Experts Matter. Find Yours.

Heads up CFOs: The capital asset pricing model still rules

Firms invest in various things: bonds, stocks or other assets—new stores, new premises or even other firms. And they do so to earn maximum value from available cash that would otherwise be idle. For example, for the last five years Walmart generated an annual cash flow of more than $25 billion from its operations. The retailer has the option to channel this cash into opening new stores, ultimately growing its business and profits. Alternatively, Walmart can pay the cash out to its shareholders in the form of dividends, or through share repurchases. So far, it’s been productive. However, this win-win scenario is contingent on successfully navigating a number of complexities. Primary among these is that to invest optimally, you first need to determine the correct hurdle rate for that investment. Hurdle rates are the minimum rates of return that firms seek on their investments. The hurdle rate is the appropriate compensation commensurate with the investments’ risk. Therefore, the higher the risk, the higher the hurdle rate needs to be. For instance, a hurdle rate of 10% means that for every $100 invested, you would expect to earn an average of $10 average per year. But it’s tricky. You have to calculate the right hurdle rate that would add the most value for your shareholders—the optimal rate of return for you and your business. Too high and there’s risk of missing out on a good investment. If your right hurdle rate is 10%, but you mistakenly opt for 15%, you’re likely to ignore any investment that is projected to earn you less than 15%, but more than 10% is likely to be missed. As a result, you’ll end up leaving money on the table. Too low a hurdle rate and you’re in danger of burning money. Again, supposing your hurdle rate should be 10%, but you set it at 5%, you’re likely to end up investing in things with a suboptimal return. In the end, you’re wasting your cash on low value investments when you could be paying it directly to your shareholders in dividends and giving them the chance to earn 10% return on their own. For the last 50 years, the financial world has built models to calculate hurdle rates and rates of return. But which one works best? Shedding critical new light on this is a recently published paper by Narasimhan Jegadeesh, Dean’s Distinguished Chair of Finance at Goizueta, entitled “Empirical tests of asset pricing models with individual assets.” Jegadeesh and his co-authors developed new statistical methods to differentiate among a raft of new models that have been developed in recent years and to compare their efficacy to that of the Capital Asset Pricing Model (CAPM), a model introduced in the 1960s. What they found is that none of the newer models work any better than the CAPM in determining the appropriate hurdle rate or rate of return of an asset. That paper is attached and is required reading for CFOs and anyone interested in the Capital Asset Pricing Model. If you are looking to know more, or if you are a journalist interested in covering this important aspect of business and investing – then let our experts help. Narasimhan Jegadeesh is Dean’s Distinguished Chair of Finance at Goizueta. He is a renowned expert in this field and has been published extensively in the Journal of Finance, the Journal of Financial Economics, the Review of Financial Studies and other leading academic finance journals. His research has been discussed in several publications including Businessweek, The Economist, Forbes, Kiplinger's Personal Investments, Money, New York Times, and Smart Money.

Exploring the direct link between drug abuse and the internet

Drug overdoses account for a staggering number of deaths in the United States. In 2017 alone, more than 70,000 U.S. citizens died from opioid overdoses, a number that eclipses the death toll due to traffic accidents, gun violence, or HIV in the same year. Among the academic community, media and national organizations such as the Drug Enforcement Agency (DEA) and the Food and Drug Administration (FDA), there is a growing consensus that the internet plays a key role in enabling access to illicit drugs in America. As far back as 2005, the DEA referred to the internet as an “open medicine cabinet; a help-yourself pill bazaar to help you feel good.” But until now, the jury has been out about whether online platforms actually drive substance abuse among internet users. Research by Anandhi Bharadwaj, vice dean for faculty and research and Roberto C. Goizueta Endowed Chair in Electronic Commerce, along with doctoral candidate Jiayi Liu 22PhD, casts compelling new light on this issue. Their paper, Drug Abuse and the Internet: Evidence from Craigslist, was published in March 2020. By using data from Craigslist, one of the largest online platforms for classified advertisements, the researchers found a significant uptick in drug abuse in areas where Craigslist had become active in the last decade or so. Launched in San Francisco in 1995, Craigslist is a location-specific site that has been spreading to different U.S. cities in a staggered fashion since 2000. As the site has grown, so too have the number of illicit, user behaviors that exist in tandem with the many positive services it offers. Among these are prostitution and the sale of controlled or illicit drugs. The internet: a pipeline for narcotics Historically the sale and purchase of illegal drugs has happened in physical spaces—streets and urban areas prone to certain boundaries and limitations, not to mention the risk of arrest or potential violence. The internet has changed the game in two key ways. First, there is the simple mechanism of buyer-seller matching. Dealers and buyers transact online, which is more straightforward, faster and cuts through many of the risks associated with physical interaction. Simply put, it’s easy to buy drugs online. Second, there is the issue of anonymity. Research has documented how human beings behave differently when we believe our identity is shielded from others. We are prone to take more risks under the cloak of anonymity. Working off these two premises, Bharadwaj and Liu hypothesized that the internet not only facilitates the sale and purchase of drugs—it must also proactively spur supply and demand. To put this to the test, they documented the U.S. cities and counties where Craigslist has become operational since 2000 and then analyzed three other key variables: total number of people admitted into drug treatment facilities in different counties between 1997 and 2008, county-level drug abuse violations, and number of deaths caused by overdose per county. Eager to understand how this new access to drugs online might also be impacting people at a demographic and socioeconomic level, the researchers merged this data with statistics on age, ethnicity and poverty from the U.S. Census Bureau. Additionally, the authors compiled information about income and unemployment, crime and arrests from the Bureau of Labor Statistics and the FBI respectively. What they found was stunning. Not only is there a marked increase in drug-related treatments (14.9 percent), violations (5.7 percent) and deaths (6.0 percent) wherever Craigslist becomes operational in a city or county; the momentum of increasing drug abuse also continues to grow over time in that area. And that’s not all. Economic disadvantages—poverty, unemployment and lower standards of education—are typically associated with a higher risk of substance abuse. But the findings suggest that in fact it’s the wealthier, higher-educated groups—especially among whites, Asians, and women—that are more likely than others to engage in drug abuse once Craigslist starts operating in an area. In fact, they conclusively found an uptick in this kind of behavior where crime and drug abuse had been less prevalent previously. In other words, where drugs are becoming readily available online, there is a dramatic increase in new and first-time users. If you are interested in learning more or if you are a journalist looking to cover this research – then let our experts help. Professor Anandhi Bharadwaj is the Vice Dean for Faculty and Research and the Goizueta Endowed Chair in Electronic Commerce and Professor of Information Systems, Operations Management. To arrange an interview with – simply click on her icon today.

U.S.-Iran Crisis: Outlook and Implications

Executive Summary: The immediate crisis following the death of Iranian general Qassem Soleimani in a U.S. airstrike and Iran’s retaliatory missile strikes against two U.S. airbases appears to have settled down. However, the conditions for a future flare-up remain in place because the underlying conditions have not changed. Going forward, each side is likely to double down on its stated strategic objective, with Iran pushing for an end to U.S. presence in the region and the U.S. pushing for an end to the Iranian nuclear program. Further, the norms that had previously prevented an open exchange of fire between the two sides have been eroded. Why It Matters: The events of January 3rd and 8th represent the first time since the skirmishes of the “Tanker Wars” of 1987-88 that the military forces of the United States and Iran have directly and openly exchanged fire with each other. For the last three decades, the contest between the two states has been a shadow war of proxy conflicts, plausible deniability, and non-military measures. The American decision to strike Soleimani and the Iranian decision to fire missiles in response removed many of the guardrails that have set limits on previous escalations of tensions. The Iranian decision to renounce cooperation with the 2015 nuclear agreement places back into contention an issue that had previously brought the U.S. and Israel to the point of war with Iran in 2012-13. Business Impact: Markets have been largely taking a wait-and-see approach in order to determine the form of Iranian response to Soleimani’s death, and they responded with relief when President Trump signaled that the U.S. would not retaliate. To an extent, uncertainty in the Middle East had already been priced into the markets due to tensions in the second half of 2019. A significant or prolonged conflict would have an obvious negative impact on energy markets and regional economies. In addition, American and Western companies operating internationally or their employees could suffer collateral damage from any future Iranian proxy attacks against visible symbols of U.S. presence overseas. Looking Forward: In the immediate term, the resolution of the crisis represented one of the best possible outcomes: Iran has publicly signaled that the missile launches conducted on January 8th constituted the extent of their military retaliation to Soleimani’s death and President Trump’s White House address acknowledged Iran’s desire to de-escalate and spoke of finding mutually beneficial outcomes with no further mention of military action. Going forward, both Iran and the United States are likely to double down on their desired strategic outcomes. Iran will seek to use all of the levers of its influence to drive the United States from the region, beginning with Iraq but also including indirect pressure on the Gulf states that host U.S. forces. Offensive cyber operations and deniable proxy attacks against civilian infrastructure in the Gulf could be part of that campaign, returning to tactics observed in the past. For its part, the United States will continue its maximum pressure campaign over the Iranian nuclear program, with President Trump promising additional economic sanctions even as he stepped back from military action. Therefore, although both sides appear to be committed to non-military means, the points of tension that caused the most recent crisis are all still present and have arguably increased based on Iran’s increased non-compliance with JCPOA. It remains to be seen whether coming close to the brink of open conflict will have changed the risk tolerance of either side or whether the first acknowledged exchange of fires between the U.S. and Iran for 32 years will usher in a new period of low-level conflict. The View from Tehran: Iran has played Soleimani’s death for maximum strategic benefit. The messaging of the past 96 hours was aimed at various audiences within the country, the region, and around the world. Having been caught on the backfoot by the U.S.’s strike on Soleimani, the Supreme Leader allowed the IRGC to retaliate against U.S. forces in Iraq in a calibrated manner, likely calculating that a strike with limited casualties would satisfy demands for vengeance while not prompting a response. Khamenei’s Decision: Ayatollah Khamenei is an inherently conservative figure and one who is above all else motivated by the priority of regime survival. Given their long-standing personal relationship, there is ample reason to believe that his displays of emotion of Soleimani’s death, including weeping over his coffin during the funeral on January 6th, were genuine and heart-felt. However, his expressed desire for revenge has been tempered by the overarching imperative to avoid a conflict that would have threatened the regime’s hold on power, either from within or without. Rally Around the Flag: Within Iran, the regime is seeking to use Soleimani’s death and their subsequent retaliation to build national unity following a period of significant domestic unrest. This has been emphasized by the extended period of mourning for Soleimani, days-long funeral spectacle, and the invocation of religious and cultural symbols associated with Shi’a martyrs. The death of Soleimani comes on the heels of a series of mass protests in Iran that originally began on November 15th in response to proposed increase in the price of gas, but which have since expanded to a wider challenge to the regime. Media reporting from late December suggested as many as 1,500 Iranian civilians have been killed as part of a regime crackdown on the protests, which have been characterized as the most serious challenge to the regime since the Green Movement of 2009. JCPOA as a Wedge Between U.S. and Europe: Iran announced on January 5th that it would cease compliance with the remaining provisions of the 2015 Joint Comprehensive Plan of Action but would be willing to return to compliance if sanctions are removed. The nuance in Iran’s position highlights the fact that it is continuing to attempt to use the nuclear issue to drive a wedge between European signatories to the agreement and the United States, which unilaterally walked away from the treaty in May 2018. Regime Dynamics: Soleimani was a high-profile figure within Iran, but his outsized influence on Iranian foreign policy also created friction with other stakeholders in the regime, including leaders of the conventional military forces, the ministry of foreign affairs, and the intelligence services. He was one of few genuinely strategic thinkers in the Iranian national security apparatus and the one with the most extensive and deepest connections within the Arab-speaking world. His replacement as commander of the Quds Force is his long-time deputy who will be familiar with the day-to-day operations of the IRGC’s external operations arm but will not have the stature or the network of Soleimani. As a result, other stakeholders may jockey to move into the vacuum created by his death. The View from Washington: The present challenge for the U.S. is how to maintain both a deterrent posture and establishing the means to avoid further escalation. The policy on Iraq going forward will have to balance President Trump’s desire to disengage from the conflict while not creating the appearance of having been pushed out by Iran. Escalate to Deter: President Trump’s decision to kill Soleimani reflected an “escalate to deter” strategy, using a sudden and unexpected escalation of force during a crisis in order to reestablish deterrence after previous provocations in 2019 had gone largely unanswered. However, deterrence is only as good as the last demonstration of a willingness to respond. The decision to not respond to Iran’s retaliatory missile strikes reflected a pragmatic decision to de-escalate. National Security Decision-Making: Nearly three years into his presidency, Donald Trump feels increasingly confident making national security decisions based on his own instincts. The original coterie of experienced national security establishment members such as Jim Mattis and H.R. McMaster who had populated the Situation Room during the early days of the administration have largely resigned or been fired and replaced with individuals of lower profile and/or proven loyalty. Although the mechanisms of the formal interagency process continue to function, President Trump increasingly makes decisions based on a network of informal advisors and media sources. Domestic U.S. Considerations: The decision to launch the strike on Soleimani came during a period of high political tension in Washington, as it had been expected this month that the U.S. Senate would begin a trial in response to articles of impeachment passed by the House of Representatives in December. The Soleimani strike is being taken up by both Trump’s supporters and opponents as evidence of either his credentials as a decisive commander-in-chief or his unsuitability for office, depending on their perspective. Congress has proposed votes to limit President Trump’s independent authority to initiate hostilities with Iran, but this is unlikely to gain traction in the Senate. Separately, the first voting in the Democratic primary is less than one month away, and a sudden shift in focus to national security issues could have results that are difficult to predict, either boosting those with national security credentials (such as former vice president Joe Biden and military veteran Pete Buttigieg), or rallying support among primary voters for anti-war (such as Bernie Sanders). Third-Party Perspectives and Responses: Iraq: The strike at Baghdad International Airport that killed Soleimani also killed the deputy commander of Iraq’s Popular Mobilization Front, a coalition of militias that forms a part of Iraq’s official security apparatus. Iraq’s new Prime Minister Adel Abdul Mahdi has condemned the attack as a “massive breach of sovereignty” and an “aggression on Iraq”. Iraq’s parliament passed a draft law on January 5th calling for the removal of all foreign troops from Iraqi soil, but the law was non-binding and the session had been boycotted by most of the Sunni and Kurdish members of the legislature. Iranian presence has also been the recent target of Iraqi ire, such as in November when a crowd of Iraqis burned down the Iranian consulate in the Shi’a holy city of Najaf, and the Iraqi government will likely try to play both sides against each other to maximize its leverage for military and financial support. Withdrawal from Iraq would mean that the remaining American forces in Syria could no longer be supplied or supported through the western desert of Iraq and would therefore also have to be withdrawn. Iran will likely seek to use all its considerable levers of influence in Iraq to convince the government to see through the expulsion of American forces. The United States leaving Iraq and Syria due to Soleimani’s death would be a fitting legacy from the Iranian perspective and a perverse one from the American perspective given that Soleimani was responsible for the deaths of hundreds of American servicemembers in Iraq (and thousands of Iraqi civilians) through his support for Shi’a militias in the mid-to-late 2000s. Europe: Statements from European capitals emphasized the need for restraint and de-escalation. French President Macron is likely to view this event as further justification for his proposals that the EU develop a defense and security apparatus independent of NATO in order to avoid being entangled by potentially reckless American actions. Iran will likely continue to use this event as an opportunity to drive a wedge between the U.S. and Europe on the nuclear program and other issues, and their chosen retaliation was likely calibrated at least in part to allow them to continue positioning themselves as a responsible actor. For his part, Trump is urging the European signatories to join him in walking away from the JCPOA in order to increase Iran’s international isolation. United Kingdom: The British government has tried to tread a fine line in its responses to the strike, with Prime Minister Johnson calling for de-escalation while also stating that he “will not lament” the fact that Soleimani is dead. The U.K. is likely trying to balance its desire to remain aligned with France and Germany in trying to keep the JCPOA together with its traditional close alliance with the United States and Johnson’s personal relationship with President Trump. Russia: Unsurprisingly, Russian President Vladimir Putin condemned the American strike, which removed a valuable interlocutor for Russian forces in Syria. Russian troops and Iranian-backed militias in Syria had periodically found themselves with diverging interests in their campaign to support the Assad regime, and Soleimani performed a critical function in directing the activities of those militias to ensure that both Russia and Iran achieved their strategic objectives in Syria. A potential American withdrawal from Iraq and Syria would advance Russia’s interest in establishing itself as the indispensable foreign power in resolving the crisis in Syria and within the region more broadly. China: In line with their long-standing principle of non-intervention and their own interest, China condemned the strike, but the response was muted overall. Chinese interests are primarily economic and tied to ensuring a steady supply of petroleum. One of China’s newest and most capable naval destroyers recently participated in trilateral naval exercises with Iran and Russia in the Gulf of Oman. Although such exercises primarily serve a strategic messaging and diplomatic function, they do signal an emerging alignment of interests between the three states that would be significant for the response to any future crises.

Governing for Resilience

COVID-19 has raised the stakes for boards, argues Brunswick’s Paddy McGuinness, former UK Deputy National Security Adviser. We now live with COVID-19. Fewer business leaders are making the mistake of talking about “post-COVID” or “when this is over.” The better of them have factored in COVID-19 related constraints to their medium-term plans and are even thinking about how the world may change in the long-term. They are building capacity to take advantage of an early recovery within months, yet they are modeling and encouraging grit for current and indeed harder conditions to last much longer. In the past, when health emergencies—say the Spanish Flu pandemic of a century ago—subsided, there was a greater return to economic normality than had been expected during the crisis. Extreme events often heighten or even distort our perception of wider risks. That old journalistic cliché “one thing is certain, nothing will be the same again” is rarely true. But the pandemic has created the expectation that businesses will be resilient—that they will be able to respond to an event and recover to the state prior to the event, incorporating the lessons learned into business practice. Many business leaders feel they have not done too badly responding to a once-in-a-hundred-years event. Business Continuity Plans (BCPs), which were understandably sketchy for pandemics, were pulled out of second-line risk management and owned and improved in real-time by executive committees. The transition to remote working and, at least in Asia and some of Europe, the gradual return to offices again, has been managed. Services and even vital production have been maintained. Leaders have absorbed the personal and collective strain of this. Good reason then for some satisfaction as they delegate certain COVID-19 responses and focus on the economic tsunami that follows the pandemic. The public seems to largely agree with business leaders’ assessments. While many national and scientific leaders find themselves beset by “blamestorming,” corporate executives have been given more slack. They weren’t expected to have foreseen a pandemic. Their sometimes scrabbling responses are understood. However, behind this lucky pass lurks an expectation that businesses will now be more prepared for crises and foreseeable risks. Resilience cannot be relegated to BCPs and traditional risk-management structures. It is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Think how fast leaders have been expected to respond to the issues raised by the Black Lives Matter movement. Alacrity will be required. The speed and scale of decisions in response to the pandemic leaves board committees playing catch up to assure themselves that risks have been managed. The move to working from home has been rapid, so too the digitization of the business. Some see these as new, streamlined ways of working, yet the negative consequences are not yet fully apparent. Working from home, for instance, is attractive to some employees as well as chief financial officers, who may relish the chance to reduce fixed costs. Concerns about the impact on the coherence of the business’s culture, its productivity and innovation, the security of data held at home, hardships for those in difficult home conditions, and, indeed, the needs of the younger demographic who seem to favor a return to the office, need to be given due consideration. It may be a case of “decide in haste, repent at leisure.” Resilience is categorically a board issue—regulators, lawyers, politicians and the public say so. The reputations of individual board members and the collective are at stake. Boards also need assurance that the business has regained its balance and can manage parallel or interrelated crises. In recent weeks we have been helping several clients respond to major cyber events unrelated to the COVID-19 outbreak. They have probably needed more external support than otherwise because their leadership capacity was inevitably denuded by pandemic response. And they have benefitted from us already knowing each other and having experience of how to work together in crisis. After the Great Financial Crash there was a heavy focus on balance-sheet resilience and having the requisite finance skills on boards. Business leaders are now beset by advice on the heightened obligation to be resilient in much a broader sense of the word. Regulators, lawyers and risk consultants are sharing checklists of factors for executive committees to take into account when managing risks and for boards to oversee. The challenge here is defining what changes your specific business needs and how to actually bring those about. Shareholders will be expecting a judicious move away from “just in time” systems to ones that can endure foreseeable risks. This isn’t just about potential legal liability or reputational risk. This is about setting your business culture for success. Undermanage risks and the business is wide open to damage from foreseeable shocks with all the loss of confidence and capability that follows. Overmanage and the business losses its competitive edge just when there is opportunity in the recovery. In order to track broader resilience, boards and their committees will need access to a wider set of skills and insight. Board membership emerges as an obvious area of focus. Yet each board will take more time and belonging to too many—“over boarding”—may well be unacceptable. Risk methodology and information flows will also have to be reviewed, alongside how to strengthen board members’ awareness and skills. Before the pandemic, chairs and CEOs were already wrestling with this for their difficult-to-price risks, such as data, technology risks and cyber. Individual experts on boards created siloed responsibility for what should have been a shared risk. A focus on process and method often led to a focus on the management, rather than genuine oversight of, risks. External advice didn’t always help (as we have learned from the plethora of competing advice around COVID-19). No single intervention will meet the new standard for resilience. Nor will simple prescription. A broader and more articulated approach is required if governance is to maintain stakeholder confidence and corporate reputation.

Hackers Exploit the Pandemic

Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. Within weeks of the COVID-19 outbreak, hackers have already commandeered the virus to unleash cyberattacks, sending emails purporting to provide coronavirus guidance laced with cyberattack software. In one more alarming case, they appear to have attacked a hospital and forced it to cancel operations and take key systems offline. As the outbreak continues to intensify, the UK National Cyber Security Centre (NCSC) warned that the volume of these attacks will likely increase, pointing to the increased registration of coronavirus-related webpages. Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. As companies move to protect the health of their workforce, it’s also important to protect the systems they’re using to run their businesses. It’s especially important for hospitals to shore-up their cyber defenses. If they don’t, just as they are racing to respond to COVID-19, they could face situations like University Hospital Brno in the Czech Republic, which earlier this month was forced to divert patients and cancel planned operations while it worked to address an attack. The most likely cyber threats are email “phishing” campaigns that use the coronavirus as a lure to get the recipient to open an attachment that contains malware. According to the NCSC, such “phishing” attempts are happening on a global scale in multiple countries, which has led to both a theft of money and sensitive data. Similarly, known hacker groups have been launching websites purporting to sell masks or other safety-related measures for coronavirus, possibly to use them as another vector for cyberattacks. The NCSC has also cautioned that these attacks are “versatile and can be conducted through various media, adapted to different sectors and monetized via multiple means, including ransomware, credential theft, bitcoin or fraud.” The cybersecurity firm ProofPoint has seen a rise in these cyberattack emails with COVID-19 themes since January. Both ProofPoint and IBM’s X-Force cybersecurity unit identified a campaign that targeted users in Japan with an email masquerading as a coronavirus information email that carries with it a potent type of cybercrime software. In the US, the Secret Service recently warned of scams from online criminals posing as sellers of high-demand medical supplies to prevent coronavirus. They’ll require payment upfront and not send the products. Cyber criminals have also been posing as the World Health Organization and the US Centers for Disease Control and Prevention (CDC), sending fraudulent emails from the former and “creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a vaccine” for the latter. In addition to the use of the coronavirus as a cyberattack vector, the growing need for working remotely to mitigate the spread of COVID-19 has increased companies’ exposure to cyber threats. The increase in remote work creates more opportunities for hackers to make inroads from less secure locations. Companies should also ensure they can provide adequate security when their whole workforce is remote. They should quickly work through the security implications of workers choosing to switch to insecure personal devices. With national-level pressures on home broadband, staff will also resort to mobile hotspots, which are often less secure. And enabling remote connectivity at scale, with the right security configurations, can be a challenge even with months of preparation time. A recent US Department of Homeland Security COVID-19 cybersecurity notice pointed to the importance of making sure that security measures are up to date for companies’ remote access systems. Additional measures to consider include enabling multifactor authentication—which can require two or more steps to verify a user’s identity before granting access to corporate networks. The NCSC is also working to identify malicious sites responsible for phishing and cyberattack software. A final looming cyberthreat related to Covid-19 is disinformation. The World Health Organization and other agencies have for months been combatting disinformation campaigns spreading false information about the origins of and treatments for COVID-19—reports that seed more confusion and increase risks to society. All of that means that computer virus risks are emerging as the biological virus spreads—and both are a threat to business. Cyber risk mitigation efforts should account for the different ways that a company can be affected, including impacts on the technical, operational, legal and reputational aspects of a business. Often, the reputational effects of a cyberattack are more significant than direct the business or technical impact. To mitigate all of the potential impacts of cyberattacks taking advantage of the Covid-19 outbreak, companies should: Review and update crisis and cybersecurity response plans, and ensure internal and external communications response plans are robust. Confirm that members of the crisis management team understand their roles and responsibilities. Make sure all communications channels have the latest security patches. Review and update access controls, particularly when remote access is used heavily, to make sure that only those who require access to sensitive systems to do their jobs have it. Take extra care when handling medical information. For companies managing employees who have contracted Covid-19, it’s important that personal health information is handled with strong security measures, including encryption. Educate employees about the cyber risks that may attempt to capitalize on fear of the Covid-19 virus—whether it be phishing email or disinformation. Covid-19 poses a number of short- and long-term challenges to business resilience, and the virus’s trajectory is quick and unpredictable. But it’s possible to anticipate and mitigate a number of the cyber threats that will try to ride the virus’s coattails. The companies that do will be more resilient and better positioned to withstand the direct health and operational effects of the virus.

Is a reckoning coming to Washington's once most invincible politicians?

With all eyes on next Tuesday, America could be seeing a serious change in the make-up of the Senate and House of Representatives. With a divided country and an electorate on edge and looking for change, the usual gift of incumbency and re-election is now a far from guaranteed blessing for those Washington veterans for whom re-election is usually a given. According to NBC, there are more than a handful of high-profile and once thought to be invincible politicians on the ropes. But can popular politicians sustain the thirst for change when voters cast their ballots? Susan Collins, John Cornyn, Lindsey Graham and even Mitch McConnell may be looking for work in 2021. It’s a fascinating angle to what has been a truly unique time in American politics. And if you are a journalist covering the election and the balance of power in Congress, then let our experts help. Dr. Stephen Farnsworth is a sought-after political commentator on subjects ranging from presidential politics to the local Virginia congressional races. He has been widely featured in national media, including The Washington Post, Reuters, The Chicago Tribune and MSNBC. Dr. Rosalyn Cooperman, associate professor of political science at the University of Mary Washington and member of Gender Watch 2018, is an expert on women in politics. Both experts are available to speak to media – simply click on either icon to arrange an interview.

Upstream or downstream thinking? What’s the best way for suppliers to go mainstream and reach the most customers?

You might have heard of the beer distribution game. The idea is that a group of participants enact a four-stage supply chain scenario. Some take on the role of those at the point of origin in the supply chain – the upstream agents: manufacturers and distributors. Others role-play the downstream agents at the other end of the chain – the distributors and end-customers: in this case, let’s say the bar owners and beer drinkers. The goal is simple. All you have to do is produce, deliver and sell the beer to your customers, while keeping your costs on back orders and inventory to a minimum. This should be easy enough, in theory. The basic rules of economics suggest that customer demand dictates supply. In practice, however, things can get a little skewed. And this disconnect can happen fast. For a start, players have limited information. They can only see what’s in front of them – bits of paper with order numbers. And as they start to share this information with each other, all kinds of coordination issues arise. Things start to go wrong. Customer demand for X or Y kegs of beer is imperfectly relayed to the bar owner retailer, who in turn passes it on the other players upstream, but makes mistakes in doing so. The result is a kind of Chinese Whispers where confusion reigns, poor decisions are made about stock, too much or too little beer is manufactured or supplied. You end up with increased costs in the supply chain, and, not to mention thirsty beer drinkers. The beer game is just that – a game. But it represents a problem that is all too familiar to suppliers in most industries and sectors. It’s called the Bullwhip effect, and it’s a conundrum. “The Bullwhip effect is a real challenge for suppliers in every industry,” said Nikolay Osadchiy, associate professor of Information Systems & Operations Management at Goizueta Business School. “Because demand information gets distorted along the chain, suppliers can see a lot of volatility at their end which can translate into more inventory and drives up costs. It’s a really pressing issue that needs to be addressed.” Osadchiy and his colleagues Bill Schmidt from Cornell University and Jing Wu from the Chinese University of Hong Kong got to work researching the idea. First, they modeled a supply network based on 15 years of data from publicly traded companies across the globe. Second, they determined the ‘upstreamness’ that different firms had – or the positions they occupy – within that network. And third, they examined the demand distortion within each firm and measured demand variability across the different layers of the network to determine how they affect each other. The results of their work were all captured in the article attached below – the information was quite compelling and will greatly assist businesses as they plan their way through and after a globe-shifting event like COVID-19. It’s interesting material for sure – and if you are a journalist looking to know more about supply chains and how businesses will need to adapt in order to survive post-pandemic, then let our experts help with your questions and coverage. Nikolay Osadchiy is an Associate Professor of Information Systems & Operations Management at Emory University's Goizueta Business School. He is an acclaimed expert in the areas of supply chain management and how supply networks affect risk and operational performance. Nikolay is available to speak with media regarding this topic – simply click on his icon to arrange an interview today.

Is sitting safely in the middle – the best place for small business owners to be in times of protest and political quarry?

As the persistent turmoil of protests grips America on an almost daily basis, people are becoming more aware of issues, getting engaged and taking sides. Be it around the dinner table debating, marching in the streets or even arguing on a national news panel – topics like Black Lives Matter, masks during COVID, the upcoming election or a host of other hot-topic issues are all part of the American conversation these days. It’s easy and even healthy for people to debate the issues – but for a business to pick a side on a controversial topic, it’s a much different picture. One recent example was Nike’s support of NFL quarterback Colin Kaepernick. However, Nike also had the resources to bolster their support. They had a multi-million-dollar ad budget, a public relations machine generating hours of earned media – and the company was, for the most part playing to its core audience. Though there was push-back, Nike was rewarded with increased sales and its stock surged. For almost a decade now, Chick-fil-A has also boldly taken a stance with its opinion on gay marriage. The restaurant chain has faced mountains of negative press and protests, but the fast-food giant’s bottom lined never suffered. It still sees sales over 10 billion a year. For Nike and Chik-Fil-A and their deep pockets to wade into the fray with an opinion – it’s one thing, but for a small business to share how it feels, there’s a matter of weighing risk versus reward no matter how important the topic might be. “It may well be that it’s harder for entrepreneurs to create a viable business model for their venture in a more polarized context, says Giacomo Negro, a Professor of Organization & Management at Emory University’s Goizueta Business School. “If your business is more hybrid—if you’re supportive of a cause without being overtly affiliated with it—then it could be harder to engage other customers or clients who are uncomfortable doing business with a firm that is even vaguely linked to a specific social group or movement. Similarly, the core supporters of the cause can look at the same organization as not authentically engaged with them.” His findings certainly suggest that existing in a “gray zone,” where you take neither one side or the other, is a hard place for organizations to thrive in times of social change. “If protest activates the cultural boundary surrounding a group’s identity, then increasing protest participation will threaten the viability of precisely those organizations trying to engage inside and outside audiences,” Negro said. “At the same time, bridging inside and outside audiences also conveys a confusing identity and a more limited commitment to pursuing goals relevant to either audience.” With a global pandemic impacting all aspects of national and local economies – small businesses are under pressure to sustain and survive like never before. And if you are a journalist looking to cover the state of small businesses in America and whether or not small business has a role to play in protests and politics in America – then let our experts help with your coverage. Giacomo Negro is a Professor of Organization & Management at Emory University’s Goizueta Business School and is an expert in the area of economic sociology. His resent research study research study, “Which Side Are You On? The Divergent Effects of Protest Participation on Organizations Affiliated with Identity Groups’ focuses on this very subject. Professor Negro is available to speak with media about this topic – simply click on his icon to arrange an interview today.

Paper ballots, risk-limiting audits can help defend elections and democracy, IU study finds

BLOOMINGTON, Ind. -- With just over two months before the 2020 election, three professors at the Indiana University Kelley School of Business offer a comprehensive review of how other nations are seeking to protect their democratic institutions and presents how a multifaceted, targeted approach is needed to achieve that goal in the U.S., where intelligence officials have warned that Russia and other rivals are again attempting to undermine our democracy. But these concerns over election security are not isolated to the United States and extend far beyond safeguarding insecure voting machines and questions about voting by mail. Based on an analysis of election reforms by Australia and European Union nations, they outline steps to address election infrastructure security -- such as requiring paper ballots and risk-limiting audits -- as well as deeper structural interventions to limit the spread of misinformation and combat digital repression. "In the United States, despite post-2016 funding, still more than two-thirds of U.S. counties report insufficient funding to replace outdated, vulnerable paperless voting machines; further help is needed," said Scott Shackelford, associate professor of business law and ethics in the Kelley School, executive director of the Ostrom Workshop and chair of IU's Cybersecurity Program. "No nation, however powerful, or tech firm, regardless of its ambitions, is able to safeguard democracies against the full range of threats they face in 2020 and beyond. Only a multifaceted, polycentric approach that makes necessary changes up and down the stack will be up to the task." For example, Australia -- which has faced threats from China -- has taken a distinct approach to protect its democratic institutions, including reclassifying its political parties as "critical infrastructure." This is a step that the U.S. government has yet to take despite repeated breaches at both the Democratic and Republican national committees. Based on an analysis of election reforms by Australia and European Union nations, they outline steps to address election infrastructure security -- such as requiring paper ballots and risk-limiting audits -- as well as deeper structural interventions to limit the spread of misinformation and combat digital repression. "In the United States, despite post-2016 funding, still more than two-thirds of U.S. counties report insufficient funding to replace outdated, vulnerable paperless voting machines; further help is needed," said Scott Shackelford, associate professor of business law and ethics in the Kelley School, executive director of the Ostrom Workshop and chair of IU's Cybersecurity Program. "No nation, however powerful, or tech firm, regardless of its ambitions, is able to safeguard democracies against the full range of threats they face in 2020 and beyond. Only a multifaceted, polycentric approach that makes necessary changes up and down the stack will be up to the task." For example, Australia -- which has faced threats from China -- has taken a distinct approach to protect its democratic institutions, including reclassifying its political parties as "critical infrastructure." This is a step that the U.S. government has yet to take despite repeated breaches at both the Democratic and Republican national committees. The article, "Defending Democracy: Taking Stock of the Global Fight Against Digital Repression, Disinformation and Election Insecurity," has been accepted by Washington and Lee Law Review. Other authors are Anjanette "Angie" Raymond, associate professor of business law and ethics, and Abbey Stemler, assistant professor of business law and ethics, both at Kelley; and Cyanne Loyle, associate professor of political science at Pennsylvania State University and a global fellow at the Peace Research Institute Oslo. Aside from appropriating sufficient funds to replace outdated voting machines and tabulation systems, the researchers said that Congress should encourage states to refuse to fund voting machines with paperless ballots. The researchers also suggest requiring risk-limiting audits, which use statistical samples of paper ballots to verify official election results. Other suggested steps include: Congress requiring the National Institute of Standards and Technology to update their voting machine standards, which state and county election officials rely on when deciding which machines to purchase. Australia undertook such a measure. Creating a National Cybersecurity Safety Board to investigate cyberattacks on U.S. election infrastructure and issue post-elections reports to ensure that vulnerabilities are addressed. Working with universities to develop training for election officials nationwide to prepare them for an array of possible scenarios, and creating a cybersecurity guidebook for use by newly elected and appointed election officials. "With regards to disinformation in particular, the U.S. government could work with the EU to globalize the self-regulatory Code of Practice on Disinformation for social media firms and thus avoiding thorny First Amendment concerns," Raymond said. "It could also work to create new forums for international information sharing and more effective rapid alert and joint sanctions regimes. "The international community has the tools to act and hold accountable those actors that would threaten democratic institutions," added Stemler, who also is a faculty associate at Harvard University's Berkman Klein Center for Internet and Society. "Failing the political will to act, pressure from consumer groups and civil society will continue to mount on tech firms, in particular Facebook, which may be sufficient for them to voluntarily expand their efforts in the EU globally, the same way that more firms are beginning to comply with its General Data Protection Regulation globally, as opposed to designing new information systems for each jurisdiction."

MEDIA RELEASE: Drivers asked to stay alert and slow down as students prepare to return to school

COVID-19 has changed the way we do many things and, the return to school is no different. This year, children are being encouraged to walk and bike to school to support social distancing. In some parts of Ontario, the start of school is even being staggered, and some children may be doing a combination of in-person and distance learning. In addition, many children will be using masks that may obstruct their line of sight. For these reasons, CAA South Central Ontario (CAA SCO) is reminding everyone to take extra caution this year while travelling through school zones. “As students prepare to reunite with friends and classmates after a six-month hiatus, many might forget to take the extra precautions needed to stay safe. This means there is an even bigger responsibility to watch for children travelling to and from school,” says Raymond Chan, manager of government relations for CAA SCO. Keeping our kids and neighbourhoods safe is a shared responsibility. That’s why this year, we are providing FREE “Slow Down Please” lawn signs to anyone living in South Central Ontario. When well-placed, these signs aim to make roads safer for children and those living in the community. Remember to check local bylaws before installing signs on private property. Anyone can pick up a maximum of two signs at any CAA Store, while quantities last. Drivers can also use the following CAA tips to ensure they are staying safe in school zones. Make eye contact with children: With the excitement of back to school, anticipate that children may not easily see or hear your moving vehicle. Make eye contact with passing pedestrians and cyclists. Reduce traffic by walking: Incorporate a short walk into your commute to school. CAA encourages parents to park a block away and walk to school, if possible, to reduce congestion and make school zones safer. Slow down: Know the speed limit in your neighbourhood’s school zones and respect them. Watch for more school buses: Always stop for the buses’ flashing lights and wait for children to get safely on or off. Stay alert and watch for children or parents crossing the road when the bus moves on. Choose a safe spot to drop off and pick up your children from school: Follow your school’s rules and don’t park illegally, it can put your child’s safety at risk. Instead, use the designated drop off areas or consider a spot a bit farther away from school that is easily accessible and safe. The above tips are crucial in maintaining a safe school zone. According to a CAA poll, nearly 25 per cent of drivers reported witnessing a near miss or collision in a school zone, more than half of which involved a child. The poll also revealed 70 per cent of Canadians said they have witnessed someone speeding in a school zone. CAA also supports safety in school zones through the CAA School Safety Patrol program. CAA designed this program to protect, educate, and empower elementary school children on safe road-crossing practices. Our Ontario Road Safety Resource is a toolkit for teachers to educate Ontario youth about road safety.