Experts Matter. Find Yours.
Connect for media, speaking, professional opportunities & more.
As Flexible Voting Options Scrutinized, Expert Says Online Voting Not a Safe Alternative
The popularity of — and controversies surrounding — early voting and mail-in ballots demonstrates a demand for more flexible voting options. But online voting shouldn’t be up for consideration, according to James Hendler, the head of the Institute for Data Exploration and Applications at Rensselaer Polytechnic Institute. Hendler also chairs the U.S. Technology Policy Committee of the Association for Computing Machinery, the world’s largest and oldest society of individuals involved in all aspects of computing. In public statements expressing his own opinion and on behalf of the ACM, Hendler has discussed the vulnerabilities of online voting and the organization’s effort to press against its adoption. Hendler argues that online voting is not, and cannot be made to be, secure against malware and denial of service attacks — and that no app or underlying technology, including blockchain, holds potential to overcome those challenges. "The current state of mobile voting is that we are not ready to deploy it at scale, that it has significant technical and socio-technical aspects, particularly cybersecurity, that we need to worry about, and that there are alternatives,” Hendler said. “The ACM has worked hard as an organization to explain our evidence-based reasoning, and to express the hope that online-voting won’t be used now and in the foreseeable future.” In explaining why online voting is more complicated than online banking, shopping and other common internet activities, Hendler said, “The main reason that online voting is more complex is that it must maintain anonymity, no one is allowed to know how you voted. Securing online voting without providing access to identity is extremely difficult. There are other reasons as well including the staggering cost and the lack of a centralized US authority, but identity management remains the number one.” Under his leadership, the ACM’s U.S. Technology Policy Committee, along with leading organizations and experts in cybersecurity and computing, sent a letter to all governors, secretaries of state and other state election directors urging them not to allow the use of internet or voting app systems. Hendler has extensive experience in policy and advisory positions that consider aspects of artificial intelligence, cybersecurity and internet and web technologies as they impact issues such as online voting and the regulation of social media and powerful technologies including facial recognition and artificial intelligence. In light of ongoing political unrest, Hendler is available to speak to diverse aspects of information technology as related to the election, AI in applications like policing, and the politics related to social media.
Lockdown teleworking impacts productivity of women more than men
When the COVID-19 pandemic led countries all over the world to lock down their economies in early 2020, there was an unprecedented global shift to teleworking in white collar sectors. A trend that had been gathering traction was suddenly and exponentially accelerated and many of the world’s largest corporations, Google and Facebook among them, have announced plans allowing employees to work from home well into 2021 or indefinitely. Remote working not only appears to work, but it appears to have a number of advantages—savings in office maintenance costs and time spent commuting, not to mention enabling organizations to safeguard productivity when there’s a major shock or crisis. But is it all good news? Or good news for all? A new paper by Ruomeng Cui, assistant professor of information systems and operations management at Emory’s Goizueta Business School, reveals an important drop in the productivity of female academics around the world in the wake of the COVID-19 lockdowns. In fact, in the ten weeks following the initial lockdown in the United States, their productivity fell by a stunning 13.9 percent relative to that of male colleagues. And it’s likely to do with the disproportionate burden of responsibility for household needs and childcare that persistently falls on women, Cui said. “We know that gender inequality persists both in the workplace and at home, and we were curious to see how the lockdown scenario would attenuate or exacerbate the situation for women,” Cui said. Anecdotal evidence from her own field—academia—showed that in the weeks following the stay at home mandate in March, there was an upswing of around 20 to 30 percent of papers submitted to journals. However, the overwhelming majority of these were being authored by men. Intrigued, Cui teamed up with Goizueta doctoral student Hao Ding and Feng Zhu from Harvard Business School to conduct a systematic study of female academics’ productivity and output during this period. “We knew that the lockdown had disrupted life for everyone, including academics. With schools and kindergartens closed and people taking care of work and household obligations at home, we intuited that women would be affected more than men as they are disproportionately burdened with domestic and childcare duties,” Cui said. For female academics this would theoretically be particularly acute, as the critical thinking that goes into research calls for quiet, interruption-free environments. To put this to the test, Cui and her co-authors created a large data set covering all the new social science research papers produced by men and women, across 18 disciplines and submitted to SSRN, a research repository, between December 2018 to May 2019 and then from December 2019 to May 2020. From this set, they were able to extract information on titles, authors’ names, affiliations, and addresses to identify their countries and institutions, as well as faculty pages to distinguish between men and women. In total they collected just under 43,000 papers written by more than 76,000 authors in 25 countries. Looking at the data, Cui and her colleagues were able to compute the total number of papers produced by male and female academics each week and then compare the productivity of both before and after the start of the lockdown. Prior to the pandemic, the 2019 period showed no significant changes in productivity in either gender. But in the 10 weeks following the shock of lockdown, a clear gap emerges between men and women, with female academics’ productivity falling by just under 14 percent in comparison to their male colleagues. Interestingly the effect was more pronounced in top-ranked research universities. This is likely because top schools require faculty to publish research as the primary requisite for promotion, so men would be motivated to continue authoring papers before and after the lockdown. These findings lend solid, empirical clout to the notion that women do take a hit to productivity when care and work time are reorganized, Cui noted. “We see clearly that women are producing less work as a consequence of working from home. In the field of academia, that has huge implications as achieving a permanent position, or tenure, is generally linked to your research output,” she said. “So, there is a serious fairness issue there. If women are producing less because the burden of household responsibility is greater for them than for men, then you’re likely to see fewer female academics get tenure through no fault of their own.” Indeed, one of the other findings of the study shows that while productivity fell, the quality of female-authored research measured by downloads and citations did not. Then there’s the issue of teleworking and gender. With a significant proportion of the world’s white-collar organizations still working from home and unlikely to head back to the office any time soon—and as many schools and childcare facilities remain closed due to the pandemic—Cui is concerned that productivity as a measure of value and a marker of success might mean the odds are further stacked against women. And not just in academia. “We looked at universities in particular, but our findings can really be externalized to any other industry because the underlying issues here are universal. So, with remote working becoming normalized, I think there’s a real onus on organizations of every type to think about how to mitigate these unintended consequences,” she said. “There needs to be more thought about how we measure value or potential of employees.” Cui calls for organizations and institutions to consider these factors when they evaluate male and female workers in the present context and looking to the future. Among the kinds of proactive moves they might consider are to make training programs for male and female employees that explore fairness and encourage a more even distribution of responsibility in the home and for children. “There’s nothing to be gained in prioritizing productivity as a tool for evaluation and just giving women more time, say, to produce as much,” Cui warned. “You’re just left with the same scenario of women doing more than their fair share. Solving this issue is really much more about being aware of it, getting educated about it, and changing your mindset.” If you are a journalist looking to cover this research or speak with Professor Ciu about the subjects of telework and productivity, simply click on her icon now to arrange an interview today.
Network Science Offers Key Insights into Polarization, Disinformation, and Minority Power
People tend to think of the arena of politics as being driven by human decision and emotions, and therefore unpredictable. But network scientists like Boleslaw Szymanski, a computer science professor at Rensselaer Polytechnic Institute, have found that the country’s political activity – from American society’s ever-growing partisan divide to its grappling with the spread of misinformation online – can be explained by abstract and elegant models. These models provide insights — and even answers — to a number of pressing questions: Is increasing access to information driving us apart? Can an entrenched minority ultimately prevail? Could structural changes be made that insulate us from misinformation and reduce the polarization that divides us? Szymanski studies the technical underpinnings of our choices, how we influence one another, and the impact of the algorithms we rely upon to navigate a growing ocean of information. His work has yielded fascinating insights, including research on how a committed minority will overcome less determined opposition and the development of a parameter to determine what drives polarization in Congress. Through his research on the influence of minority opinions, Szymanski found that when just 10 percent of the population holds an unshakable belief, it will ultimately be adopted by the majority of the society. “When the number of committed opinion holders is below 10 percent, there is no visible progress in the spread of ideas. It would literally take the amount of time comparable to the age of the universe for this size group to reach the majority,” said Szymanski, a computer science professor at Rensselaer Polytechnic Institute. “Once that number grows above 10 percent, the idea spreads like flame.” In his present work, Szymanski is researching tools for measuring the level of polarization in specific news sites, search engines, and social media services, and developing remedies, like algorithms that offer better data provenance, detect misinformation, and create internal consistency reasoning, background consistency reasoning, and intra-element consistency reasoning tools. “Informed citizens are the foundation of democracy, but the driving interest of big companies that supply information is to sell us a product,” Szymanski said. “The way they do that on the internet is to repeat what we showed interest in. They’re not interested in a reader’s growth — they’re interested in the reader’s continued attention.” With the political environment becoming increasingly bitter and dubious information becoming ever more prevalent, Szymanski is available to discuss his research on polarization, disinformation, and the power of a committed minority.
The Alexa Effect: How the internet of things (IoT) is increasing retail sales
Imagine this scenario. You’re out of coffee but with the click of a button or a simple voice command, you reorder a two months’ supply that will arrive the same day. And that almond milk you like? Well, imagine your fridge already knew you were running low on supplies and independently sent the order to restock before you ran out. The stuff of science-fiction until only recently, internet of things (IoT) technology is beginning to change the way we live and work. Simply put, IoT is a system of interrelated devices—things that can include gadgets, digital objects, or machines, wearables and so on—which have the capacity to send and receive data over a network without human agency or human interaction. As a technology, IoT is novel, and it’s poised to reconfigure a range of sectors and industries—among them, the world of retail. Amazon is a leader in the consumer-facing space with an ecosystem of apps like Alexa, Fire TV, and the now-defunct Dash Button. Meanwhile, tech-savvy retailers are using IoT to facilitate operations. Smart shelves in stores can detect the status of perishable goods or inventory requirements; radio frequency identification (RFID) sensors can actively track the progress of produce through the supply chain. Retailers can even use IoT to send customers personalized digital coupons when they walk into the store. As IoT continues to gain traction around the globe, the potential for efficiency-boosting innovation in retail is clear. Less clear, however, is its actual impact on consumer choices and behaviors. Sure, IoT can save time and mental effort, but how does that translate into real-world business outcomes? This is the question that underscores new research by Vilma Todri and Panagiotis Adamopoulos, both assistant professors of information systems and operations management at Emory’s Goizueta Business School. They were keen to understand whether consumer behavior is significantly changed under the regime of this new technology as it continues its roll out across the world. Specifically, they wanted to know if IoT technology actually increases demand for products. And it turns out that it does. “IoT technology in retail is really in its infancy, so understanding its impact on users and business is key,” Adamopoulos said. “We wanted to shed light on these dynamics at this early point to spark interest and generate more debate around how retailers can leverage this technology.” Together with Stern’s Anindya Ghose, he and Todri put together a large data-set with information about sales of certain products in countries with existing IoT retail markets and in others where the technology has not yet been introduced. “We needed to take into account these sorts of variables to really understand the effect,” Todri said. “So, we had our control group of non-IoT retail markets, and we were able to compare sales data for the same products in countries where the technology has been adopted.” The researchers also controlled for time trends, looking at the impact on sale prior to and post IoT adoption. “Looking at the data over time and pinpointing the exact moment when a product has been made available for sale via IoT sales channels across different countries and at different moments, we were able to infer the effect of the technology on product sales,” Todri said. In total, they looked at sales for the same or similar products in six countries between 2015 and 2017. They also compared sales across different retailers. “By analyzing the same sales information for different products in different markets using different channels across the world, we can see differences in the data that can only be attributable to this new technological feature,” Adamopoulos said. And the differences are significant. The concept is fascinating, and if you are interested in learning more, a complete article about this topic is attached: If you are a journalist or looking to learn more about IoT, our experts can help. Vilma Todri and Panagiotis Adamopoulos, both assistant professors of information systems and operations management at Emory’s Goizueta Business School. Both experts are available to speak with media; simply click on either expert's icon to arrange an interview today.
Is hospital advertising actually good for our health?
Hospitals and healthcare organizations in the U.S. spend $1.5 billion on advertising every year. It’s a topic that provokes lively debate and a certain amount of controversy. Medical bodies, policy makers, and scholars alike question the ethics and efficacy of using (constrained) budgets to promote hospitals to patients. Diwas KC, professor of information systems & operations management at Emory University’s Goizueta Business School, and Tongil Kim, an assistant professor of management at Naveen Jindal School of Management in Texas, conducted a large-scale study of hospitals and patients in the state of Massachusetts to better understand the impact of hospital advertising. What they found is striking: Not only does television advertising work, it significantly drives demand, attracting patients living far from the hospital and beyond its regular area. And that’s not all. KC and Kim discovered that limiting hospital advertising or imposing an outright ban, as some groups have called for, might actually have serious negative effects on patient healthcare. “There has been a lot of discussion about banning advertising over recent years because of uncertainties around wasting money and resources,” KC said. In the paper “Impact of hospital advertising on patient demand and outcomes,” KC shows that there is a correlation between the amount spent on TV advertising and the quality of the hospital in question. Healthcare facilities that invest more in advertising tend to be “better” hospitals, he adds; they offer higher caliber care and services and, as such, they see much lower patient readmission rates—a key quality metric in healthcare. To get to these insights, KC and Kim looked at more than 220,000 individual patient visits to hospitals in the state of Massachusetts over a 24-month period. Among the data they collected were things like hospital type, location, and dollars spent on advertising. Patients were documented in terms of medical conditions, insurance, zip codes (to determine residence), and median household income. They were able to contrast those hospitals that invested in television advertising and those that did not. With the former, they uncovered a significant uptick in patient visits, with people coming from far further afield. This was particularly true of wealthier patients. Then there’s the question of patient outcomes. Here the data showed unequivocally that it’s the high-quality, low-readmission hospitals that advertise more—something that KC attributes to the natural tendency to get “more bang for the advertising buck when the quality of your product or service is better.” As for banning advertising, this would negatively impact these hospitals, he argues, limiting their ability to attract patients. It could also lead to an increase in population-level readmission rates. “Patient readmission rates are one of the key metrics along with mortality rates that tell us how well a healthcare facility is working,” said KC. “If a patient gets discharged but has to come back to a hospital in, say, 30 days, unless it’s a chronic condition or ongoing treatment, it’s a good indication that the patient didn’t get the level of care they should have the first time.” Indeed, “when we looked at all of the data, we found that the hospitals where there were fewest revisit rates were those that advertised more,” he said. KC finds that a blanket ban on hospital advertising could lead to an extra 1.2 readmissions for every 100 patients discharged. It’s a significant and “surprising” finding. And one that should inform the debate around healthcare advertising spend in the U.S. “There’s also the idea that this is a zero-sum game because if a patient doesn’t go to hospital A, they’re just going to go to hospital B—the one that advertises more—splitting the pie in different ways but not increasing that pie,” KC said. “What our study finds is that yes, advertising does draw patients away from one facility and towards another, but that the latter generally delivers better patient outcomes,” he said. “So, there is a social welfare benefit right there that suggests that you should not ban hospital advertising. There are real health benefits in allowing [advertising] to happen.” If you are a journalist looking to cover this topic - then let our experts help. Diwas KC is a Professor of Information Systems & Operations Management at Emory University’s Goizueta Business School. He is an expert in the areas of Data Analytics, Operations, and Healthcare. If you are interesting in arranging an interview - simply click on his icon to set up a time today.
Exploring the direct link between drug abuse and the internet
Drug overdoses account for a staggering number of deaths in the United States. In 2017 alone, more than 70,000 U.S. citizens died from opioid overdoses, a number that eclipses the death toll due to traffic accidents, gun violence, or HIV in the same year. Among the academic community, media and national organizations such as the Drug Enforcement Agency (DEA) and the Food and Drug Administration (FDA), there is a growing consensus that the internet plays a key role in enabling access to illicit drugs in America. As far back as 2005, the DEA referred to the internet as an “open medicine cabinet; a help-yourself pill bazaar to help you feel good.” But until now, the jury has been out about whether online platforms actually drive substance abuse among internet users. Research by Anandhi Bharadwaj, vice dean for faculty and research and Roberto C. Goizueta Endowed Chair in Electronic Commerce, along with doctoral candidate Jiayi Liu 22PhD, casts compelling new light on this issue. Their paper, Drug Abuse and the Internet: Evidence from Craigslist, was published in March 2020. By using data from Craigslist, one of the largest online platforms for classified advertisements, the researchers found a significant uptick in drug abuse in areas where Craigslist had become active in the last decade or so. Launched in San Francisco in 1995, Craigslist is a location-specific site that has been spreading to different U.S. cities in a staggered fashion since 2000. As the site has grown, so too have the number of illicit, user behaviors that exist in tandem with the many positive services it offers. Among these are prostitution and the sale of controlled or illicit drugs. The internet: a pipeline for narcotics Historically the sale and purchase of illegal drugs has happened in physical spaces—streets and urban areas prone to certain boundaries and limitations, not to mention the risk of arrest or potential violence. The internet has changed the game in two key ways. First, there is the simple mechanism of buyer-seller matching. Dealers and buyers transact online, which is more straightforward, faster and cuts through many of the risks associated with physical interaction. Simply put, it’s easy to buy drugs online. Second, there is the issue of anonymity. Research has documented how human beings behave differently when we believe our identity is shielded from others. We are prone to take more risks under the cloak of anonymity. Working off these two premises, Bharadwaj and Liu hypothesized that the internet not only facilitates the sale and purchase of drugs—it must also proactively spur supply and demand. To put this to the test, they documented the U.S. cities and counties where Craigslist has become operational since 2000 and then analyzed three other key variables: total number of people admitted into drug treatment facilities in different counties between 1997 and 2008, county-level drug abuse violations, and number of deaths caused by overdose per county. Eager to understand how this new access to drugs online might also be impacting people at a demographic and socioeconomic level, the researchers merged this data with statistics on age, ethnicity and poverty from the U.S. Census Bureau. Additionally, the authors compiled information about income and unemployment, crime and arrests from the Bureau of Labor Statistics and the FBI respectively. What they found was stunning. Not only is there a marked increase in drug-related treatments (14.9 percent), violations (5.7 percent) and deaths (6.0 percent) wherever Craigslist becomes operational in a city or county; the momentum of increasing drug abuse also continues to grow over time in that area. And that’s not all. Economic disadvantages—poverty, unemployment and lower standards of education—are typically associated with a higher risk of substance abuse. But the findings suggest that in fact it’s the wealthier, higher-educated groups—especially among whites, Asians, and women—that are more likely than others to engage in drug abuse once Craigslist starts operating in an area. In fact, they conclusively found an uptick in this kind of behavior where crime and drug abuse had been less prevalent previously. In other words, where drugs are becoming readily available online, there is a dramatic increase in new and first-time users. If you are interested in learning more or if you are a journalist looking to cover this research – then let our experts help. Professor Anandhi Bharadwaj is the Vice Dean for Faculty and Research and the Goizueta Endowed Chair in Electronic Commerce and Professor of Information Systems, Operations Management. To arrange an interview with – simply click on her icon today.
The initial doses of the first approved COVID-19 vaccine are here, and health care workers are part of the group that’s getting it first. One of them is Dr. David Banach, UConn Health infectious diseases physician and hospital epidemiologist, who sees the vaccine not only as a major breakthrough in the fight to end the pandemic, but also as an opportunity for his clinical colleagues to lead that effort and set the tone for the rest of the world. Here are some key facts about the COVID-19 vaccine, with Dr. Banach providing explanations of each: The COVID-19 vaccine won’t infect you with COVID-19. “There is no live virus in this vaccine, so you can’t actually get infected with SARS-CoV-2 from the vaccine. What this vaccine has is messenger RNA, which is a little bit of genetic code that allows the body’s natural machinery to make the protein that will generate an immune response." You may actually want some side effects from the COVID-19 vaccine. “You might get some soreness at the injection site, maybe some fatigue for a day or two, but that can be a good thing, a sign your body is making that immune response. That’s what is going to protect you in the future if you get exposed to the virus. The data from the clinical trials show the side effects – the soreness, fatigue, in some cases a short-lived fever – occur the first few days afterwards, and the rate of serious side effects is extraordinarily low for this vaccine.” The vaccine was developed relatively quickly, but not by compromising the scientific process. “When you look at Operation Warp Speed and how this process moved really quickly, that was really focused on the research and development piece and the manufacturing piece. Importantly, the phase 3 clinical trial was not rushed. This is the same type of clinical trial that we would do for any other vaccine. We followed people for at least two months. The clinical trials were huge, and they had diverse populations. So that part of the whole process wasn’t rushed at all, and that’s the most important part.” Don’t throw out those masks just yet. “We know this vaccine prevents people from developing symptomatic and severe COVID infection. I think what we don’t know is the effect it’s going to have on viral transmission, including asymptomatic shedding of virus. For instance, people who get the vaccine might still potentially shed virus, potentially at a lower level. The vaccine will prevent them from actually becoming ill, but vaccinated individuals might still be able to have virus in their nose and their respiratory system. Immunity from the vaccine is not instantaneous. “The COVID-19 vaccine clinical trials using the Pfizer-BioNTech and Moderna mRNA vaccines were designed using a two-dose series in order to generate the optimal level of protection from the vaccine. That’s why getting both doses of the vaccine is essential. Although there is likely some individual variability, immunity may not be optimal until several days after the second dose. The phase 3 clinical trials used a period of at least one-to-two weeks after the second dose as a marker of immunity during which they were able to demonstrate the efficacy of the vaccines in protecting against COVID-19 infection.” Dr. David Banach is one of the lead experts on COVID-19 in America. He is available to speak with media regarding the vaccination and what the future holds with regards to COVID-19. To book an interview – simply click on his icon and arrange a time now.
COVID-19 has raised the stakes for boards, argues Brunswick’s Paddy McGuinness, former UK Deputy National Security Adviser. We now live with COVID-19. Fewer business leaders are making the mistake of talking about “post-COVID” or “when this is over.” The better of them have factored in COVID-19 related constraints to their medium-term plans and are even thinking about how the world may change in the long-term. They are building capacity to take advantage of an early recovery within months, yet they are modeling and encouraging grit for current and indeed harder conditions to last much longer. In the past, when health emergencies—say the Spanish Flu pandemic of a century ago—subsided, there was a greater return to economic normality than had been expected during the crisis. Extreme events often heighten or even distort our perception of wider risks. That old journalistic cliché “one thing is certain, nothing will be the same again” is rarely true. But the pandemic has created the expectation that businesses will be resilient—that they will be able to respond to an event and recover to the state prior to the event, incorporating the lessons learned into business practice. Many business leaders feel they have not done too badly responding to a once-in-a-hundred-years event. Business Continuity Plans (BCPs), which were understandably sketchy for pandemics, were pulled out of second-line risk management and owned and improved in real-time by executive committees. The transition to remote working and, at least in Asia and some of Europe, the gradual return to offices again, has been managed. Services and even vital production have been maintained. Leaders have absorbed the personal and collective strain of this. Good reason then for some satisfaction as they delegate certain COVID-19 responses and focus on the economic tsunami that follows the pandemic. The public seems to largely agree with business leaders’ assessments. While many national and scientific leaders find themselves beset by “blamestorming,” corporate executives have been given more slack. They weren’t expected to have foreseen a pandemic. Their sometimes scrabbling responses are understood. However, behind this lucky pass lurks an expectation that businesses will now be more prepared for crises and foreseeable risks. Resilience cannot be relegated to BCPs and traditional risk-management structures. It is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Think how fast leaders have been expected to respond to the issues raised by the Black Lives Matter movement. Alacrity will be required. The speed and scale of decisions in response to the pandemic leaves board committees playing catch up to assure themselves that risks have been managed. The move to working from home has been rapid, so too the digitization of the business. Some see these as new, streamlined ways of working, yet the negative consequences are not yet fully apparent. Working from home, for instance, is attractive to some employees as well as chief financial officers, who may relish the chance to reduce fixed costs. Concerns about the impact on the coherence of the business’s culture, its productivity and innovation, the security of data held at home, hardships for those in difficult home conditions, and, indeed, the needs of the younger demographic who seem to favor a return to the office, need to be given due consideration. It may be a case of “decide in haste, repent at leisure.” Resilience is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Boards also need assurance that the business has regained its balance and can manage parallel or interrelated crises. In recent weeks we have been helping several clients respond to major cyber events unrelated to the COVID-19 outbreak. They have probably needed more external support than otherwise because their leadership capacity was inevitably denuded by pandemic response. And they have benefitted from us already knowing each other and having experience of how to work together in crisis. After the Great Financial Crash there was a heavy focus on balance-sheet resilience and having the requisite finance skills on boards. Business leaders are now beset by advice on the heightened obligation to be resilient in much a broader sense of the word. Regulators, lawyers and risk consultants are sharing checklists of factors for executive committees to take into account when managing risks and for boards to oversee. The challenge here is defining what changes your specific business needs and how to actually bring those about. Shareholders will be expecting a judicious move away from “just in time” systems to ones that can endure foreseeable risks. This isn’t just about potential legal liability or reputational risk. This is about setting your business culture for success. Undermanage risks and the business is wide open to damage from foreseeable shocks with all the loss of confidence and capability that follows. Overmanage and the business losses its competitive edge just when there is opportunity in the recovery. In order to track broader resilience, boards and their committees will need access to a wider set of skills and insight. Board membership emerges as an obvious area of focus. Yet each board will take more time and belonging to too many—“over boarding”—may well be unacceptable. Risk methodology and information flows will also have to be reviewed, alongside how to strengthen board members’ awareness and skills. Before the pandemic, chairs and CEOs were already wrestling with this for their difficult-to-price risks, such as data, technology risks and cyber. Individual experts on boards created siloed responsibility for what should have been a shared risk. A focus on process and method often led to a focus on the management, rather than genuine oversight of, risks. External advice didn’t always help (as we have learned from the plethora of competing advice around COVID-19). No single intervention will meet the new standard for resilience. Nor will simple prescription. A broader and more articulated approach is required if governance is to maintain stakeholder confidence and corporate reputation.
Resilience in the Face of COVID-19
Brunswick Senior Advisor Paddy McGuinness, former UK Deputy National Security Adviser, on how businesses can chart a course amid the fear and uncertainty. We are all becoming more familiar with this disease than we care to be—and may become yet more so. Still uncertainty remains. It began even with the terminology. Coronavirus is a descriptor, a general term. Under the microscope, the virus has crown-like spikes, hence corona. The common cold and variances of it are coronaviruses. COVID-19 (as in Corona Virus Disease 2019) is the effect that this particular coronavirus has on the human being—that’s the disease the world’s grappling with. That’s the distinction between the two terms. We’ve now spoken to more than 150 clients about their situation. That has given us a broad view of the corporate response across affected geographies from Asia, through the Middle East and Europe to the Americas, a window into how those responses have played out and the challenges continually unfolding. Here’s what we’ve been advising our clients: First, develop a single view that’s grounded in professional, well-sourced information. In government we called this “a commonly recognized information picture.” That view has to be based on the responsible medical experts: the World Health Organization, the Center for Disease Control, Public Health England and similar bodies. You do not get it from the newspapers, from social media, from friends, or even your local medic. You operate on the basis of informed medical and public health advice. The current vocal challenge to that advice in Europe and the US is not reason to depart from it as your foundation for the actions you take. A leadership team needs to develop the discipline to clarify that generic narrative into a specific frame for their business context and then operate within it. It’s dangerous for leaders to start pretending they’re epidemiologists. Have a single view and stick to it. I’ve been on calls with leadership teams where there’s agreement on that view and then someone says, “But I read that the disease ...” Don’t go there. Don’t work on that basis. The uncertainty is difficult enough to deal with. Don’t add to it. You will be focused first on the safety—the human consequences—of your course of action and then on the resilience of your business. That may cause you to anticipate some of the “Non Pharmaceutical Interventions” that government makes. Brunswick has. Having established your position, think through how you’re going to communicate it to employees, customers, and investors. What about your suppliers and regulators? How might you engage with local public health officials and local authorities? Exaggeration and understatement are equally unhelpful. These engagements need to be tailored, yet aligned within your broader narrative. Leaders also need to plan for reasonable worst-case scenarios. Covid-19 has already spread in a way that we hoped wouldn’t happen, and in a way that standard business continuity planning doesn’t cover. Now, many in the workforce have to work from home. Among other considerations, that produces additional cyber and data vulnerability. What if schools close and your employees have children at home they have to look after? What will your IT capabilities be if 20 to 40 percent of your team is incapacitated at any one time during the peak period? Are your HR teams prepared to deal with the most unfortunate case, where employees or their close relatives pass away? In extreme times, it can be tempting to take extreme positions. A lesson of crises is never to enter into something without knowing how you’re going to get out of it, how to reverse it. If companies are going to start shutting down their operations, how are they going to open again? On what justification? Taking fixed positions amid great uncertainty can prove restrictive—or counterproductive—when circumstances change. Resilience is the ability to respond and recover to the state prior to the event, having learned the lessons of the event. Respond and recover—that’s the long-term goal here. Covid-19 will pass. We know from other pandemics that recovery does come. How can you position yourself to take advantage of that recovery, to get back with speed and strength? Because some companies will. Now more than ever senior leaders need to talk about how things will be the other side of the crisis and to describe signs of recovery. This is easiest for enterprises with transnational reach. They recount what is happening in Asia as the disease passes so that European and US stakeholders can see beyond the immediate demands of emergency response. On a personal level, stick close to the medical experts and the people who know what they’re talking about. I may well get Covid-19 here in the United Kingdom. I assume that, like the vast majority of healthy people who get it, I will experience mild to moderate symptoms and recover just fine. If I don’t, I want health services to be available. I want the spread to be managed at sustainable levels, so I am doing what Government asks of me and avoiding all but essential contact with others and unnecessary travel. I expect that more will be asked of me, my family and colleagues before we are through this. I wouldn’t let Covid-19 overwhelm you in your daily life, given what we know. That’s certainly my intention: carry on with as much normality as possible, support others and use the unexpected circumstances to prepare for the recovery phase which will come.
Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. Within weeks of the COVID-19 outbreak, hackers have already commandeered the virus to unleash cyberattacks, sending emails purporting to provide coronavirus guidance laced with cyberattack software. In one more alarming case, they appear to have attacked a hospital and forced it to cancel operations and take key systems offline. As the outbreak continues to intensify, the UK National Cyber Security Centre (NCSC) warned that the volume of these attacks will likely increase, pointing to the increased registration of coronavirus-related webpages. Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. As companies move to protect the health of their workforce, it’s also important to protect the systems they’re using to run their businesses. It’s especially important for hospitals to shore-up their cyber defenses. If they don’t, just as they are racing to respond to COVID-19, they could face situations like University Hospital Brno in the Czech Republic, which earlier this month was forced to divert patients and cancel planned operations while it worked to address an attack. The most likely cyber threats are email “phishing” campaigns that use the coronavirus as a lure to get the recipient to open an attachment that contains malware. According to the NCSC, such “phishing” attempts are happening on a global scale in multiple countries, which has led to both a theft of money and sensitive data. Similarly, known hacker groups have been launching websites purporting to sell masks or other safety-related measures for coronavirus, possibly to use them as another vector for cyberattacks. The NCSC has also cautioned that these attacks are “versatile and can be conducted through various media, adapted to different sectors and monetized via multiple means, including ransomware, credential theft, bitcoin or fraud.” The cybersecurity firm ProofPoint has seen a rise in these cyberattack emails with COVID-19 themes since January. Both ProofPoint and IBM’s X-Force cybersecurity unit identified a campaign that targeted users in Japan with an email masquerading as a coronavirus information email that carries with it a potent type of cybercrime software. In the US, the Secret Service recently warned of scams from online criminals posing as sellers of high-demand medical supplies to prevent coronavirus. They’ll require payment upfront and not send the products. Cyber criminals have also been posing as the World Health Organization and the US Centers for Disease Control and Prevention (CDC), sending fraudulent emails from the former and “creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a vaccine” for the latter. In addition to the use of the coronavirus as a cyberattack vector, the growing need for working remotely to mitigate the spread of COVID-19 has increased companies’ exposure to cyber threats. The increase in remote work creates more opportunities for hackers to make inroads from less secure locations. Companies should also ensure they can provide adequate security when their whole workforce is remote. They should quickly work through the security implications of workers choosing to switch to insecure personal devices. With national-level pressures on home broadband, staff will also resort to mobile hotspots, which are often less secure. And enabling remote connectivity at scale, with the right security configurations, can be a challenge even with months of preparation time. A recent US Department of Homeland Security COVID-19 cybersecurity notice pointed to the importance of making sure that security measures are up to date for companies’ remote access systems. Additional measures to consider include enabling multifactor authentication—which can require two or more steps to verify a user’s identity before granting access to corporate networks. The NCSC is also working to identify malicious sites responsible for phishing and cyberattack software. A final looming cyberthreat related to Covid-19 is disinformation. The World Health Organization and other agencies have for months been combatting disinformation campaigns spreading false information about the origins of and treatments for COVID-19—reports that seed more confusion and increase risks to society. All of that means that computer virus risks are emerging as the biological virus spreads—and both are a threat to business. Cyber risk mitigation efforts should account for the different ways that a company can be affected, including impacts on the technical, operational, legal and reputational aspects of a business. Often, the reputational effects of a cyberattack are more significant than direct the business or technical impact. To mitigate all of the potential impacts of cyberattacks taking advantage of the Covid-19 outbreak, companies should: Review and update crisis and cybersecurity response plans, and ensure internal and external communications response plans are robust. Confirm that members of the crisis management team understand their roles and responsibilities. Make sure all communications channels have the latest security patches. Review and update access controls, particularly when remote access is used heavily, to make sure that only those who require access to sensitive systems to do their jobs have it. Take extra care when handling medical information. For companies managing employees who have contracted Covid-19, it’s important that personal health information is handled with strong security measures, including encryption. Educate employees about the cyber risks that may attempt to capitalize on fear of the Covid-19 virus—whether it be phishing email or disinformation. Covid-19 poses a number of short- and long-term challenges to business resilience, and the virus’s trajectory is quick and unpredictable. But it’s possible to anticipate and mitigate a number of the cyber threats that will try to ride the virus’s coattails. The companies that do will be more resilient and better positioned to withstand the direct health and operational effects of the virus.
