Posted on

Monica Verma, CISO of Helsedirektoratet: The Necessity of Resilience and How to Embed it in Your Organization

The rising number of cyber attacks has caused IT leaders across industries to take cybersecurity measures more seriously than ever before. This is reflected in our interviews with CIOs on cybersecurity investments who revealed cloud security and cybersecurity strategies as top priorities. A number of industries have also adopted digital twins to protect their digital assets, allowing cyber security platforms to perform at higher efficiency and accuracy.  

However, CIOs and CISOs face continuous challenges with implementing high-level cybersecurity due to limited budget and online security obstacles in a hybrid workforce.  

Monica Verma, CISO of Helsedirektoratet, podcast host of We Talk Cyber, and blogger on MonicaTalksCyber.com, shares valuable insights on operational and cyber resilience, effective cybersecurity programs for critical infrastructure, the evolution of the CISO role, and more.  

 

What are your top cybersecurity lessons learnt from the pandemic?  

There’s no absolute security. Things can and will go wrong. That’s true for both a pandemic and a cybersecurity crisis. The pandemic has shown us an increasing need for adaptive security as a part of building resilience and crisis management.  

Operational resilience is as much dependent on the human and communications aspect as the technical capabilities in place. It’s not a matter of “if”. It’s no longer even a matter of “when”. It’s a matter of: 

  • How long ago did attackers infiltrate? 
  • How quickly can/did we detect it? 
  • How quickly and effectively can we respond? 
  • How do we handle the unknowns? 
  • How do we adapt and continue critical services? 

Preventive controls are not enough. Effective crisis management requires planning for both the known-unknowns and the unknown-unknowns

 

How do you think the role of CIO/CISO has evolved in terms of ensuring the security of their organization?

Traditionally, the CISO role started as a technical role — a younger sibling or a distant cousin of the C-Suite. It’s mostly a title associated with a lack of budget, mandate, or even a seat at the grown-ups’ table. 
 
However, an effective CISO role is that of a business leader itself, an advisor to the board, top management, and the rest of the business. The role has evolved from a “glorified” security engineer to a business and organizational advisor. As data breaches and ransomware attacks have skyrocketed recently, particularly during the pandemic, more organizations look up to the CISO to help them identify, understand and manage their threats and risks better.  

Today, many organizations understand that a CISO’s job is not just to build an information security management system (ISMS) with a bunch of policies and other governing documents. Organizations are beginning to employ a CISO/CIO to rather effectively invest in security with timely risk management and provide sound advice tailored to the stakeholders.  

As a result of this evolution, there’s also been a shift in the skills required to be an effective CISO: 

  • Professional skills such as risk advisory and business understanding, which span very well outside the technical realm, and; 
  • Soft skills such as concise, clear, and effective communication, are a driving force behind the vision and strategy of an effective leader. 

There are many organizations that still see and employ a CISO role as a technical role, but we are seeing a shift in terms of budget, investments, and better mandate — transforming the CISO into a cross-functional advisory role worthy of an actual seat at the table. 

 

Today’s organizations have a higher risk of exposure due to a more complex and global digital footprint. What strategies can organizations implement to better prepare for cyber attacks?  

There are three critical aspects that need to be addressed in order to better manage the ever-increasing risk exposure and ever-complex digital footprint: 
 
a. Always have a holistic view of both the current state within the organization and its supply chain as a fundamental input to your cybersecurity strategy. You are as strong as your weakest link. It’s not your employees. It’s the weakest link in your entire supply chain. You need to be aware of the weakest link in your supply chain, in order to be better prepared for cyberattacks. 
 
b. Always have a risk-based approach when developing your strategy, operationalizing your cybersecurity plan, and investing in security controls (people, process, and technology). Your organization’s risk profile is affected by other risk profiles in your entire supply chain. A risk-based supplier management is as important as a risk-based security governance within your organization. Additionally, an effective risk-based approach will also take into account the threat landscape. 
 
c. Balance your security investment effectively between preventive controls, predictive controls, and adaptive and other response controls, based on your risk exposure. The more critical data, services, and infrastructure you have, the higher your exposure in case of a cyberattack. It’s the difference between an e-commerce website going down for weeks vs. critical data or service not available for even a few hours or days. Preventive controls and cyber hygiene are a must. But as there is no 100% security, these will fail. Your cybersecurity strategy must take into account effective crisis management and building operational resilience over time. 

 

Based on your cybersecurity adoption lifecycle model, how can an organization build cyber and operational resilience? 

Building cyber and operational resilience requires effective planning and response to manage both the known-unknowns and the unknown-unknowns. Additionally, this takes into account people, processes, and technical aspects. Here are the key things organizations can do to build resilience over time: 
 
a. Building resilience requires a clearly defined accountability at the top level as well as a resilient, collaborative, and prepared workforce. Accountability and awareness are key. Train your employees and train them regularly. It’s vital that the board and top-level management understand their accountability, as well as that every employee understands their role and responsibilities both during normal operations and an ongoing crisis. Test your preparedness and crisis management plans. Make sure your crisis management team works like a well-oiled machine. Run table-top exercises, learn and repeat. 
 
b. Map, understand, and have a comprehensive overview of the dependencies that your critical services have on the underlying assets within your entire supply chain. Do your homework to have effective planning and preparedness in place. Build your crisis management and preparedness plans based on disruption scenarios for your business and critical services towards society, dependencies within your organization and on your third parties, your risk exposure, and your risk tolerance. Your crisis management plan should also take into account the steps you execute in case an unknown scenario occurs.   
 
c. Invest in adaptive response management. As there are always unknown factors in play, an effective response management will include adaptive mechanisms, in addition to preventive controls. For example, can we activate certain policies in real-time as certain events or anomalies are detected? How can we fail-safe both within our IT and particularly our OT environments, while keeping critical services up and running? How do we adapt the use of our people, processes, and environment in real-time to reduce the impact? How quickly can we segment (parts of) our infrastructure, in order to contain the spread? How quickly do we predict a threat or detect an attack before it becomes a crisis? How do we reduce recovery time?   

 

What are some of the technological disruptors to cybersecurity?  

In my opinion, the top three technological disruptors to cybersecurity are: 

 
a. Cloud 
Cloud is no longer a new technology. However, the skyrocketed migration to cloud in recent years demands an urgent shift in mindset, especially when it comes to cybersecurity and privacy. Moving to the cloud is no longer just a lift and shift operation, even if that’s what you may be doing with some of your services and data. To effectively utilize the benefits of cloud computing, in a secure and privacy-friendly manner, a shift in the mindset is required right from the very beginning, integrated right from the planning stages of a migration, through operating in the cloud and all the way to the exit stage. 
 
b. Convergence of physical, biological, and digital worlds 
With the adoption of Internet of Things (IoT) and other emerging technologies, there is an even stronger convergence of the physical, biological, and digital worlds in progress. However, there is a big gap in understanding what risks this entails and the lack of management of these risks as a part of a cybersecurity strategy. As we go forward, there is a stronger need to address these issues at a strategy and business level to ensure that security, safety, and privacy continue to be a top priority. 
 
c. Machine Learning and Artificial Intelligence 
Machine learning and the emerging applications of artificial intelligence are some of the key technological disruptors, as ethics, safety, and other risks emerge along with it. We are already seeing Proof of Concept (PoC) cyberattacks enhanced by machine learning. As we go forward, these emerging technologies will be abused by cyber criminals and other threat attackers in various ways, including but not limited to, increased scale and effectiveness of cyberattacks, discovering new unknown vulnerabilities and exploits faster, bias, discrimination, and other ethical, security and privacy violations. As the threat landscape evolves, the use of machine learning and artificial intelligence within cybersecurity will be critical. 

 

What are the elements of an effective cybersecurity program for critical infrastructure?

Due to the ongoing convergence between Information Technology (IT) and Operational Technology (OT) environments including Industrial IoT (IIoT), along with accelerated digitalization as a result of the pandemic, we have seen a massive rise in cyberattacks, particularly ransomware, against critical infrastructure. The key with critical infrastructure is operational resilience both during normal operations and under crisis. An effective cybersecurity program for critical infrastructure addresses three key areas: 
 
a. Legacy systems within the OT environment 
As the threat landscape and attack vectors have evolved, the convergence has left the legacy OT systems even more vulnerable to cyberattacks. Additionally, the lack of visibility and the difficulty of maintenance pose an even bigger threat as both old and new vulnerabilities and attack vectors are discovered. The basic cybersecurity hygiene e.g. patching, awareness and other preventive controls are even more important in the OT environment, as these systems get connected to emerging technologies. Hence, the basics is still one of the key aspects.  
 
b. Over-increasing complexity and attack surface 
Due to technological disruptions and ever-increasing convergence, both the complexity and the attack surface of OT environments including the critical infrastructure are increasing drastically. This increases the likelihood of a successful cyberattack, as the threat actors now have a much larger attack surface to begin with. Going back to the point, it’s not if or even when you’ll get hacked, but rather how quickly we detect, adapt, and respond to an attack. Hence, building operational resilience is a critical aspect to be addressed in an effective cybersecurity program. 
 
c. Managing the consequences and risks to life, safety, and society 
As with every cyberattack, a key aspect is to understand and contain the impact, as early and efficiently as possible. To do that, it is vital to have a comprehensive overview of what risks are associated with critical infrastructure, along with how it impacts the business, the organization, and society at large. As we move from traditional IT to OT environments, we switch from just talking about downtime or data breaches to risks to life, safety, and functions with society as a whole. A good security investment is always risk-based. This is even more vital for critical services, as the impact can be tremendous. 

 

What are some of the key challenges with regards to diversity, inclusion, and equity within the cybersecurity industry and how can we address them?

We have seen an increasing awareness of diversity, inclusion, and equal rights over the last decades, both within society in general and in the cybersecurity industry. However, we still face massive challenges when it comes to pay grade, job requirements and hiring, reasons and motivations behind diversity and inclusion, as well as a lack of understanding of equity and the role it plays.
 
On one hand, we need to have continued conversations and take further actions for better representation within the cybersecurity industry. On the other hand, we need to do that while breaking down the labels and stereotypes. I am a CISO. Not a female CISO. My professional experience and contributions are independent of my gender, background, and other labels. 
 
That means, while on one hand, we need definitive actions to reduce the pay gap, include diversified talent, and ensure effective and streamlined hiring processes including neutrally worded job positions with realistic requirements, on the other hand, we need to break down the barriers to bring in a diversified workforce independent of their labels. That includes diversity in both what we see and what we hear,  i.e. diversity and inclusion of opinions.  
 
Equity is yet another term that is highly misunderstood. Equity is not the same as equality. While equality is important and talks about equal opportunities and resources, e.g. equal pay grade, equity is about fairness, i.e. giving people what they need in order to make things fair and level the playing field. Due to stereotypes and lack of a balanced representation over decades, there is a need for equity to ensure we can reach equality. Equality is the end goal, but equity is the means to reach it. Equity is not about giving too little to people who need it or too much to those who don’t, but rather to provide fairness in order to reduce the differences of inequalities and pave the way to a more equal society and cybersecurity industry. 

Posted on

Kathleen O. Mathisen, CHRO of Grieg Seafood: Anchoring Diversity & Inclusion in the Workplace

Diversity and inclusion (D&I) initiatives may have been paused due to the pandemic as companies went into survival mode. However, it is time for organizations to restart D&I efforts to reap benefits of a diverse and inclusive workforce. According to McKinsey & Company, the likelihood of diverse companies out-earning their competitors have only grown in the past five years. 

Grieg Seafood, a multinational salmon farming company headquartered in Norway, has been a strong advocate for human rights and diversity in the workplace, in addition to sustainable fish farming practices. We speak with Kathleen O. Mathisen, CHRO and Internal Communication of Grieg Seafood, about the importance of D&I, closing the gender gap and what it means to be a HR leader today.  

 

Diversity as a Core Focus Area

 

According to the Food & Agriculture Organization (FAO), fish catching is male dominated in most regions around the world. Offshore and deep fishing in ocean-going boats is delegated to male crews, while women work onshore carrying out skilled and time-consuming tasks such as processing and marketing catches.  

Mathisen says more women are found in the support function in the seafood industry. “Many women didn’t want to go into [the seafood] industry years ago because it was hard work,” she says. However, advances in automation and technology have drawn more women to the industry. Laborious tasks are now automated and simplified at Grieg Seafood with technologically advanced control rooms.  

Machine learning and AI has enabled remote feeding of fish which increases fish welfare and reduces fish waste. Digital farmers are now able to remotely feed seven million fish living in 12 farms, all from Grieg Seafood’s land-based operational center in Rogaland.  

The key here is to balance and minimize the gender gap without losing the core competence that you have, Mathisen says.  

 

D&I as a Top-down Approach 

 

Once a culture of inclusion is fostered at the level of an organization’s decision makers, it will eventually trickle down to the management team and the rest of the employees. Mathisen stresses that “it’s about making those long-term plans, it’s about being strategic, it’s about anchoring the decision to minimize the gender gap at the top.’‘  

To start this process, Mathisen advises C-levels initiate a change of mindset and behavior. Management teams should look inward and analyze communication practices with their peers.  

Are we different? Or are do we always agree? If we always agree, that should be a big question mark!” With that said, leaders should not be afraid of addressing shortcomings in the diversity department. It’s a matter of being bold and transparent in sharing information with their peers and employees. This will instill trust and confidence that C-levels will follow through with D&I initiatives.  

However, Mathisen is concerned that these initiatives are still at the drawing board and not fully implemented. ”It’s sad that we need to have those discussions – that gender balance is important, that diversity matters, because of course it matters!” 

 

A Competence-based Hiring Policy 

 

Grieg Seafood has a goal of increasing the percentage of female employees at Grieg Seafood to 40% by 2026. According to her, the 50/50 ratio of male to female employees should not be in the end goal, and is neither right nor wrong.  

Additionally, Grieg Seafood has a gender-based hiring policy in place where the organization tries its utmost to have a man and a woman as the two final candidates for a position. However, Mathisen says that that’s not always the case. Shortlisted candidates may be two women or two men. This is because at the end of the day, Mathisen stands behind a competence-based hiring process.  

”You shouldn’t be asking where people come from or [look at their] gender. You should look at competence, and that should be the final measurement when you’re recruiting people.” 

Occasionally, Mathisen comes across a disruptive candidate that challenges the status quo of the role’s requirements, pushing the organization to remove their biases and ultimately revise the job criteria to be more inclusive. There is a number of benefits when it comes to hiring based on competence such as consistency in the hiring process, accurate predictions of future performance and lower turnover rate. 

 

Creating a Culture for Sustainable Employability  

 

As sustainability is one of Grieg Seafood’s main focus areas, it’s no surprise that it extends to the company culture as well. Mathisen says that having sustainable habits at the workplace stems from the employees themselves. 

”It’s not a corporate initiative that starts at the top [that forces] people to [work and think in a sustainable way]. It comes from the people, and that has a totally different dynamic.” 

In an employability context, sustainability carries a different meaning. The right conditions need to be in place to ensure employees are happy, healthy and motivated. Capable employees who are motivated and passionate about their jobs stay at their company three times longer, generating long-term ROI for an organization. 

Mathisen reveals some of the ways Grieg Seafood creates an environment for sustainable employability: 

  • Listen to your employees: Pulse surveys are used to collect feedback from employees on how the company is doing and what can be improved. 
  • Provide training and development programs: Employees have access to a wide range of e-learning programs. Another pilot project has been taken on to provide more programs to employees so they can educate themselves.  
  • Instill trust and flexibility: Employees are treated fairly according to their needs. A working culture that is rooted in trust and flexibility is key to unlock employee engagement and productivity.  
  • Implement proper hybrid work policies and regulations: It is important to have planned meeting points, face-to-face onboarding sessions and revised insurance packages in the future. 

If you have a good culture, you don’t have to [spend] a lot of money on branding,” Mathisen says. She adds that companies with a “walk the talk” mentality will attract and retain the right talent.  

Young talent comes in all shapes and sizes. [People] will look for companies that have values they can identify themselves with.” 

Mathisen says that the CHRO role has become broader in the post-pandemic era. Today’s HR leaders must focus on the future of work for their companies — finding new solutions, pushing innovative strategies and ensuring team members feel connected in a hybrid work environment.  

Posted on

Cilla Benkö, CEO of Swedish Radio: The Evolution of Leadership in a Post-Pandemic World

Radio is regarded by many as a trusted source for reliable news, especially during crisis situations. Cilla Benkö, Director General & CEO of Swedish Radio, Sweden’s biggest radio broadcaster says: 

Radio [has a] very important task of covering the pandemic and informing the public – while also reducing the risks of infection spreading and keeping our co-workers healthy.”  

Not only is Benkö a recurring international speaker for topics such as public service media, she is also passionate about freedom of expression, digital development and leadership. For those reasons, Management Events is thrilled to share her perspective on change management, redefining managerial roles, tech adoption drivers and challenges, and female representation in leadership teams.

 

Overcoming Change Management Hurdles  

 

Organizations are going through major changes right now, and change management is often a challenge. Was it a challenge in your organization as well, and how did you address it? 

Well, the answer to that is both yes and no. As a media company, with the journalistic trade at the very core of our organization, our co-workers are naturally interested in changes and trends surrounding the world. A big challenge, however, has been bringing the company together and keeping over 2,000 people, working from places all over the country, updated and aware of which changes in the ever-changing world are going to affect us. But also, to get everyone involved in what we need to do collectively to meet these changes, in order to get as equipped as possible for the future.

 

Some of the changes include the introduction of remote work for certain employees and the modification of schedules to cover breaking news related to COVID-19. The technical simplicity of radio is an advantage that allows stations to broadcast regularly and is flexible enough to include dedicated programs and podcasts about the pandemic.  

 

 Redefinition of the Manager Role

 

Businesses across industries had to adapt a lot in the past year – it’s not only the change in processes and technologies, but also the mental stress. In your opinion, how has leadership changed during and post-pandemic? Has the role and even definition of a manager been redefined? 

I must say that I have been incredibly impressed with the managerial level at Swedish Radio during these very challenging times. All over the company we have seen proof of enormous flexibility and creativityfinding new and smart solutions to new and existing challenges in connection with the pandemic, but also with the digital work environment that has been made a permanent part of everyday life. For managers, this has also meant finding new ways of securing collaboration, social structures and mutual learning within working groups. 

 

Forward-thinking change managers must redefine the concept of change management for their organizations. Change management initiatives are more likely to be met with clear communication and employee participation from the start. This is supported by Shona Elliot, best-selling author and executive management & leadership consultant, who highlights the importance of leaders prioritizing their employees and building a people-centric culture

 

Key Drivers and Challenges with Tech Adoption

 

What key challenges do you usually see when it comes to technology adoption, from the change management perspective? And how can these challenges be solved? 

The editorial environment is fast-paced with limited room for practical obstacles – so time is of course a key challenge. It’s therefore important to ensure all technology is adjusted to suit the actual needs of the organization and that the implementation of new technology and ways of working always comes with support and is scheduled, communicated and planned properly. Another key challenge for Swedish Radio is, of course, budget limitations that always makes it a necessity to prioritize.  

 

Results from Management Events’ survey on COVID-19 impacts on businesses reveal that revisions of budget and business strategy are the top focus areas for organizations in ensuring the smooth continuity of their operations. In addition, 59% of business leaders in Europe are reworking their budget plans and predictions, followed by a revision of business strategies and goals.  

In terms of tech adoption challenges, surveyed CHROs in Management Events’ Executive Trend Survey named the following — lack of the right training and skills, integration with legacy systems, and a culture that does not embrace experimentation.  

 

In your opinion, what are the key drivers for technological innovation today? How does it reflect in your organization? 

It is most definitely the way of working with multifunctional teams, where many different competences work together to find a solution that best meets the needs of the organization.  Technology must never be developed just for the sake of technology itself. At Swedish Radio, we have made innovation and technical development a priority, and that has equipped us well to cope with the unexpected – like the coronavirus pandemic. 

 

The need for innovation and technical development has been accelerated by the pandemic, pushing leaders to adopt new approaches for workflow processes in the shortest timeframes. In today’s remote working conditions, businesses need to remain efficient and prioritize quality over quantity

 

Women in Leadership

 

You were recently listed as one of “The most Powerful Women in Business Sweden”. What advice can you give to aspiring female business executives on growing in leadership roles? 

Never forget to listen, and especially remember to have respect and listen to those not agreeing with you. For me, it is crucial to make sure that an organization is brave enough to have as many perspectives as possible in ongoing discussions. One must never be afraid of debate. On the contrary, it’s key to success. Also, always allow people to make mistakes and learn from them. There is nothing more toxic to creativity than a fearful work environment. 

 

Did you know that women represent only 19.3% of executives and 7.9% of CEOs in publicly listed companies across the European Union?   

Women in the workplace have been negatively impacted during the pandemic and are more likely to have been retrenched. With closures of schools and daycare centers, women who still had jobs struggled to juggle childcare responsibilities and managing households. It is no wonder as many as two million women considered leaving the workforce in 2020.  

Less women working mean less women in leadership positions, and the financial consequences of this could be significant. Research by McKinsey & Company stated that company profits and share performance can show a 50% increment with strong female representation at C-suite level. 

Fortunately, some countries are paving the way for women empowerment in the workplace. According to PwC’s Women in Work 2021 report, Iceland, Sweden and New Zealand are leading the pack when it comes to closing the gender pay gap and increasing the number of full-time female employees.  

The definition of key leadership roles will continue to evolve as workplaces become more digitalized. Forward-thinking leaders need to embrace and adopt new innovations, provide employees equal opportunities to grow, work on building a diverse and inclusive team and most importantly, be unafraid of change. 

Posted on

Greg Williams, Editor-in-Chief of WIRED UK: “Organizations Should Be Thinking About the Next Threat”

What is the biggest lesson your organization has learnt from the past year? 

If the answer is that businesses must be prepared for anything, you are not alone.   

Research by McKinsey & Company revealed that agile organizations respond faster to crises. Therefore, creating an agile business culture should be high on every C-level’s list of priorities.  

It is time for leaders to relearn and revamp business strategies, build flexible facets within teams and make full use of new technologies. This begs the question: Is your organization prepared to tackle unprecedented changes and tech-related challenges? 

We speak to Greg Williams, editor-in-chief of WIRED UK and thought leader on future-shaping ideas, trends and technologies; for his take on what organizations should look out for in 2021 and beyond.

 

New Technologies and Opportunities

 

Technology, both a blessing and a curse of the 21st century, perpetually churns out new developments that businesses are struggling to catch up with. Industries are technology-saturated, resulting in overwhelmed leadership teams and employees. 

Williams cuts through the noise and highlights several key trends that will impact companies in the next few years:  

AI will continue to be embedded throughout the organizational value chain, offering new insights and helping enterprises make better decisions. 

By leveraging data and artificial intelligence (AI), companies can improve all stages of their CX journey. For example, Amazon used AI and predictive analytics, before the browsing prospects even made a purchase, to unify data from customers, understand their patterns, predict their next step and recommend products based on their interests. 

Williams also stressed “the decarbonization of economies as automotive becomes electrified, cities become smarter and investors divest from fossil fuels.” 

The World Business Council for Sustainable Development supports Williams’ sentiment, stating that sustained decarbonization is the most effective way to manage climate change. Group CFO of Storebrand, Lars Aasulv Løddesøl, recommends adopting sustainable efforts to ensure long-term financial returns and that it is ultimately “the right thing to do” for any organization.  

Williams states there will be “new forms of automation and we’ll see an opportunity for home technologies” as people spend money on their living environments and on local services.” Home applications with embedded AI and automation features promise both advanced technological appliances and security. Trending home technologies include video door alarms, remote-controlled locks and ultra-modern burglar alarms.  

In addition, 2020 saw “the end of education as we know it, with learning moving online.” However, Williams feels that the social aspects of learning are hard to replicate in a virtual environment. 

 

A Whole New Automated World

 

Williams predicts that “back-office technologies such as RPA and AI-centric customer service will continue to deliver value, as will cloud.” 

PwC estimates that 45% of work activities can be automated with the help of RPA, saving $2 trillion in global workforce costs. The automation of repetitive processes will free up valuable time for managers and employees involved in finance and accounting, HR administration and claims processing, among others.  

Chatbots, the face of AI-centric customer service, have eased the workload of human support teams across industries by addressing common requests and filtering genuine enquiries. This will create “shift away from keyboards as new interfaces begin to have applications both for consumer products and for enterprise,” Williams commented. 

The relevance of cloud technology is undeniable. Microsoft Azure, Amazon Web Services and Google Cloud are three of the most popular cloud platforms in the market, and interviewed CIOs in our Executive Trend Survey are contemplating between the cloud computing services while some are even working with all three of the platforms. 

There is no choice but for organizations to accept and embrace “the gradual presence of automation in the physical world as well as the business operations functions we’re already seeing,” Williams says.  

 

Into the Unknown

 

Post-COVID, the immediate priority for decision makers should be ensuring their digital strategy facilitates effective scenario planning. 

So, what scenario planning strategies should businesses implement? It all boils down to looking ahead and being prepared. Williams strongly suggests all digital strategies should have an “in-built notion of constant uncertainty” moving forward.  

‘The cadence of regular audits of preparedness should now be increased in order to enable organizations to become more fluid and be able to deliver new products and always attune to client and customer needs,” Williams added.  

Even though the climate crisis may seem like a distant issue to many organizations, Williams states “their impacts will be felt throughout society unless urgent action is taken.” Fortunately, some progress has been made with heavy-emitting industries, including BP, Shell, Daimler, and Rio Tinto, taking on more green initiatives through the COVID-19 outbreak.  

Big players in finance and investment are also taking steps to combat climate change. BlackRock, asset manager giant, has pledged to penalize directors of companies that fail to manage environmental risks.  

However, Williams believes that ”we still need some significant technological breakthroughs in areas such as green steel and green concrete.” 

Here’s a staggering statistic: steel production makes up 7% to 10% of total carbon emissions — twice the amount from air travel. According to a recent study by McKinsey & Company, approximately 14 percent of steel companies’ potential value is at risk if their environmental impact remains unchanged. 

German steelmaker, Salzgitter, is already aware of that risk and will be increasing green steel production to a “five-figure” volume this year with increasing demand from the automotive industry and white goods sector.  

Williams says, “all organizations should be thinking about the next threat.” 

Organizations that proactively revise and improve business practices with this mindset stand a better chance of surviving unforeseen obstacles – be it a global pandemic, economic collapse or climate crisis. 

Posted on

How Can CIOs Implement Effective Change Management?

Change management is inevitable in the era of digital transformation — at individual and enterprise levels. Over the past year, organizations across the globe experienced some form of change management out of necessity.

Shona Elliot, best-selling author and executive management & leadership consultant, shared her insights on organizational change management in a recent Transformation Thursday session on Clubhouse hosted by Management Events.  

COVID has completely moved the needle in terms of what change looks like beyond the proper change management processes of the past,” she says.  

 

All eyes are on CIOs to not only spearhead the adoption of new technologies, but to also become leaders in change management. Easier said than done, right? 

The modern CIO may find it difficult to focus their energies on the right areas with so many elements in flux — rapid digitalization, customer expectations, technology advancements, cyber security and shifting go-to-market strategies, among others.  

Therefore, it is essential that CIOs craft change management strategies that can withstand the volatility of current times, as well as help their organizations enable effective transformations in 2021. 

 

CIO: The New Change Agent 

 

Change management is the art of making organizations work well – and continue to work well.” – Michael K. Levine, author of People Over Process: Leadership for Agility. 

CIOs wear many hats; the newest one being an agent of change. Digital advancements have propelled CIOs to the forefront of organizational change. As a key change agent, CIOs now have the responsibility to promote cultural shifts for successful transformation.  

As more IT organizations adopt agile and design thinking methods to align with overall business goals, CIOs must be able to manage the impact of this change successfully. According to Accenture, the efficacy of technical business transformations relies on strong change management leadership to guide teams through this process.  

 

Why is Change Management So Hard? 

 

70%. This is the percentage of change management initiatives that fail to meet their goal. Change management is hard to get right, and CIOs are forced to face the added challenge of a global pandemic and a remote workforce.  

The main reasons why change management efforts fail at enterprise level are: 

 
 

Often, C-levels prioritize technical capabilities over business capabilities when taking on new spending methodology projects. Majority of resources are utilized on data, tools and insights when it should be focused on the business process adaptations that stem from change management principles.  

Organizations must discard the “There’s an app for that!” philosophy where they become too reliant on packaged software applications to drive internal processes. This philosophy leads to the increasing difficulty of educating and convincing employees to use new technological systems, something CIOs should address urgently.

 

What is Change Fatigue? 

 

As humans, our brains are hardwired to resist change.  

According to Elliot, “I’ve heard senior leaders many times in their career say they are just going to be resisting change or a stakeholder group is just going to resist it.”, and nothing can be done except to move forward to something new. In addition, 92 % of participants in a Deloitte survey stated that resistance to change is an expected reaction from employees as well.  

The rapid pace of continuous change at organizations may take a toll on employees, also known as ”change fatigue”. This is on top of the stress caused by the pandemic and health concerns, economic issues and job uncertainty. If not addressed immediately, change fatigue can be a serious inhibitor of digital transformation. 

CIOs must keep this in mind when planning change management strategies. Change fatigue can result in C-level peers and employees becoming frustrated and resentful — which can get in the way of achieving company goals. 

 

What Makes a Good Change Manager? 

 

Forward-thinking change managers must redefine the concept of change management for their organizations. This is supported by Elliot, who recalls leaders with a traditional mindset having an awakening around the importance of their employees and building a people-centric culture.  

It is looking at all of the decisions through the lens of ‘how does this impact our employees and teams?’ and ‘how do we talk to them about it?’  

This shift in mindset will help with creating a simple and effective change management project plan, that should include: 

 
 

Furthermore, a change management project plan should be supported by these strategies

  • Assess change readiness of employees to determine overall stress and morale level as well as openness to change, 
  • Understand how the organization and working culture has been impacted by external events, 
  • Acknowledge the importance of aligning people, technology and processes, 
  • Translate overarching goals and objectives into specific transformational strategies, 
  • Ensure all internal stakeholders and executives are aligned and informed. 

With the rise of remote workforces, change management strategies are likely to succeed when CIOs take the time to utilize digital communication tools to connect with teams within the organization and listen to their concerns.  

Besides that, IT leaders can propel their teams to digital transformation with five pillars of change management success:  

 
 

They can tailor existing change management models to their organization’s needs, such as Lewin’s Change Management model, McKinsey 7-S model and Kotter’s theory.  

 

Why is Change Management Important for CIOs to Understand?

 

Valuable time and resources go into adopting new technologies and processes. Without change management, that time and money go to waste.  

According to Elliot, senior leadership needs to understand all the components to change and craft an approach to help spearhead successful change initiatives. CIOs should also note that change management plans are not a one-person job.  

I look at it as a co-creation model, to be able to include stakeholders that are going to be responsible for delivering the change and include them in the conversation as early as possible.” 

Furthermore, IT leaders who involve employees in designing change management processes are more likely to succeed. Results from a Gartner survey reveal employee engagement and retention rate increased by 38% and 46% respectively with the integration of open source change management.   

A good change manager keeps their employees in mind and closely collaborates with stakeholders when building an impactful change management strategy.

Once seen as an isolated and ongoing project, change management is now reactive and necessary. CIOs must make their mark in the change management landscape and inspire their organization to be excited about change, instead of fearing it.