in an increase in a director’s knowledge of technology issues and opportunities within the company.
C o n c l u s i o n Directors need the ability to have proper oversight on the full spectrum of technology opportunities and issues. While this may be difficult for a director to accomplish in today’s board construct, implementing a process for technology that mimics the process for financial reporting should result in sufficient oversight. This should include giving the CIO a seat at the table, receiving quarterly technology updates, and reviewing CIO succession plans. As with financial oversight, the process should also include hiring independent technology advisors to validate the technology strategy, controls and governance. While there is not a foolproof approach for ensuring that there will be no technology related issues, implementing a process for the oversight of technology should be viewed as an important part of a director’s responsibility.
There are vast quantities of articles and conferences targeted at educating directors on the importance of having an adequate cyber program. It is time for directors to realize that their technology oversight responsibility is broader – It is not just about cyber.
A b o u t t h e A u t h o r – J a n e C h w i c k
Jane is a retired partner from Goldman Sachs where she spent over 30 years in technology, most recently as the Co-Chief Operating Officer of the 8,000 person technology division. Jane is on the board of Voya Financial and MarketAxess and is the Co-founder of Trewtec, Inc, a technology advisory firm designed to help directors and CEOs evaluate technology in their companies.
S o u r c e s Brodkin, Jon. “Comcast to Issue Discounts for Days-Long Outage Caused by Update” Ars
![Page 6: Its not just about cyberbroadrooms.com/wp-content/uploads/2015/06/Its-Not-Just-About-Cy… · Panera 2.0 is not a light switch. To do this right takes time and real effort. “(Panera](https://reader035.vdocuments.mx/reader035/viewer/2022081402/5f10482e7e708231d4485632/html5/thumbnails/6.jpg)
5
Tech
nolo
gy: I
t's N
ot Ju
st A
bout
Cyb
er |
3/1
5/20
15
Technica. Conde Nast. 7 November 2014. Web. 7 March 2015.
Eha, Brian Patrick. “$440 Million Glitch The Costliest Computer Bug Ever?” @CANTECH,
9 August 2012. Web. 7 March 2015.
Hope, Bradley, et al. “U.S. Stocks Rise; NUSE Experiences Technical Glitch Dow Industrials Ralll
More Than 200 Points” The Wall Street Journal 30 October 2014. Web. 17 December 2014.
Mehta, Nina. “Nasdaq Blames Software for Facebook IPO Glitches” SFGATE. 19 July 2013. Web.
17 December 2014.
Popper, Nathaniel. “Knight Capital Says Trading Glitch Cost it $440 Million” The New York Times.
2 August 2013. Web. 17 December 2014.
Schultz, Howard. Starbucks Investor Call 1/22/2015.
Schaich, Ronald. Panera Bread Investor Call 3/8/2015.