A curious article from February 1’s issue of the Borneo Post shone a light on the gap between expectation and reality when it comes to cyber recovery.

Professional services provider KPMG surveyed Asia-Pacific organisations and found almost three quarters (73%) of CISOs did not have the influence to protect their companies fully. Moreover, while progress has been made on prevention and response programmes, businesses are still underestimating impacts on operations and recovery times.

“Too many organisations wrongly assume that recovery will require several weeks to return to business as usual, when the reality is that it may take several months or more,” commented Ubaid Mustafa Qadiri, head of technology risk and cyber security at KPMG Malaysia.

There are, per the definition from SANS, six phases of a cyber incident response plan: preparation, identification, containment, eradication, recovery, and lessons learned. For affected companies however, it can often be panic stations as laptops are locked and files encrypted.

Enter the KPMG cyber incident response and recovery services. Runita Virdee is director of KPMG’s technology advisory practice. Alongside helping clients with the technology and digital transformations, Virdee leads KPMG’s UK cyber recovery practice. With certain infrastructure projects, such as disaster recovery and business continuity, it makes sense that the two areas are linked.

If an attack occurs, the incident response team begins by looking at the forensic analysis of the event. This ranges from understanding where their threat originated from, to assessing and recovering the technology that has been infected.

“We are seeing increasingly complex cyber-attacks launched by malicious threat actors who are constantly evolving and looking to outpace our tools and techniques to deliver maximum damage. We’re fortunate enough to have the size and scale and a broad range of organisational capabilities to respond appropriately – from networking specialists, identity experts and crisis management personnel to support the arduous recovery process.”

Organisations today are, of course, critically reliant on complex interconnected and interdependent systems. Regulations are increasingly strict, and public expectation of transparency is high. Depending on circumstances, organisations may have to notify regulators within 72 hours of becoming aware. Co-operating, as appropriate, with the Information Commissioner as you recover is key.

“With that in mind, two questions that need very coherent answers are: what is the core infrastructure that needs to be brought back online, and in which order of priority?” explains Virdee. “Organisations will often have to balance the need to continue the most business-critical operations – despite the absence of IT – and recovering and rebuilding impacted networks. Regular contact with the client is imperative; several times a day at peak times.”

“We mobilise teams of specialists at different sites, working alongside the client teams on the ground to start recovering,” notes Virdee. “Activities could range from rebuilding 1000s of laptops and physical devices, or as complex as re-architecting and rebuilding the core network and infrastructure from the ground up, embedding security and tight controls to minimise the risk of re-entry.”

Containment of ransomware across large corporate can be incredibly challenging, as is understanding how to restrict and control access to only authorised personnel.

“Recovery times naturally depend on the size of the organisation. For a small company with limited infrastructure and hardware, and a proactive approach to backups, some recoveries can happen within five days. At the other end of the scale however – think a global-sized firm with multi-million revenues and sites in remote parts of the world” notes Virdee. “The longest recovery at 18 months which included recovery and improving their technology estate.”

Education has always been an important part of the cybersecurity puzzle. Employees are frequently a primary access point. KPMG regularly sends out phishing test emails to keep folk on their toes. In some cases, it starts with the IT department. “A lot of organisations really don’t have IT teams that are scaled,” notes Virdee. “And that’s a challenge that we often see. The most successful recoveries have been a whole company effort, aided by invaluable support and input from a wide range of partners and vendors.”

Ultimately, the need for cyber response is one that will not go away. Prevention is important – but equally important is a robust cyber recovery plan with clear set of response activities and identified owners. The European Central Bank is one recent example of a high-profile organisation looking to test resilience after a sharp rise in cyberattacks.

“No organisation can ever be 100% secure but focusing on standards, a robust resilience strategy, accountability at the right levels and fostering a security-focused culture will, in the long term, prove to be a powerful net benefit for any organisation,” says Virdee.

Note: A previous draft of this article was published in error.

Vill du lära dig mer om cybersäkerhet och molnet från branschledare? Kolla upp Cybersäkerhet & Cloud Expo äger rum i Amsterdam, Kalifornien och London. Utforska andra kommande teknologievenemang och webbseminarier för företag som drivs av TechForge här.

As businesses increasingly adopt hybrid working models, the role of the CIO is also evolving.

In the hybrid era, the CIO must not only manage technology infrastructure but also ensure seamless collaboration and communication between remote and on-site teams.

They must also lead efforts to integrate new technologies, such as cloud computing and AI, while ensuring data security and compliance. Additionally, the CIO should work closely with other C-suite executives to align technology initiatives with business goals and drive digital transformation across the organization. The CIO’s role in the hybrid era is critical to the success and resilience of modern businesses.

In part one of this two-part special available här we explored the vectors of change effecting the evolution of the CIO, and key issues and opportunities including addressing the data paradox, moving from data management to data centricity and value and democratizing the capacity to create and build. Concluding this series, we now move onto exploring the criticality of Human Centred Leadership and Power of the Ecosystem, Skills Based Organisation and share final thoughts and reflections for application across business and societal outcomes. 

Human Centred Leadership and Power of the Ecosystem

Humans are at the centre of catalysing data-centricity, empowering the insight engine which unlocks the value of operational, customer and market data, so how can we support them best? Employees want to work for organisations with shared value alignment, where they feel they belong, where employers care for them as well as those around them as corporate citizens, and where they are actively listened too and able to contribute. And as emphasised by forskning by the C Tanner Institute, it is the accumulation of all the small experiences employees encounter during every working day that makes the most impact, not one off initiatives or interventions.

A great example of addressing this comes from EY’s award-winning NextWave Elevator Challenge, developed in conjunction with Ogilvy to help connect the NextWave strategy to its global workforce – recognising this would only be actualised if the whole company understood and personally connected to delivering on it.

The result? A gamified, 90-minute team challenge and social experience built in an immersive 360-degree viewable game environment, centred around co-creation to optimise impact across different cultures and geographies, and all built around the strategic pillars of NextWave, namely Client, People, Social and Financial. This approach showcases that it is not just the capacity to deliver business transformation with the power of people, data and technology that delivers results, it’s the way this is done, and the way that the story is told that matters so much too, both internally and externally. A disruptive distinctive creative clearly delivers impact!

And taking this human-centred approach further still, is embedding the power of ecosystem collaboration and co-creation. For me, one of the biggest learning lessons of the pandemic is the increased resonance of ‘coming together’ for good as exemplified by projects like the HPC Consortium where organisations that traditionally competed, worked together to enable inspirational innovation advances in healthcare, notably vaccine development. This approach or mindset even, can be applied across multiple verticals, and to address many different challenges. It is perhaps then no wonder that it is now estimated that ecosystems enabled by digital platforms may unlock an eye-watering $100 trillion of value for businesses over the next decade. And with EY finding that some 88% of executives indicate they are leveraging ecosystems in their tech-enabled transformation plans, this is a trajectory set to gather increased momentum still.

Skills Based Organisation

De World Economic Forum anticipates that over half of all employees (54%) will require significant re-skilling to meet IT-related needs. This equates to a need to reskill more than a billion people by 2030. Reflecting on this and completing the catalysts for change covered in this piece, comes the shift towards becoming a skills-based organization and with this, a broadening focus on what skills requirements actually matter the most.

As data becomes increasingly democratized to a greater range of employees, especially business users to apply in self-service analytics, this is contributing to what I refer to as ‘the rise of the generalist’ – that is the amassing of increasingly holistic skill sets, complemented by one or two predominating skills as singular areas of expertise. The dynamic and holistic needs, challenges and opportunities facing organisations today necessitates employees with a breadth of knowledge, skills and experience, and also the skills confidence to apply them.

And when organisations combine this approach with adopting a data fabric strategy, this results in a significantly reduced need for human intervention to actually analyse and manage data – a range of 40-90% in the EY study – meaning burnout potential is negated and more time is afforded for higher value learning and development. And these employees need opportunity and recognition too, absolutely critical components to developing an inclusive culture of belonging, especially in areas like training. Indeed, the leading three barriers to digital transformation success were recently identified as related to ‘people factors’, most significantly around digital skills access, readiness and confidence (Dell Technologies 2022).

Further, developing a skills based organisation is vital when we consider expanding talent gaps in the technology sector. Putting this into context, in the UK alone, there were over 64,000 vacancies for technology roles in Q3 last year, according to a State of the Nation Rapportera from the BCS, The Chartered Institute for IT – this equates to an eyewatering 191% increase on the same period in 2020. Access to training matters, with a recent study by SAS that I was actively involved in, finding that 87% of employees report they are less likely to leave their employer if provided training opportunities. This includes aspects such as data literacy training for those in non-technology facing roles.

This is compounded by intention-action gaps when it comes to skills such as AI. As an example, the same research found investment in Artificial Intelligence technology increasing, yet investment in the talent to apply it, significantly lacking. As I discuss in related press coverage, ways to address include enabling on-the-job experiential training, increasing upskilling and cross-skilling opportunities, encouraging certifications and broadening talent outreach, for example with hackathon challenges, a timely example of this här. Additionally, visibility matters – it is critical for people to see ‘someone like me’ when exploring opportunities in technology. For inspiration, an example of showcasing the diversity of talent and skills needed to thrive in tech is the 365 Series, designed with the aim of breaking down barriers to access and changing the narrative on what a career in tech actually ‘looks like’. 

Investment and prioritization of human capability is then an absolute imperative. I believe this encapsulates a focus on STEAM skills, namely Science, Technology, Engineering, Arts and Mathematics to help foster holistic skill sets, including empathy, creativity, emotional intelligence and problem-solving skills. We need to evolve the predominant focus on what to think and what to learn, and now move beyond to the how – and with an increasingly personalised approach as one size does not fit all! One example is embedding a process called metacognition into training and development programs – think of it as going to the gym but for your brain! This approach can help employees and managers alike to understand their respective learning and leadership styles and how they learn best to become smarter thinkers – more agile, ambidextrous and confident to change.  

Slutgiltiga tankar

The CIO role is rightly becoming increasingly elevated and strategic. As organisations from SME to enterprise alike move beyond the rapid implementation of changes borne out of necessity, as exemplified by the pandemic catalyst, we have now entered an ‘embed by design’ phase, where digital transformation is more reflective, mature and critically – intentional. And it is empowered by focus, investment and prioritization around the 3 pillars of data centricity, human-centred leadership and skills-based organisation described in this piece, with all the considerations explored to optimise impact for business and society too.

And the results of getting this right speak for themselves! Tech-enabled transformations that exceed expectations now forecast an average annual revenue growth of 5.7% (EY 2022) – this compares to just 4.0% for transformations where delivery on expectations falls short. In combination, I hope this deep dive inspires further reflection and all feedback and questions are most welcomed! Additionally, for more on these very themes, EY’s Tech Horizon research och tanke ledarskap are freely available to be explored in depth. All feedback and follow-on questions are most welcome. Many thanks, Sally

Research Notes and Additional Info *

Gartner, Becoming Composable: A Gartner Trend Insight Report, Yefim Natis, Janelle Hill, Partha Iyengar, Gene Alvarez, Jennifer Loveland and Chris Howard, 12 January 2023

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

IDC Research, How to be a Digital Leader in 2022, Develop Your Digital Quotient To Be Successful on Your Cloud Journey. Europe and North America Info-Briefs, Francesca Ciarletta, Carla Arend, Archana Venkatraman and Frank Della Rossa.

IDC RESEARCH is a registered trademark and service mark of International Data Group Inc and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved

About the Author

Prof. Sally Eaves is a highly experienced chief technology officer, professor in advanced technologies, and a Global Strategic Advisor on digital transformation specializing in the application of emergent technologies, notably AI, 5G, cloud, security, and IoT disciplines, for business and IT transformation, alongside social impact at scale, especially from sustainability and DEI perspectives.

An international keynote speaker and author, Sally was an inaugural recipient of the Frontier Technology and Social Impact award, presented at the United Nations, and has been described as the “torchbearer for ethical tech”, founding Aspirational Futures to enhance inclusion, diversity, and belonging in the technology space and beyond. Sally is also the chair for the Global Cyber Trust at GFCYBER.

Shopify and Google Cloud have unveiled an integration that enables retailers using Commerce Components – Shopify’s enterprise retail solution – to leverage Google-quality search capabilities and AI innovations. 

Enterprise brands on Shopify can today access Google Cloud’s Discovery Al solutions directly through Commerce Components, Shopify’s modern, composable stack for enterprise retail. This integration, which can now be used by Shopify merchants globally and is available in most languages, increases access to Google’s advanced search and browsing technologies so that retailers can create more fluid and fruitful shopping experiences for their customers. 

Shopify and Google Cloud’s new integration equips enterprise brands with artificial intelligence (AI)-driven product discovery capabilities that address real-world business challenges, including: 

• Google Cloud Retail Search, which providesadvanced query understanding that can produce better results from even broad queries, including non-product and semantic searches, to effectively match product attributes with website content for fast, relevant product discovery. 
• An AI-powered browse feature that uses machine learning to select the optimal ordering of products on a retailer’s ecommerce site once shoppers choose a category, like “women’s jackets” or “kitchenware.” Over time, the AI learns the preferred product ordering for each page on an ecommerce site using historical data, optimizing how and what products are shown for accuracy, relevance, and likelihood of making a sale. 
• An AI-driven personalization capability that customizes the results customers get when they search and browse retailers’ websites. The AI underpinning the personalization capability uses a customer’s behavior on an ecommerce site, such as their clicks, cart, purchases, and other information, to determine shopper taste and preferences. 
• A Google Cloud Recommendations AI solution thathelps retailers deliver personalized recommendations at scale. Recent upgrades to Recommendations AI can make a retailer’s ecommerce properties even more personalized, dynamic and helpful for individual customers.
• Advanced security and privacy practices that help ensure retailer data is isolated with strong access controls and is only used to deliver relevant search results on their own properties.

Harley Finkelstein, president of Shopify, said: “We’re thrilled to continue our long-standing partnership with Google Cloud.

“We’re bringing together the best in commerce with the best in search to solve a complex and costly problem for enterprise retailers – world-class search and discovery for the online store.”  

Thomas Kurian, CEO of Google Cloud, said: “Shopify integrating Google Cloud’s Discovery AI technology into its enterprise retail solution puts the power of AI directly into the hands of merchants and brands to solve everyday problems.

“Now, retailers will be able to enhance their digital properties with better product discovery experiences, creating more fulfilling shopping experiences for their customers.”

Rainbow Shops builds a better customer experience with Google Cloud search technology

Rainbow Shops, a Shopify merchant and popular retail apparel chain with more than 1,000 stores, recently integrated Google Cloud’s Discovery AI for Retail technology directly into its own digital domains. After experiencing limitations with other search and product discovery solutions, Rainbow Shops approached Shopify about the possibility of using Google Cloud’s search and browse capabilities. 

When compared to other specialty search services, Rainbow Shops’ internal testing found that Google Cloud’s solution could deliver helpful results to an assortment of test queries 100% of the time. In addition to accuracy, Rainbow Shops saw an immediate reduction in the amount of time and effort its teams previously spent on manually refining search results, creating redirects, and pulling up to 50 other levers to get useful results.

Rainbow Shops is now using Google Cloud’s Retail Search technology, and importantly, it took less than a week for Google Cloud’s AI tools to be successfully integrated into Rainbow Shops’ online store and mobile app—all right before last year’s peak shopping moment for the retailer, Cyber Week. 

David Cost, VP of e-commerce and marketing, Rainbow Shops, said: “Now our search bar can handle almost anything our shoppers throw at it, surfacing helpful product results for nuanced queries like ‘lbd’ (little black dress) and extremely general searches like ‘Mardi Gras.’ We’ve also significantly advanced our ability to produce relevant results when a shopper has a typo in their query, which is commonly seen among our many customers now shopping on mobile devices.

“Rainbow Shops is using Google Cloud’s AI tools to create an undeniably better shopping experience for our customers. In just three months we’ve already seen search volume increase 48% and our bounce rate on visits has decreased three-fold.”

Consistency lacking in retailer search experiences, resulting in search abandonment

Despite the continued rise in online shopping, many shoppers report hurdles in the product discovery experience on retailers’ ecommerce properties. New research from a Google Cloud-commissioned Harris Poll survey found that search abandonment—when a shopper searches for a product on a retailer’s website or mobile app, but doesn’t find what they are looking for—costs retailers more than $2 trillion annually globally, and more than $234 billion in the U.S. alone.

Shoppers themselves say they depend on the search function or search box when shopping; it’s the most common way U.S. consumers search for products on retail websites (69%), followed closely by general website browsing (63%). The problem is that retailers’ search experiences lack consistency, as only one in 10 U.S. shoppers say they get exact results for their queries (12%) or good alternatives (11%) every time they use the search function on a retailer’s site. In fact, more than three in four U.S. consumers (76%) say that in the past month they have used the search function or search box on a retail website and it did not provide the item they were looking for. 

Vill du lära dig mer om cybersäkerhet och molnet från branschledare? Kolla upp Cybersäkerhet & Cloud Expo äger rum i Amsterdam, Kalifornien och London. Utforska andra kommande teknologievenemang och webbseminarier för företag som drivs av TechForge här.

Taggar: AI, E-commerce, Shopify