Securing Your Digital Future: Cyber Trust As Competitive Advantage

Justin Somaini and Dan Wellers

The accepted wisdom in the cybersecurity field today is that there are two types of companies in the world: those that know they’ve been hacked, and those that don’t.

No enterprise is immune from cyber threats, and the list of big, scary data breaches continues to grow. The vast majority of companies in Europe (92 percent) have been hacked in the last five years, according to a recent survey by specialty insurer Lloyd’s of London. The average total cost of a breach is $4 million, according to a 2016 study by the Ponemon Institute.

Yet, categorized as risk to avoid rather than opportunity to pursue, cybersecurity has never been a terribly sexy topic in the C-suite. It’s an added expense—and one that slows down efforts to leap ahead technologically. The significant attention it receives tends to be of the negative variety when things go horribly wrong. Even as companies have embarked on their digital transformation efforts, security has remained an afterthought—tacked on after a big new investment in advanced analytics, cognitive systems, or Internet of Things (IoT) technology. Very soon, however, that reactive approach will seem antiquated.

A coming mind shift

Spending on IT security has been increasing in the last two years, even as overall technology budgets have been decreasing, according to 2016 report by the SANS Institute. But it’s not just a lift in spending that’s called for, but also shift in thinking.

In today’s age of rapidly developing transformational technologies, keeping on top of emerging security and privacy threats is more challenging—and more critical—than ever before. As companies collaborate with a wider network of partners and meet new demands for 24/7 operations and greater transparency with customers, cyber security risks multiply. The scope, scale, and impact of cyber attacks will grow in concert with increasing digitization:

  • 4.2 billion records were exposed in more than 4,000 known data breaches in 2016, according to Risk Based Security.
  • Cyber insurance premiums could increase tenfold to $20 billion annually by 2025, according to Marsh & McLellan.
  • The cost of data breaches will reach $2.1 trillion globally by 2019—nearly four times the estimated cost of breaches in 2015, according to Juniper Research.
  • Cyber attacks could cost the world up to $90 trillion in net economic benefit by 2030 if cyber security doesn’t keep pace with growing interconnectedness, according to a study published by the Atlantic Council and the Zurich Insurance Group
  • Cyber risk is expanding beyond the virtual world to the physical one. Hackers used highly destructive malware to bring down three Ukranian power distribution companies in 2016, for example, cutting power to 80,000 people.
  • The expanding universe of Internet of Things devices is particularly vulnerable to exploitation as companies may not update them after installation and many devices are not able to receive security update patches, according to AIG. In fact, an IoT hack took down Amazon, Twitter, Netflix, and other major sites in October 2016.
  • Connected devices pose particular concern in healthcare, an industry that already faces 340 percent more cyberattacks than the average industry and that fails to monitor 75 percent of hospital network traffic, according to a report from Raytheon and WebSense Security Labs.
  • Cyberattacks are one of the top ten global risks of highest concern for the next decade, right alongside such threats as water and food crises, natural catastrophes, social instability, and national governance failures, according to the World Economic Forum.

Just a third of companies today are sufficiently prepared to prevent a worst-case attack, according to Oliver Wyman and only a quarter currently treat cyber risk as a significant corporate risk. But as cyber risk expands and the attacks result not only in financial and reputational damage but also in physical destruction, danger, or loss of life, trust will become a competitive advantage. Therefore, those companies and organizations that want to dominate their markets will approach security as a strategic investment, proactively embedding cybersecurity strategy into business strategy.

As companies continue their digital transformations, they need to adopt more flexible and ubiquitous cyber defense measures to meet the more extreme threats they will face. Failing to do so risks unanticipated costs, operational shutdowns, reputational damage, and legal consequences.

A zero-trust approach

Unfortunately, there is no off-the-shelf solution to manage the entirety of a company’s cyber risk. As companies continue to introduce more digital innovations, they must continuously adopt and adapt cyber security measures commensurate with the growing threats they’ll face.

In a global economy, security can only be as good as the regulations, compliance, and enforcement in the countries where an organization operates—and those vary wildly around the world. What’s more, even when a company’s leaders take a more proactive approach to investing in cyber security protection and response, its partners and suppliers may not. Nearly 80 percent of companies fail to assess their customers and suppliers for cyber risk, according to a survey by Marsh & McLellan. And hackers certainly will be proactive about finding the weakest link in a value chain. Meanwhile, as enterprises adopt a growing legion of internet-connected devices and sensors, cyber security risk will be distributed even more widely.

Organizations must evolve from the attitude that perimeter security, achievable by firewalls or anti-virus protection, is enough. As interconnectivity and interdependency increases so too will the adoption of zero-trust networks. The zero-trust approach questions the assumption that a company can be made safe and sound within the confines of its own “secure” corporate network. Instead, a zero-trust approach places controls around data assets themselves and creates increased visibility into how they are used across a digital business ecosystem.

A new approach for a networked world

But, as SAP CEO Bill McDermott wrote to customers in 2016, “Information security is a journey without a destination. The security threat in the enterprise is relentless and multiplying, and the attackers are getting more sophisticated.” A zero-trust network is not enough. When the question is not if, but when, a significant breach will occur, how a company manages this inevitability becomes critical.

The key is to develop a robust approach to measuring, controlling, and responding to cyber risk. We recommend a three-pronged strategy to manage the threats in the expanding enterprise ecosystem:

  1. Prevent. This aspect of cyber security strategy remains as important as ever, and companies must evolve their preventative strategies, from their security policies and educational approaches to the actual access controls they put in place.
  1. Detect. In an evolving cyber threat environment, there is no foolproof prevention approach. Selecting and deploying appropriate intrusion detection systems for the timely detection and notification of compromises is critical.
  1. React. Detection is useless without a response. Companies that approach cyber security as a competitive advantage will put incident response plans in place in much the same way they would plan for recovery from a natural disaster.

Building trust, not walls

The Great Wall of China may have succeeded as an exercise in power or a feat of construction. But as a security strategy, it was a failure. Similarly a cyber security strategy focused on building strong enough borders around the company will fail. It’s impossible to keep all the bad guys out.

As more of a company’s data and its business processes become distributed, it’s cyber security strategy must become much more far-reaching. The good news is that even as digital technologies increase cyber security risk, they can also help mitigate it. Many cloud providers for example, are taking a more robust approach to security strategy that their customers might. New technologies like machine learning and big data analytics can strengthen security protections. Of course, the hackers can—and will—take advantage of these powerful technological advancements as well. Cyber risk experts will tell you the dark web is teeming with attack tools that enable hackers to take advantage of outdated security approaches and corporate vulnerabilities. They’ve been quick to take advantage of new automation tools in order to carry out more sophisticated and layered attacks on corporate and state assets.

Companies who embrace trust and security as competitive advantages will build security into their digital ecosystems at each layer:

  • Secure Products: Incorporating security into all applications, ensuring the protection of content and transactions.
  • Secure Operations: Investing in hardened systems, security patch management, security monitoring, end-to-end incident handling, and a comprehensive cloud operations security framework.
  • Secure Company: Creating a security-educated and aware workforce, end-to-end physical security of assets, and a comprehensive business continuity framework.

Forward-looking companies will follow these principles not only within their own organizations but expect them from their network of partners, supplier, and customers. The hackers of today and the future aren’t working alone and neither should the companies they’re targeting.

The risk of full-blown cyber catastrophes is real. The WEF has warned that large-scale cyber attacks could cause significant economic damage, geopolitical tensions, or widespread loss of trust in the Internet.

A report from the Atlantic Council and Zurich Insurance Group found as soon as 2018, there could be damage from massive cyber attacks equivalent to 1.5 percent of global GDP that is “certain to drastically increase risks and drag down net profits for companies that are most exposed to cyber-attacks..” The worst case scenario could result in a state of perpetual cyber crime and cyber warfare, increasingly vulnerable critical infrastructure, and losses of $90 trillion globally, according to the report.

A collaborative network approach will be critical to combatting such a persistent global threat with implications not just for corporate and personal data, but strategy, supply chains, products, and physical operations. Trust will be the most important currency in the digital future—one that companies will have to earn and work diligently to keep.

Read the executive brief The Future of Cybersecurity: Trust as Competitive Advantage.


Comments

Justin Somaini

About Justin Somaini

Justin Somaini heads the Global Security unit at SAP. With more than 17 years of information security experience, he is responsible for SAP’s overall security strategy, ensuring that SAP and our customers have a consistent and convenient security experience. In his role Justin develops, implements, and manages SAP’s overall policies, standards, and guidelines as well as ongoing SAP security initiatives to meet the emerging international IT and cyber security environments and data protection and privacy laws worldwide. Before joining SAP in 2015, Justin was Chief Trust Officer at Box, the world’s leading enterprise software platform for content collaboration. Prior to Box, Justin held the role of Chief Information Security Officer (CISO) at Yahoo!, driving security planning and operations for the company. Prior to Yahoo!, he was CISO of Symantec. Justin holds a Bachelor’s of Science degree in Management Information Systems from Drexel University, Philadelphia.

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Internet Of Things: Five Ways To Overcome Security Challenges

Jay Thoden van Velzen

The promise, benefits, and value of the Internet of Things (IoT) have been documented extensively, but a number of widely publicized IoT attacks leaves the impression that the IoT is deeply insecure. What is often not mentioned is that many of these attacks originated due to failures in implementing basic protections.

But even where the vendor has taken reasonable precautions, things can go horribly wrong, as can be seen in a – literally – fly-by attack on smart lighting.

Another challenge is that IoT-enabled devices are deployed “where the action is” – the factory floor, oil platforms, public roads, offices, stores, moving vehicles, or in cities running over wireless networks.

That means that they are often physically accessible by employees, contractors, and even the general public. If we compare that to modern cloud data centers, where only authorized personnel can enter, there is a substantial difference. More people with access means the risk of compromise goes up, so we may need to ensure devices themselves are physically protected against tampering.

But these are not insurmountable obstacles. The question is less one of not knowing what to do to protect IoT environments, rather how to implement and apply security measures to keep the solution safe.

Five recommendations for securing the IoT

1. Manage risk

Modern security practices follow a risk-based approach that considers both the ease of an attack and the impact should one happen – giving a strong indicator of how much security you’ll need. The reality is that an IoT solution that monitors, manages, and optimizes operations in a chemical factory requires much tighter security protocols than one that simply turns off the light in a conference room when sensors detect nobody is present. In the former, a successful attack could lead to a catastrophic industrial accident including injury and loss of life. In the latter, the worst that could happen is that an electricity bill is a little higher.

2. Limit device-to-device communication

There is a misconception that the Internet of Things, by definition, means that many devices are connected to many other devices, increasing the risk that a successful attack leads to catastrophic failure or takeover of a substantial portion of your IoT infrastructure. In many cases, devices have a single purpose and only need to send the data they collect to a single location. By limiting the number of IoT devices that talk to each other, we can better secure each one and limit the damage should any breaches occur.

3. Retain control over your IoT infrastructure

The risk is yours – any failure in security is your responsibility and you will be held accountable for the result – so it is important to maintain control. This starts with device selection: Make sure that devices either have the security features you need or, preferably, are “open” so you can analyze and understand how they work, and then add any features you need to fill security gaps. This includes the ability to update devices in an automated and secure way and to control that process yourself.

4. Use encryption from end to end

It’s critical to encrypt communication between devices and data-ingestion points to make sure nobody can listen in, tamper with sensitive data in transit, or recover enough information to spoof or impersonate the device and feed the system manipulated data. Modern encryption techniques work in much the same way as HTTPS does to protect information online. Encryption also needs to be tied to device identity to ensure the data we think comes from a particular device actually does.

5. Leverage existing expertise

Apply proven security technologies, tools, and best practices used in traditional IT landscapes. In many cases, they can be implemented directly: by using digital certificates or equivalent, by restricting what IoT devices can do and communicate with, and by adding protection and monitoring mechanisms. In other cases, such as micro-controllers and low-power networks, we may need to apply new techniques, but we can draw on existing principles and concepts.

IoT adoption is still in early days. Unfortunately, that means that there aren’t many established standards yet, and while the number of devices brought to market is quickly rising, certification schemes and regulations are lagging. As a result, adopters still need to carefully plan and build in security from the start and properly evaluate any IoT equipment brought in house.

As large technology providers recognize the security challenges with new IoT technologies and software solutions, the situation is rapidly improving. At SAP, we’re also committed to both describing the pitfalls and providing clear guidelines to overcome them.

This article originally appeared on the SAP Community.

Comments

Jay Thoden van Velzen

About Jay Thoden van Velzen

Jay Thoden van Velzen is Director of IoT Security at SAP.

How Governments And Industry Respond To Digital Risk

Andre Smith

The rush to digitalization around the world has come with a great amount of risk. The risk has been shared by private industry and governments alike, as news of data breaches and hacker attacks have made global headlines. Sometimes, simple misconfigurations have led to embarrassing and potentially privacy-compromising incidents. In other instances, specifically directed cyber attacks have exposed the personal data of millions of people.

Anytime data security issues such as these occur, the potential consequences are massive. This is true not only for the business or government at fault, but also for everyone whose data has been stolen. This year has produced some of the largest data security incidents to date, and all signs point to that trend continuing. This has left governments examining the steps necessary to create a safer and more secure digital environment going forward. It is also forcing businesses to review their digital risk-management strategies.

Regulatory responses

The high-profile nature of many of the latest data breaches has led to renewed regulatory scrutiny by governments around the world. In the U.S., there have been Congressional hearings in the wake of the Equifax hack, which exposed the financial information of 145.5 million American consumers. So far, it’s unclear if the hearings will lead to a new round of data-security regulations, but there’s already proposed legislation that would set standards and penalties for businesses regarding customer notification of data security breaches.

The European Union, by contrast, has been far more forward-thinking and decisive. The General Data Protection Regulation (GDPR), set to be implemented by May 2018, has created a framework of legal responsibilities for data security and enumerated rights for individuals regarding personal data collection and storage. The new regulation joins others that already set standards for European (and multinational) financial institutions regarding transparency and digital compliance reporting.

Businesses begin to adapt

In the business world, there is a universal need to update compliance and governance policies and to invest in digital security infrastructure. Most companies have been producing large volumes of digital data for many years, but few have the staff or expertise necessary to manage and secure all of it. Fortunately, the latest Big Data platforms allow companies to aggregate, process, and secure their data in a seamless architecture. Development of these systems is crucial to the future of cybersecurity.

In addition to voluntary policy changes, the potential legal ramifications have spurred changes. In reaction to the pending regulations in the E.U. and the potential for new requirements in the U.S., many global businesses have started to update and bolster their digital risk management efforts. Since the E.U. regulations are (so far) the most stringent and wide-ranging, multinationals and regional firms are using them as the baseline on which to base their policies and practices. It is also intended to head off further legislation that could be costly to affected industries.

The future of digital risk

The very nature of the technological advancement that has created the present security challenges guarantees the risks will continue. To stay ahead of an ever-changing digital landscape, additional actions will surely be needed from actors on all sides. This likely means the promulgation of further regulations and reporting requirements from governments, as well as more comprehensive digital risk management efforts throughout the private sector. There’s still a fair amount of catching up to do, but it seems that the appropriate amount of attention is now being given this pressing global problem.

To learn more about cybersecurity and digital risk, check out Five Ignored Practices That Can Disarm Your Cybersecurity Time Bomb.

Comments

Andre Smith

About Andre Smith

An Internet, Marketing and E-Commerce specialist with several years of experience in the industry. He has watched as the world of online business has grown and adapted to new technologies, and he has made it his mission to help keep businesses informed and up to date.

Why Strategic Plans Need Multiple Futures

By Dan Wellers, Kai Goerlich, and Stephanie Overby , Kai Goerlich and Stephanie Overby

When members of Lowe’s Innovation Labs first began talking with the home improvement retailer’s senior executives about how disruptive technologies would affect the future, the presentations were well received but nothing stuck.

“We’d give a really great presentation and everyone would say, ‘Great job,’ but nothing would really happen,” says Amanda Manna, head of narratives and partnerships for the lab.

The team realized that it needed to ditch the PowerPoints and try something radical. The team’s leader, Kyle Nel, is a behavioral scientist by training. He knows people are wired to receive new information best through stories. Sharing far-future concepts through narrative, he surmised, could unlock hidden potential to drive meaningful change.

So Nel hired science fiction writers to pen the future in comic book format, with characters and a narrative arc revealed pane by pane.

The first storyline, written several years before Oculus Rift became a household name, told the tale of a couple envisioning their kitchen renovation using virtual reality headsets. The comic might have been fun and fanciful, but its intent was deadly serious. It was a vision of a future in which Lowe’s might solve one of its long-standing struggles: the approximately US$70 billion left on the table when people are unable to start a home improvement project because they can’t envision what it will look like.

When the lab presented leaders with the first comic, “it was like a light bulb went on,” says Manna. “Not only did they immediately understand the value of the concept, they were convinced that if we didn’t build it, someone else would.”

Today, Lowe’s customers in select stores can use the HoloRoom How To virtual reality tool to learn basic DIY skills in an interactive and immersive environment.

Other comics followed and were greeted with similar enthusiasm—and investment, where possible. One tells the story of robots that help customers navigate stores. That comic spawned the LoweBot, which roamed the aisles of several Lowe’s stores during a pilot program in California and is being evaluated to determine next steps.

And the comic about tools that can be 3D-printed in space? Last year, Lowe’s partnered with Made in Space, which specializes in making 3D printers that can operate in zero gravity, to install the first commercial 3D printer in the International Space Station, where it was used to make tools and parts for astronauts.

The comics are the result of sending writers out on an open-ended assignment, armed with trends, market research, and other input, to envision what home improvement planning might look like in the future or what the experience of shopping will be in 10 years. The writers come back with several potential story ideas in a given area and work collaboratively with lab team members to refine it over time.

The process of working with writers and business partners to develop the comics helps the future strategy team at Lowe’s, working under chief development officer Richard D. Maltsbarger, to inhabit that future. They can imagine how it might play out, what obstacles might surface, and what steps the company would need to take to bring that future to life.

Once the final vision hits the page, the lab team can clearly envision how to work backward to enable the innovation. Importantly, the narrative is shared not only within the company but also out in the world. It serves as a kind of “bat signal” to potential technology partners with capabilities that might be required to make it happen, says Manna. “It’s all part of our strategy for staking a claim in the future.”

Planning must become completely oriented toward—and sourced from—the future.

Companies like Lowe’s are realizing that standard ways of planning for the future won’t get them where they need to go. The problem with traditional strategic planning is that the approach, which dates back to the 1950s and has remained largely unchanged since then, is based on the company’s existing mission, resources, core competencies, and competitors.

Yet the future rarely looks like the past. What’s more, digital technology is now driving change at exponential rates. Companies must be able to analyze and assess the potential impacts of the many variables at play, determine the possible futures they want to pursue, and develop the agility to pivot as conditions change along the way.

This is why planning must become completely oriented toward—and sourced from—the future, rather than from the past or the present. “Every winning strategy is based on a compelling insight, but most strategic planning originates in today’s marketplace, which means the resulting plans are constrained to incremental innovation,” says Bob Johansen, distinguished fellow at the Institute for the Future. “Most corporate strategists and CEOs are just inching their way to the future.” (Read more from Bob Johansen in the Thinkers story, “Fear Factor.”)

Inching forward won’t cut it anymore. Half of the S&P 500 organizations will be replaced over the next decade, according to research company Innosight. The reason? They can’t see the portfolio of possible futures, they can’t act on them, or both. Indeed, when SAP conducts future planning workshops with clients, we find that they usually struggle to look beyond current models and assumptions and lack clear ideas about how to work toward radically different futures.

Companies that want to increase their chances of long-term survival are incorporating three steps: envisioning, planning for, and executing on possible futures. And doing so all while the actual future is unfolding in expected and unexpected ways.

Those that pull it off are rewarded. A 2017 benchmarking report from the Strategic Foresight Research Network (SFRN) revealed that vigilant companies (those with the most mature processes for identifying, interpreting, and responding to factors that induce change) achieved 200% greater market capitalization growth and 33% higher profitability than the average, while the least mature companies experienced negative market-cap growth and had 44% lower profitability.

Looking Outside the Margins

“Most organizations lack sufficient capacity to detect, interpret, and act on the critically important but weak and ambiguous signals of fresh threats or new opportunities that emerge on the periphery of their usual business environment,” write George S. Day and Paul J. H. Schoemaker in their book Peripheral Vision.

But that’s exactly where effective future planning begins: examining what is happening outside the margins of day-to-day business as usual in order to peer into the future.

Business leaders who take this approach understand that despite the uncertainties of the future there are drivers of change that can be identified and studied and actions that can be taken to better prepare for—and influence—how events unfold.

That starts with developing foresight, typically a decade out. Ten years, most future planners agree, is the sweet spot. “It is far enough out that it gives you a bit more latitude to come up with a broader way to the future, allowing for disruption and innovation,” says Brian David Johnson, former chief futurist for Intel and current futurist in residence at Arizona State University’s Center for Science and the Imagination. “But you can still see the light from it.”

The process involves gathering information about the factors and forces—technological, business, sociological, and industry or ecosystem trends—that are effecting change to envision a range of potential impacts.

Seeing New Worlds

Intel, for example, looks beyond its own industry boundaries to envision possible future developments in adjacent businesses in the larger ecosystem it operates in. In 2008, the Intel Labs team, led by anthropologist Genevieve Bell, determined that the introduction of flexible glass displays would open up a whole new category of foldable consumer electronic devices.

To take advantage of that advance, Intel would need to be able to make silicon small enough to fit into some imagined device of the future. By the time glass manufacturer Corning unveiled its ultra-slim, flexible glass surface for mobile devices, laptops, televisions, and other displays of the future in 2012, Intel had already created design prototypes and kicked its development into higher gear. “Because we had done the future casting, we were already imagining how people might use flexible glass to create consumer devices,” says Johnson.

Because future planning relies so heavily on the quality of the input it receives, bringing in experts can elevate the practice. They can come from inside an organization, but the most influential insight may come from the outside and span a wide range of disciplines, says Steve Brown, a futurist, consultant, and CEO of BaldFuturist.com who worked for Intel Labs from 2007 to 2016.

Companies may look to sociologists or behaviorists who have insight into the needs and wants of people and how that influences their actions. Some organizations bring in an applied futurist, skilled at scanning many different forces and factors likely to coalesce in important ways (see Do You Need a Futurist?).

Do You Need a Futurist?

Most organizations need an outsider to help envision their future. Futurists are good at looking beyond the big picture to the biggest picture.

Business leaders who want to be better prepared for an uncertain and disruptive future will build future planning as a strategic capability into their organizations and create an organizational culture that embraces the approach. But working with credible futurists, at least in the beginning, can jump-start the process.

“The present can be so noisy and business leaders are so close to it that it’s helpful to provide a fresh outside-in point of view,” says veteran futurist Bob Johansen.

To put it simply, futurists like Johansen are good at connecting dots—lots of them. They look beyond the boundaries of a single company or even an industry, incorporating into their work social science, technical research, cultural movements, economic data, trends, and the input of other experts.

They can also factor in the cultural history of the specific company with whom they’re working, says Brian David Johnson, futurist in residence at Arizona State University’s Center for Science and the Imagination. “These large corporations have processes and procedures in place—typically for good reasons,” Johnson explains. “But all of those reasons have everything to do with the past and nothing to do with the future. Looking at that is important so you can understand the inertia that you need to overcome.”

One thing the best futurists will say they can’t do: predict the future. That’s not the point. “The future punishes certainty,” Johansen says, “but it rewards clarity.” The methods futurists employ are designed to trigger discussions and considerations of possibilities corporate leaders might not otherwise consider.

You don’t even necessarily have to buy into all the foresight that results, says Johansen. Many leaders don’t. “Every forecast is debatable,” Johansen says. “Foresight is a way to provoke insight, even if you don’t believe it. The value is in letting yourself be provoked.”

External expert input serves several purposes. It brings everyone up to a common level of knowledge. It can stimulate and shift the thinking of participants by introducing them to new information or ideas. And it can challenge the status quo by illustrating how people and organizations in different sectors are harnessing emerging trends.

The goal is not to come up with one definitive future but multiple possibilities—positive and negative—along with a list of the likely obstacles or accelerants that could surface on the road ahead. The result: increased clarity—rather than certainty—in the face of the unknown that enables business decision makers to execute and refine business plans and strategy over time.

Plotting the Steps Along the Way

Coming up with potential trends is an important first step in futuring, but even more critical is figuring out what steps need to be taken along the way: eight years from now, four years from now, two years from now, and now. Considerations include technologies to develop, infrastructure to deploy, talent to hire, partnerships to forge, and acquisitions to make. Without this vital step, says Brown, everybody goes back to their day jobs and the new thinking generated by future planning is wasted. To work, the future steps must be tangible, concrete, and actionable.

Organizations must build a roadmap for the desired future state that anticipates both developments and detours, complete with signals that will let them know if they’re headed in the right direction. Brown works with corporate leaders to set indicator flags to look out for on the way to the anticipated future. “If we see these flagged events occurring in the ecosystem, they help to confirm the strength of our hypothesis that a particular imagined future is likely to occur,” he explains.

For example, one of Brown’s clients envisioned two potential futures: one in which gestural interfaces took hold and another in which voice control dominated. The team set a flag to look out for early examples of the interfaces that emerged in areas such as home appliances and automobiles. “Once you saw not just Amazon Echo but also Google Home and other copycat speakers, it would increase your confidence that you were moving more towards a voice-first era rather than a gesture-first era,” Brown says. “It doesn’t mean that gesture won’t happen, but it’s less likely to be the predominant modality for communication.”

How to Keep Experiments from Being Stifled

Once organizations have a vision for the future, making it a reality requires testing ideas in the marketplace and then scaling them across the enterprise. “There’s a huge change piece involved,”
says Frank Diana, futurist and global consultant with Tata Consultancy Services, “and that’s the place where most
businesses will fall down.”

Many large firms have forgotten what it’s like to experiment in several new markets on a small scale to determine what will stick and what won’t, says René Rohrbeck, professor of strategy at the Aarhus School of Business and Social Sciences. Companies must be able to fail quickly, bring the lessons learned back in, adapt, and try again.

Lowe’s increases its chances of success by creating master narratives across a number of different areas at once, such as robotics, mixed-reality tools, on-demand manufacturing, sustainability, and startup acceleration. The lab maps components of each by expected timelines: short, medium, and long term. “From there, we’ll try to build as many of them as quickly as we can,” says Manna. “And we’re always looking for that next suite of things that we should be working on.” Along the way certain innovations, like the HoloRoom How-To, become developed enough to integrate into the larger business as part of the core strategy.

One way Lowe’s accelerates the process of deciding what is ready to scale is by being open about its nascent plans with the world. “In the past, Lowe’s would never talk about projects that weren’t at scale,” says Manna. Now the company is sharing its future plans with the media and, as a result, attracting partners that can jump-start their realization.

Seeing a Lowe’s comic about employee exoskeletons, for example, led Virginia Tech engineering professor Alan Asbeck to the retailer. He helped develop a prototype for a three-month pilot with stock employees at a Christiansburg, Virginia, store.

The high-tech suit makes it easier to move heavy objects. Employees trying out the suits are also fitted with an EEG headset that the lab incorporates into all its pilots to gauge unstated, subconscious reactions. That direct feedback on the user experience helps the company refine its innovations over time.

Make the Future Part of the Culture

Regardless of whether all the elements of its master narratives come to pass, Lowe’s has already accomplished something important: It has embedded future thinking into the culture of the company.

Companies like Lowe’s constantly scan the environment for meaningful economic, technology, and cultural changes that could impact its future assessments and plans. “They can regularly draw on future planning to answer challenges,” says Rohrbeck. “This intensive, ongoing, agile strategizing is only possible because they’ve done their homework up front and they keep it updated.”

It’s impossible to predict what’s going to happen in the future, but companies can help to shape it, says Manna of Lowe’s. “It’s really about painting a picture of a preferred future state that we can try to achieve while being flexible and capable of change as we learn things along the way.” D!


About the Authors

Dan Wellers is Global Lead, Digital Futures, at SAP.

Kai Goerlich is Chief Futurist at SAP’s Innovation Center Network.

Stephanie Overby is a Boston-based business and technology journalist.


Read more thought provoking articles in the latest issue of the Digitalist Magazine, Executive Quarterly.

Comments

Dan Wellers

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation.

Share your thoughts with Kai on Twitter @KaiGoe.heif Futu

About Stephanie Overby

Tags:

The Human Factor In An AI Future

Dan Wellers and Kai Goerlich

As artificial intelligence becomes more sophisticated and its ability to perform human tasks accelerates exponentially, we’re finally seeing some attempts to wrestle with what that means, not just for business, but for humanity as a whole.

From the first stone ax to the printing press to the latest ERP solution, technology that reduces or even eliminates physical and mental effort is as old as the human race itself. However, that doesn’t make each step forward any less uncomfortable for the people whose work is directly affected – and the rise of AI is qualitatively different from past developments.

Until now, we developed technology to handle specific routine tasks. A human needed to break down complex processes into their component tasks, determine how to automate each of those tasks, and finally create and refine the automation process. AI is different. Because AI can evaluate, select, act, and learn from its actions, it can be independent and self-sustaining.

Some people, like investor/inventor Elon Musk and Alibaba founder and chairman Jack Ma, are focusing intently on how AI will impact the labor market. It’s going to do far more than eliminate repetitive manual jobs like warehouse picking. Any job that involves routine problem-solving within existing structures, processes, and knowledge is ripe for handing over to a machine. Indeed, jobs like customer service, travel planning, medical diagnostics, stock trading, real estate, and even clothing design are already increasingly automated.

As for more complex problem-solving, we used to think it would take computers decades or even centuries to catch up to the nimble human mind, but we underestimated the exponential explosion of deep learning. IBM’s Watson trounced past Jeopardy champions in 2011 – and just last year, Google’s DeepMind AI beat the reigning European champion at Go, a game once thought too complex for even the most sophisticated computer.

Where does AI leave human?

This raises an urgent question for the future: How do human beings maintain our economic value in a world in which AI will keep getting better than us at more and more things?

The concept of the technological singularity – the point at which machines attain superhuman intelligence and permanently outpace the human mind – is based on the idea that human thinking can’t evolve fast enough to keep up with technology. However, the limits of human performance have yet to be found. It’s possible that people are only at risk of lagging behind machines because nothing has forced us to test ourselves at scale.

Other than a handful of notable individual thinkers, scientists, and artists, most of humanity has met survival-level needs through mostly repetitive tasks. Most people don’t have the time or energy for higher-level activities. But as the human race faces the unique challenge of imminent obsolescence, we need to think of those activities not as luxuries, but as necessities. As technology replaces our traditional economic value, the economic system may stop attaching value to us entirely unless we determine the unique value humanity offers – and what we can and must do to cultivate the uniquely human skills that deliver that value.

Honing the human advantage

As a species, humans are driven to push past boundaries, to try new things, to build something worthwhile, and to make a difference. We have strong instincts to explore and enjoy novelty and risk – but according to psychologist Mihaly Csikszentmihalyi, these instincts crumble if we don’t cultivate them.

AI is brilliant at automating routine knowledge work and generating new insights from existing data. What it can’t do is deduce the existence, or even the possibility, of information it isn’t already aware of. It can’t imagine radical new products and business models. Or ask previously unconceptualized questions. Or envision unimagined opportunities and achievements. AI doesn’t even have common sense! As theoretical physicist Michio Kaku says, a robot doesn’t know that water is wet or that strings can pull but not push. Nor can robots engage in what Kaku calls “intellectual capitalism” – activities that involve creativity, imagination, leadership, analysis, humor, and original thought.

At the moment, though, we don’t generally value these so-called “soft skills” enough to prioritize them. We expect people to develop their competency in emotional intelligence, cross-cultural awareness, curiosity, critical thinking, and persistence organically, as if these skills simply emerge on their own given enough time. But there’s nothing soft about these skills, and we can’t afford to leave them to chance.

Lessons in being human

To stay ahead of AI in an increasingly automated world, we need to start cultivating our most human abilities on a societal level – and to do so not just as soon as possible, but as early as possible.

Singularity University chairman Peter Diamandis, for example, advocates revamping the elementary school curriculum to nurture the critical skills of passion, curiosity, imagination, critical thinking, and persistence. He envisions a curriculum that, among other things, teaches kids to communicate, ask questions, solve problems with creativity, empathy, and ethics, and accept failure as an opportunity to try again. These concepts aren’t necessarily new – Waldorf and Montessori schools have been encouraging similar approaches for decades – but increasing automation and digitization make them newly relevant and urgent.

The Mastery Transcript Consortium is approaching the same problem from the opposite side, by starting with outcomes. This organization is pushing to redesign the secondary school transcript to better reflect whether and how high school students are acquiring the necessary combination of creative, critical, and analytical abilities. By measuring student achievement in a more nuanced way than through letter grades and test scores, the consortium’s approach would inherently require schools to reverse-engineer their curricula to emphasize those abilities.

Most critically, this isn’t simply a concern of high-tuition private schools and “good school districts” intended to create tomorrow’s executives and high-level knowledge workers. One critical aspect of the challenge we face is the assumption that the vast majority of people are inevitably destined for lives that don’t require creativity or critical thinking – that either they will somehow be able to thrive anyway or their inability to thrive isn’t a cause for concern. In the era of AI, no one will be able to thrive without these abilities, which means that everyone will need help acquiring them. For humanitarian, political, and economic reasons, we cannot just write off a large percentage of the population as disposable.

In the end, anything an AI does has to fit into a human-centered value system that takes our unique human abilities into account. Why would we want to give up our humanity in favor of letting machines determine whether or not an action or idea is valuable? Instead, while we let artificial intelligence get better at being what it is, we need to get better at being human. That’s how we’ll keep coming up with groundbreaking new ideas like jazz music, graphic novels, self-driving cars, blockchain, machine learning – and AI itself.

Read the executive brief Human Skills for the Digital Future.

Build an intelligent enterprise with AI and machine learning to unite human expertise and computer insights. Run live with SAP Leonardo.


Comments

Dan Wellers

About Dan Wellers

Dan Wellers is founder and leader of Digital Futures at SAP, a strategic insights and thought leadership discipline that explores how digital technologies drive exponential change in business and society.

Kai Goerlich

About Kai Goerlich

Kai Goerlich is the Chief Futurist at SAP Innovation Center network His specialties include Competitive Intelligence, Market Intelligence, Corporate Foresight, Trends, Futuring and ideation.

Share your thoughts with Kai on Twitter @KaiGoe.heif Futu