Experts Matter. Find Yours.

Heads up CFOs: The capital asset pricing model still rules

Firms invest in various things: bonds, stocks or other assets—new stores, new premises or even other firms. And they do so to earn maximum value from available cash that would otherwise be idle. For example, for the last five years Walmart generated an annual cash flow of more than $25 billion from its operations. The retailer has the option to channel this cash into opening new stores, ultimately growing its business and profits. Alternatively, Walmart can pay the cash out to its shareholders in the form of dividends, or through share repurchases. So far, it’s been productive. However, this win-win scenario is contingent on successfully navigating a number of complexities. Primary among these is that to invest optimally, you first need to determine the correct hurdle rate for that investment. Hurdle rates are the minimum rates of return that firms seek on their investments. The hurdle rate is the appropriate compensation commensurate with the investments’ risk. Therefore, the higher the risk, the higher the hurdle rate needs to be. For instance, a hurdle rate of 10% means that for every $100 invested, you would expect to earn an average of $10 average per year. But it’s tricky. You have to calculate the right hurdle rate that would add the most value for your shareholders—the optimal rate of return for you and your business. Too high and there’s risk of missing out on a good investment. If your right hurdle rate is 10%, but you mistakenly opt for 15%, you’re likely to ignore any investment that is projected to earn you less than 15%, but more than 10% is likely to be missed. As a result, you’ll end up leaving money on the table. Too low a hurdle rate and you’re in danger of burning money. Again, supposing your hurdle rate should be 10%, but you set it at 5%, you’re likely to end up investing in things with a suboptimal return. In the end, you’re wasting your cash on low value investments when you could be paying it directly to your shareholders in dividends and giving them the chance to earn 10% return on their own. For the last 50 years, the financial world has built models to calculate hurdle rates and rates of return. But which one works best? Shedding critical new light on this is a recently published paper by Narasimhan Jegadeesh, Dean’s Distinguished Chair of Finance at Goizueta, entitled “Empirical tests of asset pricing models with individual assets.” Jegadeesh and his co-authors developed new statistical methods to differentiate among a raft of new models that have been developed in recent years and to compare their efficacy to that of the Capital Asset Pricing Model (CAPM), a model introduced in the 1960s. What they found is that none of the newer models work any better than the CAPM in determining the appropriate hurdle rate or rate of return of an asset. That paper is attached and is required reading for CFOs and anyone interested in the Capital Asset Pricing Model. If you are looking to know more, or if you are a journalist interested in covering this important aspect of business and investing – then let our experts help. Narasimhan Jegadeesh is Dean’s Distinguished Chair of Finance at Goizueta. He is a renowned expert in this field and has been published extensively in the Journal of Finance, the Journal of Financial Economics, the Review of Financial Studies and other leading academic finance journals. His research has been discussed in several publications including Businessweek, The Economist, Forbes, Kiplinger's Personal Investments, Money, New York Times, and Smart Money.

Exploring the direct link between drug abuse and the internet

Drug overdoses account for a staggering number of deaths in the United States. In 2017 alone, more than 70,000 U.S. citizens died from opioid overdoses, a number that eclipses the death toll due to traffic accidents, gun violence, or HIV in the same year. Among the academic community, media and national organizations such as the Drug Enforcement Agency (DEA) and the Food and Drug Administration (FDA), there is a growing consensus that the internet plays a key role in enabling access to illicit drugs in America. As far back as 2005, the DEA referred to the internet as an “open medicine cabinet; a help-yourself pill bazaar to help you feel good.” But until now, the jury has been out about whether online platforms actually drive substance abuse among internet users. Research by Anandhi Bharadwaj, vice dean for faculty and research and Roberto C. Goizueta Endowed Chair in Electronic Commerce, along with doctoral candidate Jiayi Liu 22PhD, casts compelling new light on this issue. Their paper, Drug Abuse and the Internet: Evidence from Craigslist, was published in March 2020. By using data from Craigslist, one of the largest online platforms for classified advertisements, the researchers found a significant uptick in drug abuse in areas where Craigslist had become active in the last decade or so. Launched in San Francisco in 1995, Craigslist is a location-specific site that has been spreading to different U.S. cities in a staggered fashion since 2000. As the site has grown, so too have the number of illicit, user behaviors that exist in tandem with the many positive services it offers. Among these are prostitution and the sale of controlled or illicit drugs. The internet: a pipeline for narcotics Historically the sale and purchase of illegal drugs has happened in physical spaces—streets and urban areas prone to certain boundaries and limitations, not to mention the risk of arrest or potential violence. The internet has changed the game in two key ways. First, there is the simple mechanism of buyer-seller matching. Dealers and buyers transact online, which is more straightforward, faster and cuts through many of the risks associated with physical interaction. Simply put, it’s easy to buy drugs online. Second, there is the issue of anonymity. Research has documented how human beings behave differently when we believe our identity is shielded from others. We are prone to take more risks under the cloak of anonymity. Working off these two premises, Bharadwaj and Liu hypothesized that the internet not only facilitates the sale and purchase of drugs—it must also proactively spur supply and demand. To put this to the test, they documented the U.S. cities and counties where Craigslist has become operational since 2000 and then analyzed three other key variables: total number of people admitted into drug treatment facilities in different counties between 1997 and 2008, county-level drug abuse violations, and number of deaths caused by overdose per county. Eager to understand how this new access to drugs online might also be impacting people at a demographic and socioeconomic level, the researchers merged this data with statistics on age, ethnicity and poverty from the U.S. Census Bureau. Additionally, the authors compiled information about income and unemployment, crime and arrests from the Bureau of Labor Statistics and the FBI respectively. What they found was stunning. Not only is there a marked increase in drug-related treatments (14.9 percent), violations (5.7 percent) and deaths (6.0 percent) wherever Craigslist becomes operational in a city or county; the momentum of increasing drug abuse also continues to grow over time in that area. And that’s not all. Economic disadvantages—poverty, unemployment and lower standards of education—are typically associated with a higher risk of substance abuse. But the findings suggest that in fact it’s the wealthier, higher-educated groups—especially among whites, Asians, and women—that are more likely than others to engage in drug abuse once Craigslist starts operating in an area. In fact, they conclusively found an uptick in this kind of behavior where crime and drug abuse had been less prevalent previously. In other words, where drugs are becoming readily available online, there is a dramatic increase in new and first-time users. If you are interested in learning more or if you are a journalist looking to cover this research – then let our experts help. Professor Anandhi Bharadwaj is the Vice Dean for Faculty and Research and the Goizueta Endowed Chair in Electronic Commerce and Professor of Information Systems, Operations Management. To arrange an interview with – simply click on her icon today.

Cybersecurity introduction

This is a business imperative, not a tech issue, says Brunswick’s Cybersecurity and Privacy team Cyber threats are generating some scary statistics: $400 billion a year in losses from attacks, with some larger businesses experiencing more than 12,000 attacks each year. But there is also good news. Companies are recognizing that cybersecurity is not a technology concern but rather a critical business issue and one they are preparing to deal with. To address the significant business and reputational risks involved, companies are using a cross-functional, top-to-bottom approach, one that treats cybersecurity as a business imperative. Many companies are beginning to strengthen their “human firewall,” creating a business culture where every employee sees cybersecurity as their responsibility. People, not software, are often the weakest link in a security system and that is a problem no software patch will solve. Regulation is growing increasingly complex and governments’ expectations differ from those of companies and consumers. The rules are murky and lag far behind the technology – and the threat. To deal with competing and at times conflicting requirements, some companies are moving beyond the minimum demanded of them, and aiming for a higher standard. To be effective, a company’s cybersecurity program needs to weave these threads into its underlying business plan. Cybersecurity is more than just a strong defense, more than compliance. It must be a part of corporate culture. It represents an opportunity to differentiate yourself from your competitors, increase the efficiency of your operations and earn a greater level of trust from customers, shareholders and the community.

U.S.-Iran Crisis: Outlook and Implications

Executive Summary: The immediate crisis following the death of Iranian general Qassem Soleimani in a U.S. airstrike and Iran’s retaliatory missile strikes against two U.S. airbases appears to have settled down. However, the conditions for a future flare-up remain in place because the underlying conditions have not changed. Going forward, each side is likely to double down on its stated strategic objective, with Iran pushing for an end to U.S. presence in the region and the U.S. pushing for an end to the Iranian nuclear program. Further, the norms that had previously prevented an open exchange of fire between the two sides have been eroded. Why It Matters: The events of January 3rd and 8th represent the first time since the skirmishes of the “Tanker Wars” of 1987-88 that the military forces of the United States and Iran have directly and openly exchanged fire with each other. For the last three decades, the contest between the two states has been a shadow war of proxy conflicts, plausible deniability, and non-military measures. The American decision to strike Soleimani and the Iranian decision to fire missiles in response removed many of the guardrails that have set limits on previous escalations of tensions. The Iranian decision to renounce cooperation with the 2015 nuclear agreement places back into contention an issue that had previously brought the U.S. and Israel to the point of war with Iran in 2012-13. Business Impact: Markets have been largely taking a wait-and-see approach in order to determine the form of Iranian response to Soleimani’s death, and they responded with relief when President Trump signaled that the U.S. would not retaliate. To an extent, uncertainty in the Middle East had already been priced into the markets due to tensions in the second half of 2019. A significant or prolonged conflict would have an obvious negative impact on energy markets and regional economies. In addition, American and Western companies operating internationally or their employees could suffer collateral damage from any future Iranian proxy attacks against visible symbols of U.S. presence overseas. Looking Forward: In the immediate term, the resolution of the crisis represented one of the best possible outcomes: Iran has publicly signaled that the missile launches conducted on January 8th constituted the extent of their military retaliation to Soleimani’s death and President Trump’s White House address acknowledged Iran’s desire to de-escalate and spoke of finding mutually beneficial outcomes with no further mention of military action. Going forward, both Iran and the United States are likely to double down on their desired strategic outcomes. Iran will seek to use all of the levers of its influence to drive the United States from the region, beginning with Iraq but also including indirect pressure on the Gulf states that host U.S. forces. Offensive cyber operations and deniable proxy attacks against civilian infrastructure in the Gulf could be part of that campaign, returning to tactics observed in the past. For its part, the United States will continue its maximum pressure campaign over the Iranian nuclear program, with President Trump promising additional economic sanctions even as he stepped back from military action. Therefore, although both sides appear to be committed to non-military means, the points of tension that caused the most recent crisis are all still present and have arguably increased based on Iran’s increased non-compliance with JCPOA. It remains to be seen whether coming close to the brink of open conflict will have changed the risk tolerance of either side or whether the first acknowledged exchange of fires between the U.S. and Iran for 32 years will usher in a new period of low-level conflict. The View from Tehran: Iran has played Soleimani’s death for maximum strategic benefit. The messaging of the past 96 hours was aimed at various audiences within the country, the region, and around the world. Having been caught on the backfoot by the U.S.’s strike on Soleimani, the Supreme Leader allowed the IRGC to retaliate against U.S. forces in Iraq in a calibrated manner, likely calculating that a strike with limited casualties would satisfy demands for vengeance while not prompting a response. Khamenei’s Decision: Ayatollah Khamenei is an inherently conservative figure and one who is above all else motivated by the priority of regime survival. Given their long-standing personal relationship, there is ample reason to believe that his displays of emotion of Soleimani’s death, including weeping over his coffin during the funeral on January 6th, were genuine and heart-felt. However, his expressed desire for revenge has been tempered by the overarching imperative to avoid a conflict that would have threatened the regime’s hold on power, either from within or without. Rally Around the Flag: Within Iran, the regime is seeking to use Soleimani’s death and their subsequent retaliation to build national unity following a period of significant domestic unrest. This has been emphasized by the extended period of mourning for Soleimani, days-long funeral spectacle, and the invocation of religious and cultural symbols associated with Shi’a martyrs. The death of Soleimani comes on the heels of a series of mass protests in Iran that originally began on November 15th in response to proposed increase in the price of gas, but which have since expanded to a wider challenge to the regime. Media reporting from late December suggested as many as 1,500 Iranian civilians have been killed as part of a regime crackdown on the protests, which have been characterized as the most serious challenge to the regime since the Green Movement of 2009. JCPOA as a Wedge Between U.S. and Europe: Iran announced on January 5th that it would cease compliance with the remaining provisions of the 2015 Joint Comprehensive Plan of Action but would be willing to return to compliance if sanctions are removed. The nuance in Iran’s position highlights the fact that it is continuing to attempt to use the nuclear issue to drive a wedge between European signatories to the agreement and the United States, which unilaterally walked away from the treaty in May 2018. Regime Dynamics: Soleimani was a high-profile figure within Iran, but his outsized influence on Iranian foreign policy also created friction with other stakeholders in the regime, including leaders of the conventional military forces, the ministry of foreign affairs, and the intelligence services. He was one of few genuinely strategic thinkers in the Iranian national security apparatus and the one with the most extensive and deepest connections within the Arab-speaking world. His replacement as commander of the Quds Force is his long-time deputy who will be familiar with the day-to-day operations of the IRGC’s external operations arm but will not have the stature or the network of Soleimani. As a result, other stakeholders may jockey to move into the vacuum created by his death. The View from Washington: The present challenge for the U.S. is how to maintain both a deterrent posture and establishing the means to avoid further escalation. The policy on Iraq going forward will have to balance President Trump’s desire to disengage from the conflict while not creating the appearance of having been pushed out by Iran. Escalate to Deter: President Trump’s decision to kill Soleimani reflected an “escalate to deter” strategy, using a sudden and unexpected escalation of force during a crisis in order to reestablish deterrence after previous provocations in 2019 had gone largely unanswered. However, deterrence is only as good as the last demonstration of a willingness to respond. The decision to not respond to Iran’s retaliatory missile strikes reflected a pragmatic decision to de-escalate. National Security Decision-Making: Nearly three years into his presidency, Donald Trump feels increasingly confident making national security decisions based on his own instincts. The original coterie of experienced national security establishment members such as Jim Mattis and H.R. McMaster who had populated the Situation Room during the early days of the administration have largely resigned or been fired and replaced with individuals of lower profile and/or proven loyalty. Although the mechanisms of the formal interagency process continue to function, President Trump increasingly makes decisions based on a network of informal advisors and media sources. Domestic U.S. Considerations: The decision to launch the strike on Soleimani came during a period of high political tension in Washington, as it had been expected this month that the U.S. Senate would begin a trial in response to articles of impeachment passed by the House of Representatives in December. The Soleimani strike is being taken up by both Trump’s supporters and opponents as evidence of either his credentials as a decisive commander-in-chief or his unsuitability for office, depending on their perspective. Congress has proposed votes to limit President Trump’s independent authority to initiate hostilities with Iran, but this is unlikely to gain traction in the Senate. Separately, the first voting in the Democratic primary is less than one month away, and a sudden shift in focus to national security issues could have results that are difficult to predict, either boosting those with national security credentials (such as former vice president Joe Biden and military veteran Pete Buttigieg), or rallying support among primary voters for anti-war (such as Bernie Sanders). Third-Party Perspectives and Responses: Iraq: The strike at Baghdad International Airport that killed Soleimani also killed the deputy commander of Iraq’s Popular Mobilization Front, a coalition of militias that forms a part of Iraq’s official security apparatus. Iraq’s new Prime Minister Adel Abdul Mahdi has condemned the attack as a “massive breach of sovereignty” and an “aggression on Iraq”. Iraq’s parliament passed a draft law on January 5th calling for the removal of all foreign troops from Iraqi soil, but the law was non-binding and the session had been boycotted by most of the Sunni and Kurdish members of the legislature. Iranian presence has also been the recent target of Iraqi ire, such as in November when a crowd of Iraqis burned down the Iranian consulate in the Shi’a holy city of Najaf, and the Iraqi government will likely try to play both sides against each other to maximize its leverage for military and financial support. Withdrawal from Iraq would mean that the remaining American forces in Syria could no longer be supplied or supported through the western desert of Iraq and would therefore also have to be withdrawn. Iran will likely seek to use all its considerable levers of influence in Iraq to convince the government to see through the expulsion of American forces. The United States leaving Iraq and Syria due to Soleimani’s death would be a fitting legacy from the Iranian perspective and a perverse one from the American perspective given that Soleimani was responsible for the deaths of hundreds of American servicemembers in Iraq (and thousands of Iraqi civilians) through his support for Shi’a militias in the mid-to-late 2000s. Europe: Statements from European capitals emphasized the need for restraint and de-escalation. French President Macron is likely to view this event as further justification for his proposals that the EU develop a defense and security apparatus independent of NATO in order to avoid being entangled by potentially reckless American actions. Iran will likely continue to use this event as an opportunity to drive a wedge between the U.S. and Europe on the nuclear program and other issues, and their chosen retaliation was likely calibrated at least in part to allow them to continue positioning themselves as a responsible actor. For his part, Trump is urging the European signatories to join him in walking away from the JCPOA in order to increase Iran’s international isolation. United Kingdom: The British government has tried to tread a fine line in its responses to the strike, with Prime Minister Johnson calling for de-escalation while also stating that he “will not lament” the fact that Soleimani is dead. The U.K. is likely trying to balance its desire to remain aligned with France and Germany in trying to keep the JCPOA together with its traditional close alliance with the United States and Johnson’s personal relationship with President Trump. Russia: Unsurprisingly, Russian President Vladimir Putin condemned the American strike, which removed a valuable interlocutor for Russian forces in Syria. Russian troops and Iranian-backed militias in Syria had periodically found themselves with diverging interests in their campaign to support the Assad regime, and Soleimani performed a critical function in directing the activities of those militias to ensure that both Russia and Iran achieved their strategic objectives in Syria. A potential American withdrawal from Iraq and Syria would advance Russia’s interest in establishing itself as the indispensable foreign power in resolving the crisis in Syria and within the region more broadly. China: In line with their long-standing principle of non-intervention and their own interest, China condemned the strike, but the response was muted overall. Chinese interests are primarily economic and tied to ensuring a steady supply of petroleum. One of China’s newest and most capable naval destroyers recently participated in trilateral naval exercises with Iran and Russia in the Gulf of Oman. Although such exercises primarily serve a strategic messaging and diplomatic function, they do signal an emerging alignment of interests between the three states that would be significant for the response to any future crises.

Resilience in the Face of COVID-19

Brunswick Senior Advisor Paddy McGuinness, former UK Deputy National Security Adviser, on how businesses can chart a course amid the fear and uncertainty. We are all becoming more familiar with this disease than we care to be—and may become yet more so. Still uncertainty remains. It began even with the terminology. Coronavirus is a descriptor, a general term. Under the microscope, the virus has crown-like spikes, hence corona. The common cold and variances of it are coronaviruses. COVID-19 (as in Corona Virus Disease 2019) is the effect that this particular coronavirus has on the human being—that’s the disease the world’s grappling with. That’s the distinction between the two terms. We’ve now spoken to more than 150 clients about their situation. That has given us a broad view of the corporate response across affected geographies from Asia, through the Middle East and Europe to the Americas, a window into how those responses have played out and the challenges continually unfolding. Here’s what we’ve been advising our clients: First, develop a single view that’s grounded in professional, well-sourced information. In government we called this “a commonly recognized information picture.” That view has to be based on the responsible medical experts: the World Health Organization, the Center for Disease Control, Public Health England and similar bodies. You do not get it from the newspapers, from social media, from friends, or even your local medic. You operate on the basis of informed medical and public health advice. The current vocal challenge to that advice in Europe and the US is not reason to depart from it as your foundation for the actions you take. A leadership team needs to develop the discipline to clarify that generic narrative into a specific frame for their business context and then operate within it. It’s dangerous for leaders to start pretending they’re epidemiologists. Have a single view and stick to it. I’ve been on calls with leadership teams where there’s agreement on that view and then someone says, “But I read that the disease ...” Don’t go there. Don’t work on that basis. The uncertainty is difficult enough to deal with. Don’t add to it. You will be focused first on the safety—the human consequences—of your course of action and then on the resilience of your business. That may cause you to anticipate some of the “Non Pharmaceutical Interventions” that government makes. Brunswick has. Having established your position, think through how you’re going to communicate it to employees, customers, and investors. What about your suppliers and regulators? How might you engage with local public health officials and local authorities? Exaggeration and understatement are equally unhelpful. These engagements need to be tailored, yet aligned within your broader narrative. Leaders also need to plan for reasonable worst-case scenarios. Covid-19 has already spread in a way that we hoped wouldn’t happen, and in a way that standard business continuity planning doesn’t cover. Now, many in the workforce have to work from home. Among other considerations, that produces additional cyber and data vulnerability. What if schools close and your employees have children at home they have to look after? What will your IT capabilities be if 20 to 40 percent of your team is incapacitated at any one time during the peak period? Are your HR teams prepared to deal with the most unfortunate case, where employees or their close relatives pass away? In extreme times, it can be tempting to take extreme positions. A lesson of crises is never to enter into something without knowing how you’re going to get out of it, how to reverse it. If companies are going to start shutting down their operations, how are they going to open again? On what justification? Taking fixed positions amid great uncertainty can prove restrictive—or counterproductive—when circumstances change. Resilience is the ability to respond and recover to the state prior to the event, having learned the lessons of the event. Respond and recover—that’s the long-term goal here. Covid-19 will pass. We know from other pandemics that recovery does come. How can you position yourself to take advantage of that recovery, to get back with speed and strength? Because some companies will. Now more than ever senior leaders need to talk about how things will be the other side of the crisis and to describe signs of recovery. This is easiest for enterprises with transnational reach. They recount what is happening in Asia as the disease passes so that European and US stakeholders can see beyond the immediate demands of emergency response. On a personal level, stick close to the medical experts and the people who know what they’re talking about. I may well get Covid-19 here in the United Kingdom. I assume that, like the vast majority of healthy people who get it, I will experience mild to moderate symptoms and recover just fine. If I don’t, I want health services to be available. I want the spread to be managed at sustainable levels, so I am doing what Government asks of me and avoiding all but essential contact with others and unnecessary travel. I expect that more will be asked of me, my family and colleagues before we are through this. I wouldn’t let Covid-19 overwhelm you in your daily life, given what we know. That’s certainly my intention: carry on with as much normality as possible, support others and use the unexpected circumstances to prepare for the recovery phase which will come.

Hackers Exploit the Pandemic

Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. Within weeks of the COVID-19 outbreak, hackers have already commandeered the virus to unleash cyberattacks, sending emails purporting to provide coronavirus guidance laced with cyberattack software. In one more alarming case, they appear to have attacked a hospital and forced it to cancel operations and take key systems offline. As the outbreak continues to intensify, the UK National Cyber Security Centre (NCSC) warned that the volume of these attacks will likely increase, pointing to the increased registration of coronavirus-related webpages. Criminals are opportunists, and the COVID-19 global onslaught has brought with it not just health threats but cybersecurity risks, too. As companies move to protect the health of their workforce, it’s also important to protect the systems they’re using to run their businesses. It’s especially important for hospitals to shore-up their cyber defenses. If they don’t, just as they are racing to respond to COVID-19, they could face situations like University Hospital Brno in the Czech Republic, which earlier this month was forced to divert patients and cancel planned operations while it worked to address an attack. The most likely cyber threats are email “phishing” campaigns that use the coronavirus as a lure to get the recipient to open an attachment that contains malware. According to the NCSC, such “phishing” attempts are happening on a global scale in multiple countries, which has led to both a theft of money and sensitive data. Similarly, known hacker groups have been launching websites purporting to sell masks or other safety-related measures for coronavirus, possibly to use them as another vector for cyberattacks. The NCSC has also cautioned that these attacks are “versatile and can be conducted through various media, adapted to different sectors and monetized via multiple means, including ransomware, credential theft, bitcoin or fraud.” The cybersecurity firm ProofPoint has seen a rise in these cyberattack emails with COVID-19 themes since January. Both ProofPoint and IBM’s X-Force cybersecurity unit identified a campaign that targeted users in Japan with an email masquerading as a coronavirus information email that carries with it a potent type of cybercrime software. In the US, the Secret Service recently warned of scams from online criminals posing as sellers of high-demand medical supplies to prevent coronavirus. They’ll require payment upfront and not send the products. Cyber criminals have also been posing as the World Health Organization and the US Centers for Disease Control and Prevention (CDC), sending fraudulent emails from the former and “creating domain names similar to the CDC’s web address to request passwords and even bitcoin donations to fund a vaccine” for the latter. In addition to the use of the coronavirus as a cyberattack vector, the growing need for working remotely to mitigate the spread of COVID-19 has increased companies’ exposure to cyber threats. The increase in remote work creates more opportunities for hackers to make inroads from less secure locations. Companies should also ensure they can provide adequate security when their whole workforce is remote. They should quickly work through the security implications of workers choosing to switch to insecure personal devices. With national-level pressures on home broadband, staff will also resort to mobile hotspots, which are often less secure. And enabling remote connectivity at scale, with the right security configurations, can be a challenge even with months of preparation time. A recent US Department of Homeland Security COVID-19 cybersecurity notice pointed to the importance of making sure that security measures are up to date for companies’ remote access systems. Additional measures to consider include enabling multifactor authentication—which can require two or more steps to verify a user’s identity before granting access to corporate networks. The NCSC is also working to identify malicious sites responsible for phishing and cyberattack software. A final looming cyberthreat related to Covid-19 is disinformation. The World Health Organization and other agencies have for months been combatting disinformation campaigns spreading false information about the origins of and treatments for COVID-19—reports that seed more confusion and increase risks to society. All of that means that computer virus risks are emerging as the biological virus spreads—and both are a threat to business. Cyber risk mitigation efforts should account for the different ways that a company can be affected, including impacts on the technical, operational, legal and reputational aspects of a business. Often, the reputational effects of a cyberattack are more significant than direct the business or technical impact. To mitigate all of the potential impacts of cyberattacks taking advantage of the Covid-19 outbreak, companies should: Review and update crisis and cybersecurity response plans, and ensure internal and external communications response plans are robust. Confirm that members of the crisis management team understand their roles and responsibilities. Make sure all communications channels have the latest security patches. Review and update access controls, particularly when remote access is used heavily, to make sure that only those who require access to sensitive systems to do their jobs have it. Take extra care when handling medical information. For companies managing employees who have contracted Covid-19, it’s important that personal health information is handled with strong security measures, including encryption. Educate employees about the cyber risks that may attempt to capitalize on fear of the Covid-19 virus—whether it be phishing email or disinformation. Covid-19 poses a number of short- and long-term challenges to business resilience, and the virus’s trajectory is quick and unpredictable. But it’s possible to anticipate and mitigate a number of the cyber threats that will try to ride the virus’s coattails. The companies that do will be more resilient and better positioned to withstand the direct health and operational effects of the virus.

Why posting to multiple channels drives virality of online videos

Back in the summer of 2012, South Korean pop star Psy released a music video on YouTube. Running at just under four minutes, “Gangnam Style” rapidly became a global sensation. Within just two months of its release, the video was attracting a daily average of nine million viewers. In late September, Guinness World Records confirmed it to be the “most liked” video on YouTube. By December it had become the first piece of content on the platform to garner more than one billion views. As of 2020, the Gangnam Style video has been seen by more than 3.7 billion people around the world. Pys’s official YouTube channel has around 14.1 million followers—a significant user base. But even assuming that each one of these followers had watched the video several times and shared it with others, it still doesn’t account for the sheer volume of views the video has racked up over time. So what’s going on? What is behind the super virality of Gangnam Style and other pieces of content that, like it, appear to defy the rules of probability on the social web? Rajiv Garg, associate professor of information systems & operations management at Emory’s Goizueta Business School, has put a new hypothesis to the test. And he’s found that there’s a clear link between virality and what he calls the “spillover effect” of posting content onto multiple platforms at specific times. “We know that when celebrities and popular figures post videos, there’s likely to be a strong response from their follower base, depending on the content. But over time, user consumption reaches a saturation point—the novelty simply wears off. And this happens around 10 days after a video is posted,” Garg said. “Yet some videos just keep on going, getting successive waves of views on the same platform in quantities that eclipse the follower base. We hypothesized that this is affected by launching on different sites and platforms, but we really wanted to understand the mechanisms behind this and figure out why this activity was occurring on the original platform as well as others—as in the Gangnam case.” Together with Vijay Mahajan (McCombs, UT Austin) and Haris Krijestorac (HEC Paris), Garg looked at the diffusion patterns for viral content on the social web. First analysis confirmed that content sharing by users was the chief primary driver of virality; indeed, views typically increased after a video would appear on a second or third platform. But this didn’t explain why those views were growing back on the original platform too. In fact, the finding ran contrary to the established view that platforms compete for content—that posting to one platform leeches user views from another. “The reasoning until now has been that social platforms cannibalize content. In other words, when you post Gangnam Style onto Vimeo, you’ll get fewer views on YouTube as a result,” Garg said. “Users will move to the other platform and watch it there instead.” But in fact, the opposite was happening. Intrigued, Garg and his coauthors deployed synthetic control—a comparative statistics methodology—to test the causal effects of sharing content to one platform versus posting it to multiple sites. This methodology involved posting 381 viral videos on 26 video-hosting sites. In addition, they ran a randomized field experiment with 30 videos that were randomly seeded onto new platforms at random times. The results across both methods were consistent. Users who were finding the videos once they had been posted to a second (or third, or fourth) platform were still sending viewers to the original platform to view the content. And viewers were coming in droves. “What seems to be happening is that content is going viral as it’s consumed on the original platform—YouTube, say—and then shared to other channels. Here, on the second channel—Vimeo, Daily Motion or others—these videos reach new audiences,” explained Garg. “But for whatever reason, once they’ve discovered the video, many of these new users prefer to go to the original channel and watch it there. And this is happening consistently and in highly significant numbers of users.” This spillover effect could be due to a number of things, says Garg. It could be that for certain audiences, content is simply more readily discoverable on certain platforms—but that these platforms are not the first choice in viewing preferences. It could also be that the content is visible to users but not viewable on the second platform. “Say Gangnam Style is seen on YouTube by a viewer and shared. It then appears on Vimeo, and a second user discovers it; but maybe this user doesn’t like Vimeo or perhaps Vimeo isn’t available in their region or country. What happens then?” noted Garg. “The simple answer is that these new users end up Googling Gangnam Style and find it on YouTube—the original platform. The novelty and virality of the first wave of users has died down, but this new wave of users comes in, creating a spillover effect that boosts the popularity of the video all over again.” Looking again at the results of their analyses, Garg and his colleagues were able to determine that the spillover effect is strongest immediately after a video is introduced onto a secondary platform, as well as at the 18- and 42-day marks. “We analyzed the effect of introducing a video onto a new platform on the increase in views it generates on the original platform over time,” said Garg. “It appears the spillover mechanism is strongest during the first week but experiences spikes later on. In the long-run, we were able to generate twice as many views back on the original platform as we would otherwise have expected. So the effect really is huge.” It is also limited, however. The researchers found diminishing impact in posting content to a succession of different platforms. By the time the video is shared to a fourth or fifth platform, Garg and his coauthors saw no returns. The findings are nonetheless hugely significant for content creators, he says. “We’ve seen that content shared on different platforms sends users back to the original, and that debunks the idea that online channels cannibalize each other’s content,” Garg noted. “And we’re able to say with precision that this effect is strongest during the first week with later spikes, suggesting these may be the best times to introduce content onto new platforms.” Content creators looking to ‘viralize’ their material would do well to take a strategic, omni-channel approach based on these insights, says Garg. Multi-platform sharing is an effective way of spreading word of mouth content and reaching new audience bases—and not just nationally, he stresses. “The effect is not limited to borders or languages. Savvy content creators can create their first ripple on a YouTube or Vimeo and, as the views start falling off, go on to propagate to a second or third channel, including foreign ones,” he said. “The spillover effect is just the same. Staging and staggering your content this way, you reach completely new audiences, many of whom will spill over onto your original platform.” If you are a journalist looking to cover this topic – then let our experts help with your story. Rajiv Garg from Emory’s Goizueta Business School is available to speak with media – simply click on his icon now to arrange an interview today.

Optimizing the delivery speed promise can boost sales

After the coronavirus pandemic forced most of the country into lockdown, online shopping soared. According to CCInsights.org, by the end of April 2020 there was a 146% year-over-year increase in U.S. and Canadian online retail orders. Amazon was so overwhelmed by the combination of increased demand, logistical nightmares, and warehouse worker safety issues that the company announced significant delays in its Amazon Prime shipping speeds. When the company announced it would prioritize the shipping of essential items, the online retailer’s third-party sellers were left to manage their own shipping — something Amazon usually did for them. Shoppers who placed orders for non-essential products at the end of March sometimes received estimated delivery dates of more than a month away. While consumers often received their orders sooner than the 30-day estimate, for Prime shoppers used to getting their items delivered for free the next day, the change in delivery speed was a shock. Amazon shoppers turned to alternative outlets that promised much quicker delivery speeds. Companies with strong e-commerce positions and supply chains, such as Walmart, took advantage of Amazon’s situation. “People are very sensitive to delivery and how fast they can get products,” said Ruomeng Cui, assistant professor in information systems & operations management. “Maybe, just maybe, Amazon would be able to deliver faster than one month, but they chose to promise customers one month — that was their choice.” Unfortunately for Amazon, by setting conservative delivery speed promises, they exacerbated an already bad situation. According to Cui’s paper “Sooner or Later? Promising Delivery Speed in Online Retail” (Ruomeng Cui, Tianshu Sun, Zhikun Lu and Joseph M. Golden), optimizing delivery speed promise can have a substantial effect on a company’s sales. How substantial? Without changing the actual delivery speed itself — only the delivery speed promise — Cui’s research showed that when the retailer promised customers one day faster shipping, sales increased, profits increased, and customers spent more on each order. “It’s a very critical decision for retailers to try to determine how to manage delivery and how to manage the information aspect of delivery,” added Cui. The study is attached and found two key findings: The value of communicating delivery times From a customer satisfaction standpoint, the conservative disclosure lowered customer satisfaction while the aggressive disclosure didn’t affect the company’s satisfaction score, although it did increase product returns when shipping speed was overly aggressive and products were delivered late. “These results indicate that in our research context, promising customers a faster delivery speed can boost sales and profitability but at the cost of a higher product return rate,” the researchers wrote. They go on to caution retailers that promising a conservative shipping speed can be costly. “It’s a careful balance that companies need to think about — how to manage customers’ expectations properly,” explained Cui. Crafting the delivery promise Given online retailers’ adoption of machine learning, Cui believes companies could tweak their algorithms to explore what products and which types of customers are more tolerant to over-promising as it relates to the delivery speed promise. “Companies can then use the analysis to customize and differentiate the types of products that adopt different types of information strategies,” Cui said. “Just change your algorithm, learn and incorporate some of the data-driven decisions and methods.” Going forward, Cui hopes to customize algorithms for companies in an effort to help them dynamically optimize how to promise the correct delivery speed to customers. While many companies, like Collage.com, don’t own their own delivery function and can’t change the actual delivery speed by changing infrastructure, these companies can “manage the information,” said Cui. “It’s easy, and I think it should be the retailer’s responsibility and job to optimize.” “I want to advocate for all retailers to think strategically in their information aspect,” said Cui. “Don’t let such an easily fixed lever just sit there at almost zero cost.” If you are a journalist looking to cover this study or speak with Professor Ciu about subjects like online shopping and operations management, simply click on her icon now to arrange an interview today.

The tug between protecting privacy and building brand loyalty

The coronavirus pandemic has put much of normal life on hold, but it hasn’t stopped hackers. According to Securityboulevard.com, in the first quarter of 2020, more than 8.4 billion records from healthcare institutions, technology, software, social media, and meal delivery companies were exposed — a 273 percent increase from Q1 2019. While data breaches are costly to companies — a recent Ponemon Institute data breach report found that data breaches cost organizations an average of $7 million in the U.S. — their frequency is enough to cause some consumers to wonder if their private information is safe with their favorite brands. The increase in data breaches is concerning, noted Jesse Bockstedt, associate professor of information systems & operations management, but several studies have found that the out-of-pocket expense to consumers due to identity theft is less than $1,000. “Which isn’t zero, but it’s not like a few years ago when [identity theft] ruined your life and destroyed your credit,” Bockstedt said. As for the companies, he added, “It’s not a brand killer anymore.” Yet despite consumers’ growing unease, Goizueta faculty say the relationship between privacy and brand loyalty is a bit more intricate. While a data breach can nick a firm’s reputation, it’s the data that is purposely collected beyond the name and vital statistics that worry consumers more. Our experts found the following key points were necessary when it comes to finding the safe ground between privacy and brand loyalty. In fact, we have an expert from Goizueta who can explain each one: Building digital trust “Companies are increasingly worried that people will buy less from their brand if they’re perceived to be fast and loose with customer data,” said Daniel McCarthy, assistant professor of marketing. For instance, after political data-analytics firm Cambridge Analytica secretly collected data on roughly 87 million Facebook users, back-lash followed. In an effort to regain users’ trust, Facebook founder and CEO Mark Zuckerberg laid out a “privacy-focused vision” for Facebook, but those efforts were widely criticized as not going far enough. Advertising boycotts followed. Trust: the key to customer loyalty Minus regulatory guardrails, the differentiating factor is trust, explained Jagdish Sheth, the Charles H. Kellstadt Chair in Marketing. “Trust is built over time by doing what you promise to do and by company behavior that is considered appropriate or right,” Sheth said. Loyalty programs such as those with airlines, hospitality companies and grocery stores are founded on a relationship between a consumer and a brand. “Loyalty programs mean relationships, and in all relationships, trust and commitment are key,” he added. Let’s make a deal “Brands that are able to deliver a personalized experience in a privacy-friendly manner will have a competitive advantage,” explained David Schweidel, professor of marketing, in a recent “Goizueta Effect” podcast. “Putting a premium on privacy means forgoing the benefits that come from allowing organizations to collect data they use to deliver a better experience. From a commercial standpoint, the onus is on the marketers to make the case that the benefits outweigh privacy concerns.” We’ve attached a full article with even more advice and helpful information from our experts – but if you are looking to learn more or cover this topic, we can help. All of our faculty are available to speak with media, simply click on either expert’s icon now – to book an interview today.

Innovation: Should it always be a team sport?

Conventional wisdom has it that innovation is very much a team sport. To create a breakthrough innovation that is vastly more successful than its predecessors, you need to prioritize teams over the individual. That's not always the case, according to Tian Heong Chan, assistant professor of information systems & operations management at Emory’s Goizueta Business School. It depends very much on the degree to which the invention can be broken down into discrete chunks of work. Chan and colleagues from INSEAD published a paper, “Revisiting the Role of Collaboration in Creating Breakthrough Inventions,” in the Manufacturing and Service Operations Management journal in 2020. In it, they look at more than one million U.S. patents for new products filed between 1985 and 2009. The majority of these patents were awarded for innovations in function—machines, processes or products that delivered some kind of utility. The others corresponded to design; in other words, the distinct visual form or aspect of a product, like Coca-Cola’s iconic curvy bottle or the Apple iPhone. Sifting these patents for breakthroughs (those ranked by citations as being in the top 5 percent of their product class), Chan and his colleagues were able to look at whether standout innovations were the product of teamwork or whether any of them had actually been developed by a lone innovator. And what they found sheds fascinating and useful new light on the dynamics undergirding the innovation process. As a rule, breakthrough functional products—those awarded patents for some kind of utility—do tend to be created by teams. But when it comes to inventions that are centered on breakthrough designs, it’s a whole different ball game. Here, the solo inventor is every bit as likely to create a breakthrough as an entire team. The study looks at a diverse cross-section of industries from computers to cars, Chan and his co-authors found that lone inventors do relatively better on these types of integral inventions. It’s a fascinating work of research – and if you are looking to know more, then let us help. Tian Heong Chan is an Assistant Professor of Information Systems & Operations Management at Emory’s Goizueta Business School. He is available to speak to his research and this important topic – simply click on his icon now to arrange an interview today.