Harvard Business Review

Subscribe to Harvard Business Review feed Harvard Business Review
Practical insights, tools and resources from leading business thought leaders.
Updated: 47 min 28 sec ago

How Companies Say They’re Using Big Data

April 28, 2017 - 11:00am
Laura Schneider for HBR

Are companies seeing any value to their investments in “big data”? I’ve been surveying executives of Fortune 1000 companies about their data investments since 2012, and for the first time a near majority – 48.4% — report that their firms are achieving measurable results from their big data investments, with 80.7% of executives characterizing their big data investments as “successful.”

Survey respondents included Presidents, Chief Information Officers, Chief Analytics Officers, Chief Marketing Officers, and Chief Data Officers representing 50 industry giants, including American Express, Capital One, Disney, Ford Motors, General Electric, JP Morgan, MetLife, Nielsen, Turner Broadcasting, United Parcel Service, and USAA.

The chart below illustrates the range of big data initiatives that are underway at leading corporations, with expense reduction being the most mature, as measured by the number of initiatives that are underway, with nearly one-half of all executives indicating that they have decreased expenses as a direct result of their investments in big data.

 

However, big data isn’t just being used for cost-cutting. The survey strongly indicates that firms are also undertaking “offensive” efforts that are explicitly intended to change how they do business.  After the initial “quick wins” are wrung from cost-reductions, executives are turning their attention to new ways to innovate using data.

In spite of the investment enthusiasm, and ambition to leverage the power of data to transform the enterprise, results vary in terms of success. Organizations still struggle to forge what would be consider a “data-driven” culture. Of the executives who report starting such a project, only 40.2% report having success. Big transformations take time, and while the vast majority of firms aspire to being “data-driven”, a much smaller percentage have realized this ambition. Cultural transformations seldom occur overnight.

Related Video The Explainer: Big Data and Analytics <span>What the two terms really mean -- and how to effectively use each.</span> See More Videos > See More Videos >

At this point in the evolution of big data, the challenges for most companies are not related to technology. The biggest impediments to adoption relate to cultural challenges: organizational alignment, resistance or lack of understanding, and change management.

Big data is already being used to improve operational efficiency, and the ability to make informed decisions based on the very latest up-to-the-moment information is rapidly becoming the mainstream norm. The next phase will be to use data for new products and other innovations. About half of the executives I surveyed predict major disruption on the horizon, as big data continues to change how businesses operate and compete. Companies that fail to adapt do so at their own competitive and market risk.

Don’t Give Up on Unconscious Bias Training — Make It Better

April 28, 2017 - 10:00am

There’s a growing skepticism about whether unconscious bias training is an effective tool to meet corporate diversity goals. Critics of such training contend that it doesn’t visibly move the needle on diversity numbers, and can even backfire. Some academic studies support this perspective: one longitudinal study found that traditional diversity trainings are the least effective efforts in increasing numbers of underrepresented minorities, while experimental research has shown that presenting evidence that people commonly rely on stereotypes — information often found in diversity trainings — isn’t helpful and can even condone the use of stereotypes. On the other hand, a meta-analysis found that diversity trainings can be effective, depending on many factors including content, length, audience, and accompanying diversity efforts.

Clearly, not all trainings are equally good — and none are a silver bullet. Training is effective only when designed intentionally to achieve discrete, and often narrow, outcomes. Anyone who believes trainings will quickly result in greater demographic diversity will be disappointed. On the other hand, companies that want to motivate employees to engage in new behaviors that complement and accelerate more structural efforts may find thoughtfully designed training to be an effective tool.

As part of our work at Paradigm, we conduct unconscious bias trainings, so perhaps we are a little biased towards them. While initially we were skeptical and declined to offer training, we learned that failing to engage employees as participants in debiasing organizational processes can limit the impact of those efforts. For example, implementing a new interview process, without educating employees on its benefits, inhibits its adoption. It turns out that trainings can be an effective mechanism for educating employees and inspiring behavior change: our post-training surveys indicate that 96% of participants leave intending to engage in behaviors to reduce bias. (This aligns with Google’s findings that participants in its internal training leave with a higher understanding of unconscious bias, and more motivation to mitigate bias, than their untrained peers.) But do employees actually act on these good intentions?

When a global technology company engaged us to train its entire workforce over the course of 2016, we took the opportunity to more thoroughly evaluate the impact of our trainings by surveying employees about their actual behaviors before, immediately after, and as much as eight months following our training. We found that, months after attending the workshop, employees reported engaging in more of the research-backed strategies for mitigating bias highlighted in the workshop than they had prior to the workshop.

So, what made these long-term outcomes possible? By articulating specific and realistic expectations of what our trainings could achieve, and bearing in mind the factors that limit training effectiveness, we developed three evidence-based tenets to guide the design of any unconscious bias training.

1. Strike a careful balance between limiting defensiveness about unconscious bias, while communicating the importance of managing bias. One concern with teaching people about unconscious bias, or talking about diversity efforts more broadly, is that majority group members can become defensive. Training can be designed to reduce defensiveness by explaining that we don’t have unconscious biases because we’re bad people – we have them because we are people. (Note: in this conversation we do not include explicit forms of bias–like racial slurs, antipathy toward others or sexual harassment.) Training can communicate this by highlighting that unconscious bias creeps into all aspects of our lives and decision-making, not simply in ways that negatively impact diversity and inclusion efforts. Although it’s important to reduce defensiveness, some trainings go too far and give the impression that, “we all do this, so it’s okay.” When unconscious bias is simply normalized, people’s actions can be more likely to be influenced by stereotypes. It’s important that training make clear the importance of managing bias and offer strategies to do so.

2. Structure the content around workplace situations. Many unconscious bias trainings draw on social science research, organizing it around psychological phenomena (such as “confirmation bias”) or demographics (“maternal bias”). To make training feel more relevant and memorable, we’ve found it’s better to organize content around specific workplace situations. Research shows that when information is presented in a way that is linked to our current schemas, we are better able to remember it. Our trainings are organized around three specific situations that our participants encounter in their day-to-day work: recruiting and hiring, team dynamics, and career development. In the post-workshop survey given at the global technology company, we asked participants to commit to one action they would take to manage bias. Months later, we found that 41% of respondents remembered their specific commitment, and of those, 91% had made progress in implementing that new behavior.

3. Make it action oriented. Because raising awareness about bias can backfire when not paired with strategies for managing bias, it’s essential that unconscious bias training equip participants with action-oriented strategies. For example, we talk about strategies to increase feelings of belonging, and the importance of defining what qualifications matter before making people-related decisions. Sharing such strategies seems to have long-ranging impacts on participants. One question we asked employees in our training evaluation was whether, when interviewing multiple candidates for the same role, they ask all candidates the same questions. This method of structured interviewing has been shown to promote more objective, less biased decision-making. As much as eight months after our training, employees reported a 25% increase in use of this method. Other employees reported they “stopped giving resumes in advance of tech interviews to reduce bias in expectations of a candidate’s potential ability.” Another shared: “Anytime I witness someone being interrupted, I speak up to ensure that person can voice their input after the person who interrupted them is done speaking.”

We are continuing to improve our efforts to rigorously evaluate trainings. For example, in the research we describe here, we relied on self-reported behavior, rather than more objective measures. Because we were not able to compare training participants to nonparticipants, we can’t conclusively exclude the possibility that our longitudinal results were not influenced by other factors.

But for now, our takeaway is this: unconscious bias training can be a useful component of diversity and inclusion efforts, but only if it’s thoughtfully designed with research in mind and its limitations are well understood. By using the strategies outlined above, organizations can design trainings that engage employees, motivate them to adopt behaviors that mitigate bias, and empower individual diversity advocates within companies. But these outcomes can only take an organization so far. Ultimately it is a commitment to consistently evaluate and innovate organizational processes — including the systems that allow for bias in the first place — that will have the most sustained impact on achieving diversity goals.

Smart Cities Are Going to Be a Security Nightmare

April 28, 2017 - 9:00am

In the fictional world of the video game Watch Dogs, you can play a hacktivist who takes over the central operating system of a futuristic, hyper-connected Chicago. With control over the city’s security system, you can spy on residents using surveillance cameras, intercept phone calls, and cripple the city’s critical infrastructure, unleashing a vicious cyberattack that brings the Windy City to its knees.

Watch Dogs is just a game, but it illustrates a possible “what if” scenario that could happen in today’s increasingly smart cities. Advancements in artificial intelligence and Internet of Things (IoT) connected devices have made it possible for cities to increase efficiencies across multiple services like public safety, transportation, water management and even healthcare.

An estimated 2.3 billion connected things will be used in smart cities this year, according to Gartner, Inc., the technology research and advisory company. That would represent a 42% increase in the number of connected devices since 2016. But the rise of digital connectivity also exposes a host of vulnerabilities cybercriminals are lining up to exploit.

On April 8, hackers set off 156 emergency sirens in Dallas, Texas, disrupting residents and overwhelming 911 operators throughout the day. The number of attacks on critical infrastructure jumped from under 200 in 2012 to almost 300 attacks in 2015. As smart cities move from concept to reality, securing their foundation will become a top priority to ensure the safety of our digitally connected communities.

Insight Center

Simply put, smart cities rely on interconnected devices to streamline and improve city services based on rich, real-time data. These systems combine hardware, software, and geospatial analytics to enhance municipal services and improve an area’s livability. Inexpensive sensors, for example, can reduce the energy wasted in street lights or regulate the flow of water to better preserve resources. Smart cities rely on accurate data in order to properly function. Information that has been tampered with can disrupt operations — and constituents’ lives — for days.

Several cities have adopted smart technologies, applying artificial intelligence to accelerate their transition into the future. In Barcelona, smart water meter technology helped the city save $58 million annually. In South Korea, one city cut building operating costs by 30% after implementing smart sensors to regulate water and electricity usage. With the global IoT footprint expected to surpass 50 billion connected devices by 2020, urban communities will need to strengthen existing cybersecurity protocols and disaster recovery methods to counter hackers searching for opportunities to wreak havoc.

As smart city infrastructure proliferates, the stakes for protecting these digital foundations will only get higher. While investment in smart technology has gone up, many of these innovations are deployed without robust testing and cybersecurity is often neglected.

For example, cities currently using a supervisory control and data acquisition (SCADA) system, are particularly susceptible to frequent hacks due to poor security protocols. Though SCADA systems control large-scale processes and unify decentralized facilities, they lack cryptographic security and authentication factors. If a hacker targets a city’s SCADA system, they could threaten public health and safety, and shut down multiple city services from a single entry point.

Simple computer bugs can also cause significant glitches in control systems, leading to major technical problems for cities. Once hackers invade smart city control systems, they can send manipulated data to servers to exploit and crash entire data centers. This is how hackers gained access to an Illinois water utility control system in 2011, destroying a water pump that serviced 2,200 customers. Not only do these breaches disrupt daily operations for residents, they can be costly to remedy. A hypothetical hack that triggers a blackout in North America is estimated to leave 93 million people without power and could cost insurers anywhere from $21 billion to $71 billion in damages.

The inevitability of cyberattacks is a lesson the private sector has learned the hard way. As cities adopt smart initiatives, they’d be wise to make data security a priority from the outset. In addition to physically securing facilities controlling power, gas and water, city planners should also implement fail safes and manual overrides in all systems and networks. This includes forcibly shutting down potentially hacked systems until security experts have the opportunity to resolve vulnerability issues. Encrypting sensitive data and deploying network intrusion mechanisms that regularly scan for suspicious activity can also protect against hackers trying to breach control systems remotely.

Smart cities can increase productivity and efficiencies for citizens, but they have a serious problem when security is underestimated. As local governments pursue smart initiatives, realizing the full potential of these digitally connected communities starts with implementing cybersecurity best practices from the ground up.

Returning to Work When You’re Grieving

April 28, 2017 - 8:05am

The death of a loved one can be devastating. And while many companies provide bereavement leave, the leave is often only three to five days. Some of us are fortunate to be able to reduce work hours or quit work altogether for a while. Others have a manager who gives us unofficial time off. Even so, many of us must go back to work well before we’re ready.

Grief can be isolating because people don’t know how to connect with you when you come back to work, or when you experience setbacks from time to time. Because of this, you’re likely to face some challenges, particularly in how to deal with your personal grief while remaining productive and and how to deal with your colleagues, especially when they respond in a way that’s jarring.

Over the last year, my brother, my mother, a close friend, and six relatives died. My experience, as well as hearing from others who have lost people close to them, has helped me to think about ways to tackle common situations at work when you return after the death of a loved one. You may not be able to control what your coworkers say, but you can make your reactions work to your benefit. From answering difficult questions in a way that you’re comfortable to stopping awkward conversations in their tracks, here are a few tips to consider when facing colleagues after a loss.

Expect to be surprised. Support, and lack of it, can come from unexpected sources. Death and grieving are difficult topics at best, and the experience is unique for each person. You’ll see a range of reactions from your colleagues, from acting as though nothing had happened, to offering condolences in private, to publicly offering help and asking morbidly curious questions. Knowing that you’ll experience a variety of reactions can help you prepare a range of ways that you might respond to your colleagues.

You and Your Team Series Stress

Control what you do, and don’t, want to share. Don’t force yourself to share when you’re not ready. Just because someone asks you a question doesn’t mean you have to answer it. You might want to talk through the details of what happened, but if not, think through short answers to probing questions. These answers might provide brief facts or simply say, “Thank you for your questions, but I’m unable to answer them right now.” Or you can direct the conversation to something you can talk about — for example, “I’d rather talk about what my mom meant to me than the specifics of her last few weeks.”

You might not always realize this during a conversation, but you can use what you learn to proactively discuss a topic the next time it comes up. Six months after my brother died, an acquaintance wanted to talk to me about her brother’s illness. I was fine during our conversation, but I woke up the next morning feeling traumatized. The next time someone wants to talk to me about their brother’s health, I might instead try saying, “I’m still feeling raw from having lost my brother. Is there a way I can support you without going into the specific challenges of your brother’s condition?”

Appoint an ambassador. You may not want to talk about things at all — or at least not in public or in the middle of a workday. Make your wishes known to a trusted colleague and enlist their help in communicating with the rest of the office. As things change, keep your ambassador updated so they can make your latest preferences known to others.

When I knew I had to teach a leadership class while my mother was in her last days, I emailed one of my cofacilitators ahead of time to let them know I might need to leave early. I also said, “While teaching the class, it will be too difficult for me to talk about my mom. I appreciate and know that you care about me. One way to support me when we’re teaching the class is to not talk to me about my mom. Please also let Shannon and Lisa know, as it’s difficult for me to communicate with too many people right now. I’d love to connect after our session is over.” This statement let them know when would be best for them to talk to me and ensured I didn’t have to worry about how to respond in a public setting when I needed to focus on getting a job done.

These three steps can help you control some of the external factors that you may face upon your return to work, but your personal and emotional needs are just as important to take into account. Consider these tips to help you take care of yourself in the workplace.

Create pauses. Grief saps your energy. There are days when you might feel capable of performing any task but your energy may not last long. A colleague of mine says that she’s had to tell herself, “This is the new normal,” moving her mind into a world where her loved one is no longer alive and where she relates to her surroundings differently. If possible, give yourself space between meetings and interactions with others. Use those times to catch up if you’re feeling productive or to care for yourself by going for a walk, doing breathing exercises, or meditating. Such pauses help you pace yourself so you can last the day and even the week.

Find a sanctuary. There are times when you might want to burst into tears or just escape for a while. Before you return to work, think of a private space where you can recoup. My car is my sanctuary. I have a pillow in case I need to take a nap, plenty of water, and a box of my favorite salted caramel truffles.

Carry tissues. You are likely to tear up when you least expect it, so keep tissues handy. People will understand because they know you’re grieving. At least with tissues you’ll be spared the embarrassment of sniffles and a runny nose during a business meeting.

Create a comfort box. Keep tiny items of comfort close by. A couple of months after my brother died, my friend Caron repurposed a chocolate box, decorating it and calling it Sabina’s Sunshine. She invited my friends to write notes about what they appreciated about our friendship and put them in the box. I have my box of sunshine next to me at my office desk. When I’m feeling particularly sad, or before a challenging meeting, I open the box and read a note. After my mother died, I asked my friends for objects they could contribute to a comfort box that kept one of my five senses occupied: essential oils, chocolate, beautiful pictures, fabrics with different textures, chimes, and so on.

Create a checklist and ask for help. A common side effect of grief is being spacey. You may forget things and make more mistakes than you usually do. Write down things that you usually don’t bother to. For important deliverables, create a detailed checklist; check it twice or ask a coworker to check your work for you.

Going to work while grieving is difficult — on you and on your coworkers. Anticipating others’ reactions and creating a planthat includes flexible solutions before you go back to work will help reduce the stress of returning to a professional environment, while still giving yourself the space to grieve.

Sheryl Sandberg and Adam Grant on Resilience

April 27, 2017 - 4:33pm

Facebook COO Sheryl Sandberg talks about returning to work after her husband’s death, and Wharton management and psychology professor Adam Grant discusses what the research says about resilience. In this joint interview, they talk about how to build resilience in yourself, your team, and your organization. They’re the authors of the new book, Option B: Facing Adversity, Building Resilience, and Finding Joy.

Download this podcast

A Scorecard to Help You Compare Two Jobs

April 27, 2017 - 12:00pm

You have a big career decision to make. Maybe you’ve been offered an exciting new opportunity — on the other side of the country. Or maybe you’ve been unhappy in your job and need a change — but haven’t been able to find inspiring alternatives.

Several of the professionals I’ve coached share a common struggle: how to make major decisions that balance career growth with satisfaction in other domains of their lives. While it’s often easy to see the impact a certain choice will have on objective criteria such as duties, position, prestige, salary, and opportunities for advancement, evaluating the “softer” considerations is tougher. But things like cultural fit, the quality of interactions with colleagues, ability to exert influence, and impact on family and social life, all deeply affect how personally satisfied someone feels with their work.

To help my clients take an objective look at decidedly subjective considerations, I’ve developed a tool that allows them to quantify and visualize the pros and cons of various choices  taking into consideration the impact each would have on matters of both heart and head.

Here’s how I used it with a physician I’ll call Dinesh. He was feeling stuck trying to decide whether he should continue working in his current position at a prestigious academic medical center, which he truly enjoyed, or accept an exciting leadership position at a nearby community hospital. Dinesh was weighing some pretty standard “head” issues of salary, resources, leadership potential, commute, and call schedules. But he knew this was a huge change and needed to evaluate the more feelings-based issues such as how much would he would enjoy his new colleagues, have the flexibility to manage his workload, and be able to prioritize family time, etc. Some of his “heart” issues also included his self-image as it related to “just” being a busy, highly regarded clinician vs. being seen as a leader with broader influence beyond his own patient care responsibilities.

We started by listing all the factors he was considering and the relative importance of each, on a scale of 1-5, so Dinesh could see how they related to one another, shown on the graphic below. Under the Current Hospital and the New Hospital headings is the score he assigned each choice regarding how good it would be for each factor, again rated on a scale of 1-5. We then multiplied the rating by the importance and added the total for each factor to derive a weighted total score for each job option.

 

And a very interesting happened. While the Current Hospital job scored higher overall, viewing the scores in this way made it possible to see that the relative downsides of the new job were likely temporary. Even though it confirmed his gut feeling that his day-to-day life in the short term was better at his current job, his potential for career growth over the long haul was greatly enhanced by taking the job at the community hospital. The issues that decreased quality of life at the community hospital were mainly related to workload, protected time, and flexibility of schedule – considerations that would likely have a negative impact on his family life. He also realized that a promotion of this magnitude would be very unlikely to materialize in his home institution. By having a tool that allowed him to visualize the relative impact of each factor, he was able to see that he’d likely be better off at the community hospital after the first year once he’d finished recruiting new physicians who could share the workload, a concept that was hard to grasp by just thinking things through without a structured framework.

You and Your Team Series Career Transitions

Another client, whom I’ll call Martha, had always been in management and needed a change from her current position. She was looking at executive roles in other organizations as well as fundraising opportunities, but wasn’t getting jazzed about any of these options. I suggested she complete a similar decision grid comparing the options she was currently considering. The result surprised us both: looking at the completed grid, she could plainly see that each option scored very low. Martha felt dispirited, worried that no job that would truly satisfy her. When I asked her what kind of job would satisfy her most highly weighted factors such as taking advantage of her natural talents, providing opportunities to help people in the moment, and being active and on her feet, she finally uncorked the true desire that she’d kept buried for years beneath a pile of “shoulds.” In her heart of hearts, she’d always wanted to be a nurse. However, the few times she’d confided this desire with someone, they told her she’d have more success as an executive. But after completing this exercise, her true career passion was undeniable. Her heart was pulling her hard into nursing even though her head told her it would be costly to go back to school and difficult to let go of the prestige factor of her management career.

But once she put nursing on the table for consideration, we were able to address her concerns one by one. There was a way to marry her heart’s desire with her head’s abilities to have it all — eventually. There are numerous leadership roles available within the nursing field that will provide rich career opportunities down the road. While she pursues that long-term goal, she is enjoying her volunteer work in a nearby emergency department where she confirms each day that working in a hospital is the place for her. No prestigious management job or huge paycheck could give her more satisfaction than she receives from her patients’ grateful smiles when she provides comfort just when they need it most.

The intangible parts of a job  autonomy, collegiality, prestige, purpose  can make an even bigger impact on our overall well-being than the easy-to-count factors like salary, benefits, and vacation time. To avoid undercounting the “soft” factors, try translating them into hard numbers. The way they add up might surprise you.

What If Investors Who Held Their Shares Longer Got More Voting Power?

April 27, 2017 - 11:00am

Joe Bower and Lynn Paine “had me at hello” (to quote Jerry Maguire) with their new HBR article, “The Error at the Heart of Corporate Leadership.” Laying out their data, they find that long-term oriented companies create more financial value and more jobs. In fact, if more American companies were focused on the long term, they estimate, investors would have an additional $1 trillion, workers would have an additional 5 million jobs, and the country would have more than an additional $1 trillion in GDP.

I agree with their vision of a future in which more companies focus on the long term and become more productive for the world (their findings accord with my own work on the dangers of short-termism). But I long for actions that go beyond admonitions to managers and boards to do better, that give both parties a better chance to stand up to capital markets players, like activist hedge funds, pressuring them to become too short-term focused. While no one thing can or will drive the transformation, there is one change that I think is doable and would make a real difference: holding-period-based voting rights.

My basic premise is that corporations need to make capital investments that take years — not months, weeks, days, minutes or seconds — to pay out. Hence they need capital that is with them for longer rather than shorter periods. One capital form is debt: a bond. Bonds give the debtor certainty over its ability to use the capital for a fixed period of time (unless there is a call provision written into them). Common equity is supposed to be even longer term – once it is given to the company, it notionally has the capital forever.

However, unlike a bond, common equity is not long-term/forever on predetermined, immutable terms. Because anybody can buy that equity on a stock market without permission of the company, buyers can fundamentally change the terms of that equity investment. An activist hedge fund, for example, can exert massive pressure to change the strategy and/or investment approach of the company based on its ownership of a sufficient share of the company’s equity.

Related Video The Refresher: Net Present Value Next time you're deciding about a big investment, NPV can help you make a more informed decision.

See More Videos > See More Videos >

For the creation and deployment of strategy, long-term capital is more valuable than short-term capital, plain and simple. If you give me $100 but say that you have the right to take it back or change the pattern of its usage with 24 hours notice, it isn’t nearly as valuable to me as if you say I can use it for 10 years for the purpose for which we agree it is intended before I am allowed to assist on any change in purpose or to ask for it back.

While not fully analogous, if Singapore sovereign wealth fund Temasek holds its equities for, say, 8 years on average while quantitative arbitrage hedge fund Renaissance Technologies holds them for milliseconds at a time, the Temasek capital is more valuable than Renaissance’s. And arguably, the capital of Renaissance is more valuable than “activist hedge funds” Triac or Pershing Square who will jerk around your strategy with one thing in mind – short-term trading gains.

The fundamental difference in value to the company notwithstanding, those equity dollars invested are given exactly the same rights.

Instead, we should adopt holding-period based voting rights. Each common share should give its holder one vote per day that holder has owned the share – up to 3,650 days or 10 years. So if you hold 100 shares for 10 years, you get to vote 365,000 shares. If you sell your shares to an activist hedge fund (or anybody else), they get 100 votes the day they buy the shares. If its intention is to become a long-term holder, eventually it will get 365,000 votes. If it is Pershing Square, the interests of the investors who have provided the company with more valuable capital will swamp its influence — appropriately.

The adoption of holding-period based voting rights would provide long-term shareholders with the reward they deserve for providing the most valuable kind of capital. And it would make it extremely hard for the Pershing Square’s of the world to take over effective control of companies because the minute they acquire a share, its voting rights get reduced to a single vote. This would frustrate the “arbs” (arbitrageurs) who make their returns by buying up shares and hoping to sell to the acquirer at the time of their successful takeover bid.

Critics of this idea argue that it would simply ensconce bad management. No, it wouldn’t change investors’ incentives one iota. Currently investors sell their economic ownership of a share along with one voting right to the arbs or the activists if they are unhappy with management. Under holding-period based voting rights, they sell their economic ownership of a share along with one voting right to the arb/activist if they are unhappy with management. There is no difference whatsoever.

However, if a lot of shareholders are happy with management and the activist wants to make a quick buck by gaining enough voting control to force the company to sell assets, cut R&D investment, or anything else bad for its future, this will reduce the ability of the activist to collect enough voting rights to force management to make short-term decisions.

There is no cost to anybody other than the investors in hedge funds. For everybody else in the system, it is an improvement.

Why Do IoT Companies Keep Building Devices with Huge Security Flaws?

April 27, 2017 - 9:00am

Earlier this year an alarming story hit the news: Hackers had taken over the electronic key system at a luxury hotel in Austria, locking guests out of their rooms until the hotel paid a ransom. It was alarming, of course, for the guests and for anyone who ever stays at a hotel. But it came as no surprise to cybersecurity experts, who have been increasingly focused on the many ways in which physical devices connected to the internet, collectively known as the internet of things (IoT), can be hacked and manipulated. (The hotel has since announced that it is returning to using physical keys.)

It doesn’t take a great leap to imagine an IoT hostage scenario, or all of the other ways hackers could wreak havoc with the networked objects we use every day. Smart devices permeate our homes and offices. Smoke detectors, thermostats, sprinklers, and physical access controls can be operated remotely. Virtual assistants, televisions, baby monitors, and children’s toys collect and send data to the cloud. (One of the latest toy breaches, involving CloudPets teddy bears, is now the subject of a congressional inquiry.) Some smart technologies can save lives, such as medical devices that control intravenous drug doses or remotely monitor vital signs.

Insight Center

The problem is that many IoT devices are not designed or maintained with security as a priority. According to a recent study by IBM Security and the Ponemon Institute, 80% of organizations do not routinely test their IoT apps for security vulnerabilities. That makes it a lot easier for criminals to use IoT devices to spy, steal, and even cause physical harm.

Some observers attribute the failure to the IoT gold rush, and are calling for government to step in to regulate smart devices. When it comes to cybersecurity, however, regulation can be well-intentioned but misguided. Security checklists that are drafted by slow-moving government bodies can’t keep up with evolving technology and hacking techniques, and compliance regimes can divert resources and give a false sense of security. Add up all the different federal, state, and international agencies that claim a piece of the regulatory pie, and you get a mishmash of overlapping requirements that can confuse and constrain companies — but leave hackers plenty of room to maneuver.

The Obama administration pushed regulatory proposals for cybersecurity infrastructure in its early years, but eventually pivoted to a more effective risk-management approach. This was embodied by the widely acclaimed National Institute of Standards and Technology (NIST) Cybersecurity Framework, which was developed in collaboration with the industry and provides risk-based guidance and best practices that can be adapted to an organization of any size or profile. Early signs are that the Trump administration plans to continue the NIST approach.

A wise next step would be to build on that success and develop a similar framework for IoT. Rather than trying to dictate specific controls for a diverse, growing set of technologies, the framework could harmonize international best practices for IoT and help companies prioritize the most important security strategies for their organization. This is essentially what the bipartisan Commission on Enhancing National Cybersecurity recommended to the new administration in December. A framework could also serve as a much-needed coordination point for a number of fragmented IoT efforts currently under way in federal agencies.

It would be a mistake, however, for the IoT industry to wait for governments to step in. The problem is urgent, and it will become even more so as new IoT attacks come to light, as they certainly will. IoT providers can demonstrate that they are serious about security by taking some basic steps.

First, security and privacy should be incorporated into design and development. Most security testing of IoT devices occurs in the production phase, when it is too late to make significant changes. Planning and investment up front can go a long way. For example, many IoT devices share default user names and passwords that are well known and can be found with a quick Google search. Because most consumers do not change those settings, products should be designed to ship with unique credentials, or require users to set new credentials upon first use. This would thwart the easiest and most widespread method of compromising IoT devices. Just last fall, hackers used known factory credentials to infect thousands of DVRs and webcams with the Mirai botnet, which was used to cause massive internet outages.

Second, IoT devices should be able to receive software updates for their entire life span. New software vulnerabilities are often discovered after a product is released, making security patching critical to defend against threats. If there are limits to the length of time that updates can reasonably be provided, then the product should be clearly labeled with an “expiration date,” past which security will no longer be maintained.

Third, transparency to consumers should be improved. Unlike mobile phones and computers, IoT devices often operate without human supervision or visibility. Many of these objects lack screens to display messages. As with other types of product recalls, owners need to be notified when the device has a security issue and told how to apply security updates. When IoT devices are resold, there should be a simple way to conduct a factory reset to erase data and credentials. For example, IBM Security recently demonstrated how sellers of used cars can retain access to vehicles’ remote functions (like geolocation) without buyers being aware.

It is still early days in the world of IoT, but it’s a fast-moving world, with billions of new devices being connected every year. And the window on building a trustworthy ecosystem is closing. Will others follow the Austrian hotel’s example, disconnecting when their devices, and their trust, are breached? The IoT industry should not wait to find out. We can either invest now in securing that trust, and safely enjoy the benefits of this remarkable technology, or we can expect hackers to wreak more havoc and governments to intervene in a heavy-handed manner.

How to Act Quickly Without Sacrificing Critical Thinking

April 27, 2017 - 8:05am

An unbridled urgency can be counterproductive and costly. If you’re too quick to react, you can end up with short-sighted decisions or superficial solutions, neglecting underlying causes and create collateral damage in the process.

But if you’re too deliberative and slow to respond, you can get caught flat-footed, potentially missing an opportunity or allowing an emergent challenge to consume you.

To balance these two extremes, you need reflective urgency — the ability to bring conscious, rapid reflection to the priorities of the moment — to align your best thinking with the swiftest course of action. In my work, coaching leaders at every level through a variety of management dilemmas, I’ve developed three strategies to practice reflective urgency:

Diagnose your urgency trap. To get started, you need to identify what’s limiting your quality thinking time — the habitual, unconscious, and often counterproductive ways that you push harder to get ahead when you feel the pressure of too many demands.

Common urgency traps include: ending one meeting prematurely, only to rush to the next one with more unfinished business; multitasking during work that requires your complete presence and full attention, which only diminishes the quality and accuracy of your output; saying yes to projects that dilute your contribution and burn your energy, when selectively saying no is the wiser choice. Traps like these keep you stuck in triage mode. In this mindset, taking time out to reflect on your intentions and actions feels like a luxury you can’t afford.

Related Video Identify Your Thinking Style It depends on two factors.

See More Videos > See More Videos >

But if you’re able to spot your trap, then you can stop the self-defeating habits that keep you in a constant state of elevated urgency.

For example, Jenna was a new manager struggling to adjust to the dueling pressures of delivering her own work, while keeping the team accountable for theirs. Trying to get it all done without any drop in performance, her urgency trap was an involuntary shift to extreme command-and-control. In her words, “Everything felt like an urgent crisis, so I acted like it was.”

This mindset triggered knee-jerk reactions to overinvolve herself in delegated work and to communicate harshly by bottom-lining every email, one-on-one conversation, and team discussion. The result was that her team felt increasingly micromanaged and less engaged in their contributions. And because Jenna’s conversations were all rushed and impersonal, she failed to deepen relationships and establish trust within the team.

To stop leading with such an acute sense of urgency, Jenna made two changes. First, she got better at learning from her own experience. When demand spiked and she felt the instinct to control things as a means of staying ahead of the curve, she got out of her own way and followed through on previous delegation. Before sending an email to demand a progress update, she paused to review the timeline and task completion agreement already in place. This helped her avoid micromanaging the team, and it freed up time for her to focus on the big picture.

Second, Jenna implemented a new communication habit to shift her leadership presence from cold and excessively direct to engaging and supportive. Before each conversation or meeting, she quietly considered two questions: What impact do I want to have on my team right now? When I walk out of the room, what words do I want them to use to describe my influence? For Jenna, these two questions were straightforward enough to start applying immediately. The reflective act of pausing, to review delegation agreements and to consider her communication impact, was enough to jolt her out of the autopilot mode fueled by her urgency trap.

Once you diagnose your own urgency trap, you can bring the same thoughtful reflection to your critical moments to disrupt the pattern.

If you’re unaware of what your trap is, answer the following prompt to explore it: “When the demands I face increase and my capacity is stretched thin, a counterproductive habit I have is….” Once you pinpoint the initial behavior, the unproductive thinking that holds it in place will be evident.

Bring focus to the right priorities. Another problem is the unconscious tendency to focus on less important work, because we enjoy it or we’re good at it, at the expense of our highest priorities. Chris Argyris, the influential MIT professor and organizational thinker, showed how routine behaviors like this can become accepted norms when we fail to recognize and challenge ourselves to address them.

This was true for Marcus, a senior leader who developed a habit of obsessing over administrative tasks. The busier he got, the more he slipped into tactical mode, in order to get things checked off his to-do list as quickly as possible. It helped him feel productive, but failing to delegate these tasks meant he never had time to focus on longer-term, strategic issues.

To shift this pattern, Marcus applied a quick reality test during pivotal moments of transition throughout his day. The task was to fill in the blanks to complete this sentence: “I’m tempted to work on…, but I know I should focus on…”

On the surface, this question seems obvious. But for Marcus, it was precisely the simplicity and ease of application that helped him combine reflection with quick action. The thoughtfulness embedded in the statement triggered a deliberative choice, one dictated not by the urgencies of the moment or easy tasks that felt gratifying to accomplish, but by his honest assessment of his highest priorities.

Avoid extreme tilts. In a perfect world, you would fluidly pivot from reflection to action, but that’s not the world you inhabit. You cannot reduce the demands you face, nor can you afford to attack them with the reckless abandon of unchecked urgency. But you can recognize that not every issue requires the same approach. Depending on the situation, you can consciously, and subtly, turn down or dial up the required elements of reflection and urgency.

Haruto was the VP of sales for a technology company. In the midst of a major new product launch, he knew that he had to think very carefully about his team’s strategy, but the pressure of impossible deadlines was constant. As a result, Haruto vacillated between the extremes of thoughtful reflection and urgent action. On some issues he flexed toward too much deliberation, got lost in the details, and became bogged down with analysis paralysis. As a result, he appeared aloof and indifferent to others, and his response to emerging issues was slow and ineffective. But with other issues, he swung toward urgency. With a mindset of “react first, think later,” Haruto spent more time cleaning up his hasty decisions than he did making them.

Haruto recognized that he needed to stop the pendulum swing and focus more on the subtle tilts toward greater urgency in some cases and a reflective stance in others. To do this, he used a 60/40 breakdown as a logic model to increase his situational agility. For each initiative, he assessed whether success relied more on urgent action or thoughtful reflection. If he determined that a 60% focus on action was required (e.g., for tactical, routine work), Haruto would shrink the time and attention devoted to the work in order to favor efficiency. But if deliberation mattered more and action was only valued at 40% (e.g., for relationship-defining moments, innovation-specific work, etc.), he expanded the time and deepened his focus to allow for dynamic thinking.

In some cases this was as simple as adding 20 minutes to an agenda to avoid the temptation to rush and leave half-considered issues on the table. In other instances it was a matter of scheduling shorter meetings, or setting self-imposed timelines to not get lost in the weeds.

As you evaluate your daily responsibilities, avoid the temptation to treat every initiative the same. Knowing that you need the best of both — and that a perfect 50/50 split is unrealistic — make the subtle tilts toward reflection and action as needed to get the balance right.

Like Jenna, Marcus, and Haruto, you can take these steps, at any time and in any sequence, to increase your capacity for reflective urgency. When you combine these microreflections with a heightened sense of urgency, your decisiveness and speed to impact will not be at the mercy of the counterproductive habits and unconscious oversights that occur when you act without your best thinking.

What Separates Goals We Achieve from Goals We Don’t

April 26, 2017 - 12:00pm

The importance of delaying gratification is universally recognized. Being able to forgo immediate benefits in order to achieve larger goals in the future is viewed as a key skill. For example, consider the classic “marshmallow test” experiment: children’s ability to delay eating one marshmallow so that they can get two marshmallows later is linked to a number of positive life outcomes, including academic success and healthy relationships.

But wouldn’t immediate benefits also help us follow through on our long-term goals? To explore this question, we conducted five studies, surveying 449 people, including students, gym-goers, and museum visitors. They reported their ability to persist in their long-term goals. They also told us whether they experienced immediate and delayed benefits when working towards these goals. Our paper was published in the Personality and Social Psychology Bulletin.

In one study, we asked people online about the goals they set at the beginning of the year. Most people set goals to achieve delayed, long-term benefits, such as career advancement, debt repayment, or improved health. We asked these individuals how enjoyable it was to pursue their goal, as well as how important their goal was. We also asked whether they were still working on their goals two months after setting them. We found that enjoyment predicted people’s goal persistence two months after setting the goal far more than how important they rated their goal to be.

Related Video How Successful People Reach Their Goals Heidi Grant Halvorson, author of "Nine Things Successful People Do Differently," shares four proven tactics for setting and achieving your goals — no matter how distant they may seem. See More Videos > See More Videos >

Yet people overestimated how much delayed benefits influenced their goal persistence. When we asked people what would help them stick with their goal in the upcoming months, they believed both immediate and delayed benefits—enjoyment and importance—mattered for their success. In actuality, delayed benefits had less influence on persistence; they mainly played a role in setting the goal in the first place.

We found this pattern—immediate benefits are a stronger predictor of persistence than delayed benefits—across a range of goals, in areas including fitness, nutrition, and education. In one study, we measured the number of minutes gym-goers spent exercising on a cardio machine. We also asked them how much they cared that their exercise improved their health (delayed benefit) and was fun (immediate benefit). Gym-goers who cared more about having a fun workout exercised longer than those who cared less about having fun. Caring more about the delayed health benefits of their exercise, such as staying fit, did not affect how many minutes they spent on a cardio machine.

A similar pattern appeared in another study we conducted measuring adherence to healthy habits over time. We approached Chicagoans who were visiting a museum and asked them to rate how much they enjoyed exercising, as well as how many hours per week they exercised over the last three months. Those who rated exercising as more fun exercised more each week over that period. The extent to which these people thought exercising was important for their health goals did not predict the amount of time they spent exercising over that period. Although people reported that exercising was both important and fun, importance did not predict their exercise behavior; having fun did.

We also asked these same museum visitors about their healthy food consumption. They rated the tastiness and importance of eating green vegetables and reported their weekly vegetable consumption. People who really liked the taste of vegetables also reported eating more servings over a one-week period. However, rating green vegetables as more important for their health did not lead to greater consumption.

This effect also appeared when we looked at University of Chicago students’ persistence in studying. Most students study to receive delayed benefits, such as good grades. But studying can also provide enjoyment if the topic is interesting. We asked students working at the University of Chicago library how much they enjoyed their study materials and how important their study materials were for success in their classes. Whereas those who enjoyed their materials more spent more time studying, there was no relationship between the importance of the materials and time spent studying. Even though students study because it is important, this is not what predicted their study behavior.

Harness Immediate Benefits to Increase Your Persistence

How can we use these findings to help people follow through with important goals? Other research we conducted, through four experiments and a sample of 800 students and adults, offers three strategies:

First, factor in enjoyment when choosing which activity to pursue to achieve your goals. For example, choosing a weight-lifting exercise based on enjoyment led gym goers to complete more repetitions of their exercise. On average, they completed 52% more repetitions of the exercise they selected based on enjoyment versus one they selected based on effectiveness. So, if you want to work out more, select a fitness class that you enjoy. If you want to succeed at work, find a work task or a work environment that you enjoy. And if you want to eat healthier, build a diet plan around healthy foods you actually like to eat.

Second, give yourself more immediate benefits as you pursue long-term goals. We found that high school students worked longer on a math assignment when they listened to music, ate snacks, and used colored pens while working. Immediate benefits make difficult tasks seem less like work and more like fun. Making activities more enjoyable, by listening to music while exercising or working in your favorite coffee shop, may help you persist in your goals.

Third, reflect on the immediate benefits you get while working toward your goal. For example, we found that people ate almost 50% more of a healthy food when they focused on the positive taste, compared with another group that focused on the health benefits. When you are pursuing a goal, seeking out the positive experience—to the extent that it offers one—may aid your persistence.

Setting a goal is the first step toward achieving the delayed outcomes you want. Yet, forgoing immediate outcomes or daily pleasures can undermine these goals. By making the experience more rewarding in the moment, you’ll have a better chance at success.

How Banks Can Compete Against an Army of Fintech Startups

April 26, 2017 - 11:00am

It’s been more than 25 years since Bill Gates dismissed retail banks as “dinosaurs,” but the statement may be as true today as it was then. Banking for small and medium-sized enterprises (SMEs) has been astonishingly unaffected by the rise of the Internet. To the extent that banks have digitized, they have focused on the most routine customer transactions, like online access to bank accounts and remote deposits. The marketing, underwriting, and servicing of SME loans have largely taken a backseat. Other sectors of retail lending have not fared much better. Recent analysis by Bain and SAP found that only 7% of bank credit products could be handled digitally from end to end.

The glacial pace at which banks have moved SME lending online has left them vulnerable. Gates’ original quote contended that the dinosaurs can be ”bypassed.” That hasn’t happened yet, but our research suggests the threat to retail banks from online lending is very real. If U.S. banks are going to survive the coming wave in financial technology (fintech), they’ll need to finally take digital transformation seriously. And our analysis suggests there are strategies that they can use to compete successfully online.

Lending to small and medium-sized businesses is ready to move online

Small businesses are starting to demand banking services that have engaging web and mobile user experiences, on par with the technologies they use in their personal lives. In a recent survey from Javelin Research, 56% of SMEs indicated a desire for better digital banking tools. In a separate, forthcoming survey conducted by Oliver Wyman and Fundera (where one of us works), over 60% of small business owners indicated that they would prefer to apply for loans entirely online.

In addition to improving the experience for business owners, digitization has the potential to substantially reduce the cost of lending at every stage of the process, making SME customers more profitable for lenders, and creating opportunities to serve a broader swath of SMEs. This is important because transaction costs in SME lending can be formidable and, as our research in a recent HBS Working Paper indicates, some small businesses are not being served. Transaction costs associated with making a $100,000 loan are roughly the same as making a $1,000,000 loan, but with less profit to the bank, which has led to banks prioritizing SMEs seeking higher loan amounts. The problem is that about 60% of small businesses want loans below $100,000. If digitization can decrease costs, it could help more of these small businesses get funded.

New digital entrants have spotted the market opportunity created by these dynamics, and the result is an explosion in online lending to SMEs from fintech startups. Last year, less than $10 billion in small-business loans was funded by online lenders, a fraction compared to the $300 billion in SME loans outstanding at U.S. banks. However, the current meager market share held by online lenders masks immense potential: Morgan Stanley estimates the total addressable market for online SME lenders is $280 billion and predicts the industry will grow at a 47% annualized rate through 2020. They estimate that online lenders will constitute nearly a fifth of the total SME lending market by then. This finding confirms what bankers fear: digitization upends business models, enabling greater competition that puts pressure on incumbents. Sometimes David can triumph over Goliath. As JPMorgan Chase’s CEO, Jamie Dimon, warned in a June 2015 letter to the bank’s shareholders, “Silicon Valley is coming.”

Can banks out-compete the disruptors?

Established banks have real advantages in serving the SME lending market, which should not be underestimated. Banks’ cost of capital is typically 50 basis points or less. These low-cost and reliable sources of funds are from taxpayer-insured deposits and the Federal Reserve’s discount window. By comparison, online lenders face capital costs that can be higher than 10%, sourced from potentially fickle institutional investors like hedge funds. Banks also have a built-in customer base, and access to proprietary data on depositors that can be used to find eligible borrowers who already have a relationship with the bank. Comparatively, online lenders have limited brand recognition, and acquiring small business customers online is expensive and competitive.

But banks’ ability to use these strengths to build real competitive advantage is not a forgone conclusion. The new online lenders have made the loan application process much more customer-friendly. Instead of walking into a branch on Main Street and spending hours filling out paperwork, borrowers can complete online applications with lenders like Lending Club and Kabbage in minutes and from their laptop or phone at any hour of the day. Approval times are cut to days or, in some cases, a few minutes, fueled by data-driven algorithms that quickly pre-qualify borrowers based on a handful of data points such as personal credit scores, Demand Deposit Account (DDA) data, tax returns, and three months of bank statements. Moreover, in instances where borrowers want to shop and compare myriad options in one place, they turn to online credit brokers like Fundera or Intuit’s QuickBooks Financing for a one-stop shopping experience. By contrast, banks — particularly regional and smaller banks — have traditionally relied on manual, paper-intensive underwriting processes, which draw out approval times to as much as 20 days.

The questions banks should ask themselves

We see four broad strategies that traditional banks could pursue to compete or collaborate with emerging online players—and in some cases do both simultaneously. The choice of strategy depends on how much investment of time and money the bank is willing to make to enter the new marketplace, and the level of integration the bank wants between the new digital activities and their traditional operations.

Two of the four options are low-integration strategies in which banks contract for new digital activities in arms-length agreements, or pursue long-term corporate investments in separate emerging companies. This amounts to putting a toe in the water, while keeping current operations relatively separate and pristine.

On the other end of the spectrum, banks choose higher-integration strategies, like investing in partnership arrangements, where the new technologies are integrated into the bank’s loan application and decision making apparatus, sometimes in the form of a “white label” arrangement. The recent partnership between OnDeck and JPMorgan Chase is such an example. Some large and even regional banks have made even more significant investment to build their own digital front ends (e.g. Eastern Bank). And as more of the new fintech companies become possible acquisition targets, banks may look to a “build or buy” strategy to gain these new digital capabilities.

 

For banks that choose to develop their own systems to compete head-on with new players, significant investment is required to automate routine aspects of underwriting, to better integrate their own proprietary account data, and to create a better customer experience through truly customer-friendly design. The design and user experience aspect is especially out of sync with bank culture, and many banks struggle with internal resistance.

Alternatively, banks can partner with online lenders in a range ways – from having an online lender power the bank’s online loan application, to using an online lender’s credit model to better underwrite and service bank loan applications. In these options, the critical question is whether the bank wants to keep its own underwriting criteria or use new algorithms developed by its digital partner. Though the new underwriting is fast and uses intriguing new data, such as current bank transaction and cash flows, it’s still early days for these new credit scoring methods, and they have largely not been tested through an economic downturn.

Another large downside of partnering with online lenders is the significant level of resources required for compliance with federal “third party” oversight, which makes banks responsible for the activities of their vendors and partners. In the U.S., at least three federal regulators have overlapping requirements in this area, creating a dampening effect that regulatory reform in Washington could serve to mitigate.

Banks that prefer a more “arm’s-length” arrangement have the option to buy loans originated on an alternative lender’s platform. This allows a bank to increase their exposure to SME loans and pick the credits they wish to hold, while freeing up capital for online lenders. This type of partnership is among the most prolific in the online small business lending world, with banks such as JPMorgan Chase, Bank of America, and SunTrust buying assets from leading online lenders.

The familiar David vs. Goliath script of the scrappy, internet-fueled startup vanquishing the clunky, brick-and-mortar-laden incumbent is repeated so often in startup circles that it is sometimes treated as inevitable. But in the real world, sometimes David wins, other times Goliath wins, and sometimes the right solution involves a combination of both. SME lending can remain a big business for banks, but only with deliberate choices about where to play and how to win. Banks must focus on areas where they can build a distinct competitive advantage, and find ways to partner with or learn from the new innovators.

An Early Warning System for Your Team’s Stress Level

April 26, 2017 - 10:12am

Cat Yu for HBR

“If you can’t stand the heat, get out of the kitchen!” This had always been Michel’s response when his senior executives started “wilting under pressure” and letting him down. As the CEO of a global oil company who had risen through the ranks, Michel had faced many stressful events on off-shore rigs early in his career, and considered himself to be a tough guy with no tolerance for wimps.

But with intense media and regulatory focus on oil prices adding complexity to a current restructuring in the organization, Michel was now facing an internal crisis that he had not foreseen. His blunt approach to fixing low performers in his executive committee wasn’t working.

Related Video When Stress Helps You Get More Done And the groups of people who feel it most.

See More Videos > See More Videos >

In the past year, two members of his team had disappeared into a “black hole” of long-term sick leave (as he thought of it). On Monday, a third person — a colleague who often picked up slack for others as well as being a source of great ideas — advised him that she had been put on leave due to stress-related burnout. Michel was annoyed with her, but also with himself. Now his team was seriously compromised. Why hadn’t he seen this coming? What was going on? He was angry about losing three team members. He himself would be ashamed of being diagnosed with burnout — or whatever it was called — and sent off for weeks of “paid vacation.”

When the head of HR met with him to discuss the situation, Michel started with his usual bluster, but it soon became apparent that he had missed many warning signals. When he heard that the developments in his team had caused a disturbing ripple effect in the company, Michel had to admit that his take-no-prisoners leadership style might be a problem.

The tipping point of distress

A recent study suggested that work-related stress in the UK in 2015-2016 accounted for 37% of all ill-health cases and 45% of all working days lost due to ill health across all industries and professions. This study identified workload pressure (including tight deadlines and too much responsibility) and lack of managerial support as the main work factors mentioned by employees causing work-related stress. This raises a long-recognized conundrum: pressure to perform is only effective to a certain, unpredictable degree. Positive stress, also known as “eustress,” helps keep people energized and alert. However, the boundary between eustress and “distress” — harmful stress — can be quickly crossed, catching managers and employees unprepared. Everyone has a tipping point — influenced by physiological as well as psychological factors — when stress or pressure leads to decreasing performance and, if not addressed, eventually to burnout.

You and Your Team Series Stress

Although workplace stress and burnout is a hot topic, it is rarely discussed in senior executive teams. Many executives like Michel think of it as a problem that affects other, weaker, people. It is often self-diagnosed as a lack of sleep — an insignificant side effect of a high-profile executive lifestyle. But there is more to it. And given our experience the cost can be enormous. Organizations lose substantial amounts of money because of bungled deals, misguided decisions, or cover-up of mistakes that can be linked to work-related stress.

Evaluating signs of stress

Inspired by aviation and medical best practices for handling crises, we set out to develop a simple yet robust protocol that could help executives like Michel and his HR director anticipate cases of potential burnout. A robust protocol is one that is easy to remember and clearly pinpoints the critical issues that must be addressed. A classic, and widely used example of such a protocol is the APGAR scoring system, introduced in 1952 by Dr. Virginia Apgar, which is used to quickly summarize the health of a newborn baby. The medical APGAR score is effective because the easy-to-recall acronym — including assessments such as Appearance, Pulse, and so on — serves as a protocol for rapidly taking stock of the newborn’s overall medical condition within minutes.

Building on the effectiveness of this type of quick assessment, we developed the Stress-APGAR barometer. Rather than being a test, survey, or assessment tool, the Stress-APGAR provides a set of guidelines that help executives think about and articulate factors that may lead to burnout.

Our Stress-APGAR acronym recalls five key areas of potential pressure overload. These are:

A for appearance: How does the person look? Does he/she seem overly tired? Has he/she been gaining or losing weight? Is there any indication of substance abuse?

P for performance: A decrease in performance, particularly over time, may be linked to increasing distress. On the other hand, a forced effort to over-perform — becoming a workaholic — is also a warning sign.

G for growth tension: Growth is a result of learning and stretch goals. Everyone is different; some people take to new challenges easily, whereas others may find them more difficult. Is the person becoming bored? Or conversely, does the person seem overwhelmed?

A for affect control: “Affect” is another word for “emotion.” Everyone has good and bad days, but most people can regulate their emotions in a way that is appropriate for the workplace. However, noticeable and lasting changes in emotional state —including emotional outbursts or high and low mood swings — can be related to an overload of physical and psychological pressure.

R for relationships: Personal relationships are an essential part of mental health. In situations of increased stress, it is possible to observe deterioration in the quality of relationships at work, including social isolation.

Stress-APGAR in practice

Stress-APGAR dimensions, when taken together, can be used as a barometer that indicates changes in a pressure system. Any sailor knows that high or low barometric pressure readings are essential data, providing information about potential danger and uncertain consequences. Similarly, if a work colleague has shown worrying changes in one or more Stress-APGAR dimension, the next step is to consider if the changes could become dangerous if ignored.

Each organization and individual is different, so we deliberately have not devised good or bad scores. But we have found that the Stress-APGAR can be used by anyone — at any level of the organization, but also family members and friends — to gather information and begin a conversation with the individual concerned.

Returning to Michel’s situation as our example, we can see that the problem festered — as it most often does — due to a reluctance to discuss stress among senior executives. Michel’s colleagues were obviously reluctant to talk to him about how his relentless pressure was affecting performance.

We asked senior executives what they would tell Michel to get him to consider a different approach. One executive who had worked in the oil industry told us: “Clearly, Michel’s approach to people is not working. He is not really listening to them. He seems to be quite tone-deaf concerning the danger signs of stress. It’s important for him to realize that people are different; that not everyone thinks like him. But given his mind-set, he may need help in becoming more familiar with the softer side of leading people.” Another executive told us: “Michel is writing off a lot of talent, and that’s really counter-productive. It’s pretty obvious: if people hate going to work, they will eventually leave. Ironically they will probably thrive once again in a better work environment — maybe with one of Michel’s competitors.”

If Michel decides to address the debilitating effect of work-place stress with his team, he could tackle what initially may be “undiscussable” by first sharing these Stress-APGAR dimensions with them. As a group, they might reach an agreement on how to act if concerns arise. By taking these fairly straightforward actions, Michel and his team could mitigate the risk of burnout in the future, and avoid the financial consequences that often follow.

The Stress-APGAR can be used over time to see whether there is an increase or decrease in the danger signs. A simple self-rating of 1-10 can be used, with the individual stating where they are today, and where they feel they could use some help to improve their score. If the individual is reluctant to discuss possible burnout, his or her colleagues could consider other, indirect actions. For example, senior team members could tell a CEO that his mood swings are affecting the way they work together. Indeed, increased empathetic attention to a person at risk can have a positive effect, reducing social isolation and eventually helping the individual to open up. Once trust is established in this way, it is often easier for the person at risk to make stress discussable instead of leaving the matter to external stress experts.

Our hope is that the Stress-APGAR could become a starting point for courageous conversations on how to create better places to work. From a sustainability perspective, it’s essential to create work environments where cases of stress imbalance are made discussable. And as Hans Selye, the father of modern stress research once said, “It is not stress that kills us, it is our reaction to it.”

The C-Suite and IT Need to Get on the Same Page on Cybersecurity

April 26, 2017 - 10:00am

A recently published global survey of C-Suite level executives and IT Decision Makers (ITDMs) revealed a large gap in assessments of cyber threats, costs and areas of responsibilities. Among the most significant disconnects:

  • 80% of the executives surveyed in the U.S. believe cybersecurity to be a significant challenge facing their business, while only 50% of ITDMs agree.
  • ITDMs estimated the average cost of a cyber breach at $27.2 million, much higher than the average $5.9 million cited by executives.
  • 50% of the executives surveyed believe the reason why an attack on their organization would succeed would be due to human error of employees, compared to 31% of ITDMs.

The research shows there is a lack of understanding when it comes to the cost of a successful breach, which many underestimate. It isn’t just about what the thieves get away with. A successful cyber attack can have far reaching implications such as impacting share price, lost business, fines — even a failed strategic investment or merger.

Insight Center

Gaps between the strategic visions of the C-suite and the real-world experiences of IT specialists should not be a surprise. They may think differently about the nature of cyber risk and of the way threats translate into business and technological risks. This is largely due to their priorities — C-suite executives have responsibility for mitigating business risk, while IT delivers the technological support that drives the business.

The most common area of agreement between these key groups is that danger lurks in cyberspace. Sixty percent of C-Suite executives and 66% of ITDMs think their businesses will be targeted for a cyber attack in the next 12 months, and both groups report that they expect the frequency and severity of attacks to increase. This is confirmation that the threat from cyber attack is now just part of the day-to-day reality of doing business in a hyper-connected world.

Organizations that take cyber security seriously should implement best practices that will help reduce the disconnects and ensure effective cyber risk management. Among them:

  • Include the C-suite in incident response table-top exercises so they fully understand their roles, and all the possible costs of an attack. Having firsthand experience of an attack, even a simulated one, means the C-suite will gain awareness that’s vital to driving a top-down security-focused culture.
  • Educate both groups — and all employees — on the need to understand their organization’s cyber exposure and how attackers can exploit information they gather from reconnaissance efforts to craft targeted attacks. It should be more than a theoretical exercise, using real examples of what can be found about the organization. For example, customer details including login credentials and account information is often for sale on the dark web. This information can be leveraged by attackers to create synthetic IDs that are often used to enable cyber crime.
  • Introduce a forward looking, strategic approach to cyber defense to deal with the reality of the likelihood of cyber attacks. This strategy must capture an appropriate balance between tools, people and processes. There is no silver bullet when it comes to protecting critical assets and technology cannot be counted on alone. You can have the latest and greatest technology in place, but it can still be vulnerable if you don’t have the right people with the correct skills as well. Furthermore, operating procedures need to be well defined and expressed to get the most from the technology. For example, security teams need to have enough bandwidth to investigate alerts that are being generated – and simply turning up the alerting threshold and thereby reducing the number of alerts is not a good way to deal with a lack of bandwidth.
  • Exploring the use of automation, where possible, in operational processes is becoming a focus as security professionals look to maximize what they can do with existing resources. To triage efficiently, security teams need as much context as possible to ascertain if an alert is important or not. This context includes internal as well as external data, such as threat-intelligence, which can provide broader context on attack groups’ tools, tactics and procedures.
  • With the continued risk of ransomware attacks, IT teams must implement an appropriate back up strategy to help mitigate the impact of these attacks. If valuable data is lost because it was encrypted by ransomware, backups can be used to restore the data without the need to pay the ransom. Data needs to be stored in protected locations to ensure that it isn’t encrypted during an attack. This back up strategy needs to be part of an organization’s broader Incident Response plan, which should capture in detail what would be done to contain and then recover from a ransomware attack.
  • Assume that at some point your organization will be breached. Review your ability to detect and respond to threats inside your network and on your endpoints. New security initiatives should focus on reducing the time it takes to discover and then contain and remediate unwanted activity on your systems. It is now broadly accepted by security thought leaders that only looking for patterns of nefarious activity derived from previously seen attacks is not sufficient to detect well-crafted targeted attacks that are likely not to have been seen before. To reduce the time it takes to detect unwanted activities in IT systems, organizations now need to evaluate the use of additional detection techniques. For example, hackers often establish command and control channels to direct their attacks. Finding these channels is crucial to uncovering unwanted activities.

As the threats evolve, it isn’t just about tracking known threats, but taking a proactive approach and working to understand new, unknown cyber threats.

If You Think Downsizing Might Save Your Company, Think Again

April 26, 2017 - 8:05am

During the Great Recession of 2008, companies around the world downsized their workforces. American firms alone laid off more than 8 million workers from the end of 2008 to the middle of 2010. Even in healthier financial times, such as now, firms often downsize because it is seen as a way to reduce costs, adjust structures, and create leaner, more efficient workplaces. Despite the prevalence of downsizing, researchers and businesspeople alike continue to disagree on the viability of this common organizational practice. We add to this debate with our new research, which indicates that downsizing may actually increase the likelihood of bankruptcy.

Proponents of downsizing argue that it is an effective strategy, with benefits such as increased performance and sales. Detractors, on the other hand, point to negative consequences including performance and productivity declines, decreases in customer satisfaction, and adverse effects on remaining employees, such as increased stress. As the debate continues, high-profile firms continue to downsize, as demonstrated by recent announcements or actions by Victoria’s Secret, Lowe’s, and PepsiCo.

Our team of researchers from Auburn University, Baylor University, and the University of Tennessee, Chattanooga set out to better understand the consequences of downsizing in large, U.S.-based corporations. In our recently published work in the Journal of Business Research, we tested the theory that downsizing could lead to a host of problems that eventually increases the likelihood of bankruptcy. Among these: Downsizing firms lose valuable knowledge when employees exit; remaining employees struggle to manage increased workloads, leaving little time to learn new skills; and remaining employees lose trust in management, resulting in less engagement and loyalty. Many of these effects may have long-term consequences, like reduced innovation, that are not captured in short-term financial metrics. We sought to investigate whether these effects could increase the likelihood that firms would declare bankruptcy.

To investigate these potential consequences, we examined 2010 data from 4,710 publicly traded firms and determined whether they declared bankruptcy in the subsequent five-year period. These firms spanned 83 different industries, including the service, high technology, and manufacturing industries. We did not examine financial firms, as changes introduced by the Dodd-Frank Act changed the bankruptcy landscape for these firms. We found that 24% of our sample firms reduced their workforce by 3% or more in 2010, including Ford, Petmed Express, and Regal Cinemas.

To ensure the accuracy of our results, we controlled for known potential drivers of both downsizing and bankruptcy. These included the size of the firm, changes in market capitalization, prior performance, profitability, trajectory toward bankruptcy (using the Altman Z score), a large number of employees per sales relative to their industry peers, and other indicators of financial health. As firms might differ in number of employees they downsized, we controlled for the percentage of employees reduced in each downsizing event. We also accounted for the number of acquisitions in the previous five years (since downsizing often occurs after acquisitions) and industry differences. We further confirmed our findings across a different time period (1995–2000).

We found that downsizing firms were twice as likely to declare bankruptcy as firms that did not downsize. While downsizing may be capable of producing positive outcomes, such as saving money in the short term, it puts firms on a negative path that makes bankruptcy more likely. While not always fatal, downsizing does increase the chances that a firm will declare bankruptcy in the future.

Given this finding, we sought to understand why some firms were able to survive the negative effects of downsizing while some were not. We speculated that examining firms’ remaining resources could shed light on this question. Accordingly, we examined intangible resources (captured through Tobin’s q, a measure of the value of the firm not captured by its balance sheets), financial resources, and physical resources.

We found that having plentiful financial and physical resources did not replace the downsized employees, who fulfilled multiple roles as workers, knowledge bearers, and cultural contributors within the firm. Having ample capital is often viewed as a corporate panacea, so it was unexpected and interesting to find that financial resources did not contribute to the prevention of bankruptcy for downsizing firms.

We did find, however, that intangible resources helped to reduce the likelihood that downsizing firms would declare bankruptcy. Intangible resources can be redeployed in unique and perhaps innovative ways following downsizing. For example, existing employee knowledge can be utilized to revamp processes that have been interrupted or to replace these processes with more effective ones. Similarly, because these resources can be used in a multitude of ways, firms may be able to use them to attract partners that can fill the gaps left by downsized employees and thereby soften the blow for downsizing firms.

Our findings suggest that, prior to deciding to downsize, company leaders should consider whether any positive short-term returns from downsizing will outweigh the potentially severe long-term consequences, and examine the specifics of their resource portfolio to determine whether their firms are adequately protected from downsizing’s negative consequences. Any moves that eliminate important intangible resources may limit the ability of managers to counteract the negative effects from employee layoffs.

Given that downsizings are often part of a larger restructuring plan, managers must ensure that they retain the resources that can decrease the odds of negative outcomes. Most important, firms planning to downsize must focus carefully on their intangible resources, rather than financial or physical ones, because they will be essential if the company loses valuable employees.

How to Be an Inspiring Leader

April 25, 2017 - 12:00pm

When employees aren’t just engaged, but inspired, that’s when organizations see real breakthroughs. Inspired employees are themselves far more productive and, in turn, inspire those around them to strive for greater heights.

Our research shows that while anyone can become an inspiring leader (they’re made, not born), in most companies, there are far too few of them. In employer surveys that we conducted with the Economist Intelligence Unit, we found that less than half of respondents said they agree or strongly agree that their leaders were inspiring or were unlocking motivation in employees. Even fewer felt that their leaders fostered engagement or commitment and modeled the culture and values of the corporation.

Related Video What Great Managers Do Exceptional managers find and capitalize on their employees' unique strengths. Learn how they do it with this 6 minute video slide deck. Download a customizable version in Subscriber Exclusives. See More Videos > See More Videos >

To understand what makes a leader inspirational, Bain & Company launched a new research program, starting with a survey of 2,000 people. What we found surprised us. It turns out that inspiration alone is not enough. Just as leaders who deliver only performance may do so at a cost that the organization is unwilling to bear, those who focus only on inspiration may find that they motivate the troops but are undermined by mediocre outcomes. Instead, inspiring leaders are those who use their unique combination of strengths to motivate individuals and teams to take on bold missions – and hold them accountable for results. And they unlock higher performance through empowerment, not command and control. Here are some of our additional findings about how leaders both inspire, and get, great performance:

You only need one truly “inspiring” attribute

We asked survey recipients what inspired them about their colleagues. This gave us a list of 33 traits that help leaders in four areas: developing inner resources, connecting with others, setting the tone, and leading the team. Stress tolerance, self-regard, and optimism help leaders develop inner resources. Vitality, humility, and empathy help leaders connect. Openness, unselfishness, and responsibility help set the tone. Vision, focus, servanthood, and sponsorship help them lead. We found that people who inspire are incredibly diverse, which underscores the need to find inspirational leaders that are right for motivating your organization—there is no universal archetype. A corollary of this finding is that anyone can become an inspirational leader by focusing on his or her strengths.

Although we found that many different attributes help leaders inspire people, we also found that you need only one of them to double your chances of being an inspirational leader. Specifically, ranking in the top 10% in your peer group on just one attribute nearly doubles your chance of being seen as inspirational. However, there is one trait that our respondents indicated matters more than any other: centeredness. This is a state of mindfulness that enables leaders to remain calm under stress, empathize, listen deeply, and remain present.

Your key strength has to match how your organization creates value

Effective leadership isn’t generic. To achieve great performance, companies need a leadership profile that reflects their unique context, strategy, business model, and culture—the company’s unique behavioral signature. To win in the market, every company must emphasize the specific capabilities that make it better than the competition.

We found that the same is true of leaders: They must be spiky, not well-rounded, and those “spikes” must be relevant to the way that the company creates value. For example, an organization that makes its money out-marketing the competition isn’t likely to be inspired by a leader whose best talent is cost management. Spiky leaders achieve great performance by obsessing about the specific capabilities that underpin their company’s competitive advantage. They make sure those capabilities get an outsized, unfair share of resources and provide the key players the freedom they need to continue to excel.

You have to behave differently if you want your employees to do so

Even with a clear idea of your company’s winning behavioral signature, leaders need to develop new ways of operating. We found that leaders who both inspire people and generate results find ways to constructively disrupt established behaviors to help employees break out of culture-weakening routines.

Inspirational leaders recognize the need to pick their moments carefully to reinforce a performance culture in a way that can also be inspiring. These are real moments of leadership and truth. A few of our favorite, classic examples include:

  • When Paul O’Neill became CEO of Alcoa in 1987, he knew that he needed to focus the company on workplace safety. To show his commitment to the goal, he required that he be notified of all safety incidents within 24 hours. Safety improved dramatically, to the point where Alcoa’s worker injury rate fell to 5% of the US average.
  • When Howard Schultz returned to Starbucks as CEO after a nearly eight-year hiatus, he realized that Starbucks’s unique customer-focused coffee experience was now in the back seat. In the front seat were automation and diversification, both implemented in pursuit of throughput and growth. Schultz took swift action to change the company’s direction; he even shut down 7,100 US stores for three hours on February 26th, 2008, to retrain the baristas in the art of making espresso. In this highly symbolic move, he left no doubt about his intentions—and about what he thought it would take to make Starbucks great again.
  • When Alan Mulally came to Ford in 2006 to help turn around the business, he took bold actions to change the way they company operated. In one highly visible moment, he applauded Mark Fields (who would eventually become his successor) for admitting to a failure in an executive meeting. That was pretty much unheard-of at Ford, and it set the tone for the open and honest communications required for a new culture at the company.

While these are only single actions by leaders who are famous for producing both performance and inspiration, they provide a window into what inspirational leadership looks like.

Drawing insight from Eastern philosophy, one of our clients once said, “If you want to change the way of being, you have to change the way of doing.” This struck us as profound in the moment and even more profound over time – and the sentiment matches what we learned in our research. Leaders can only change by doing things differently. The more often they behave in a new way, the sooner they become a new type of leader, an inspirational leader. We know that individual inspiration is the gateway to employee discretionary energy, and that, in turn, is critical to making the most of your scarcest resource – your human capital.

Why You Should Have (at Least) Two Careers

April 25, 2017 - 11:39am

It’s not uncommon to meet a lawyer who’d like to work in renewable energy, or an app developer who’d like to write a novel, or an editor who fantasizes about becoming a landscape designer. Maybe you also dream about switching to a career that’s drastically different from your current job. But in my experience, it’s rare for such people to actually make the leap. The costs of switching seem too high, and the possibility of success seems too remote.

But the answer isn’t to plug away in your current job, unfulfilled and slowly burning out. I think the answer is to do both. Two careers are better than one. And by committing to two careers, you will produce benefits for both.

In my case, I have four vocations: I’m a corporate strategist at a Fortune 500 company, US Navy Reserve officer, author of several books, and record producer. The two questions that people ask me most frequently are “How much do you sleep?” and “How do you find time to do it all?” (my answers: “plenty” and “I make the time”). Yet these “process” questions don’t get to the heart of my reasons and motivations. Instead, a more revealing query would be, “Why do you have multiple careers?” Quite simply, working many jobs makes me happier and leaves me more fulfilled. It also helps me perform better at each job. Here’s how.

Subsidize Your Skill Development

My corporate job paycheck subsidizes my record producing career. With no track record as a producer, nobody was going to pay me to produce his or her music, and it wasn’t money that motivated me to become a producer in the first place — it was my passion for jazz and classical music. Therefore, I volunteered so that I could gain experience in this new industry. My day job not only afforded me the capital to make albums, but it taught me the skills to succeed as a producer. A good producer should be someone who knows how to create a vision, recruit personnel, establish a timeline, raise money, and deliver products. After producing over a dozen albums and winning a few Grammys, record labels and musicians have started to reach out to see if they can hire me as a producer. I still refuse payment because making music, something that is everlasting, is reward enough for me.

At the same time, I typically invite my corporate clients to recording sessions. For someone who works at an office all day, it’s exciting to go “behind-the-scenes” and interact with singers, musicians, and other creative professionals. While I was in Cuba making an album, one of my clients observed about the dancing musicians, “I’ve never been around people who have so much fun at work.” That my clients have a phenomenal experience only helps me drive revenue at work, so my corporate and recording careers are mutually beneficial.

You and Your Team Series Career Transitions

Make Friends in Different Circles

When I worked on Wall Street, my professional circle was initially limited to other folks in the financial services sector: bankers, traders, analysts, economists. Taken together, all of us establish a “consensus” view on the markets. And most of my asset manager clients were looking for something different: “Give me a contrarian perspective.” In other words, they didn’t want to hear the groupthink. I took this as marching orders to tap my rolodex for people who could provide my clients a differentiated perspective.

Related Video The Gig Economy With new research, we can begin to see a shift from payroll employees to contractors.

See More Videos > See More Videos >

For example, one of my clients wanted to understand what Chinese citizens were saying to each other. Because I am an author, I have gotten to know other writers, so I reached out to my friend who was a journalist at a periodical that monitors chatter in China. Not restricted by the compliance department of a bank, he was able to give an unbridled perspective to my client, who was most appreciative. My client got a new idea. I got a trade. My friend got a new subscriber. By being in different circles, you can selectively introduce people who would typically never meet and unlock value for everyone.

Discover Real Innovations

When you work different jobs, you can identify where ideas interact — and more significantly, where they should interact. “It’s technology married with liberal arts, married with the humanities, that yields us the result that makes our heart sing,” said Steve Jobs, who was the embodiment of interdisciplinary thinking.

Because of Hurricane Katrina, many musicians left New Orleans. In order to generate funds to help musicians in the city, I could have created a typical nonprofit organization that solicits people for money. Instead, I helped create a more sustainable solution: a brokerage for musicians that I described as Wall Street meets Bourbon Street. People wanting to book a musician for a party in New York could find a band on my organization’s website, which would then ask the booker to add a “tip” which would be allocated to a New Orleans-based charity. The booker (who in some cases were my corporate clients) easily found a band for the party, the New York City-based musician got a gig, and the charity in New Orleans got a small donation. Because of my time working at a bank, I was able to create a different type of organization, one which has since merged with an even larger charitable organization.

When you follow your curiosities, you will bring passion to your new careers, which will leave you more fulfilled. And by doing more than one job, you may end up doing all of them better.

8 Ways Governments Can Improve Their Cybersecurity

April 25, 2017 - 11:00am

It’s hard to find a major cyberattack over the last five years where identity — generally a compromised password — did not provide the vector of attack.

Target, Sony Pictures, the Democratic National Committee (DNC) and the U.S. Office of Personnel Management (OPM) each were breached because they relied on passwords alone for authentication. We are in an era where there is no such thing as a “secure” password; even the most complex password is still a “shared secret” that the application and the user both need to know, and store on servers, for authentication. This makes passwords inherently vulnerable to a myriad of attack methods, including phishing, brute force attacks and malware.

Insight Center

The increasing use of phishing by cybercriminals to trick users into divulging their password credentials is the most alarming — a recent report from the Anti-Phishing Working Group (APWG) found that 2016 was the worst year in history for phishing scams, with the number of attacks increasing 65% over 2015. Phishing was behind the DNC hack, as well as a breach of government email accounts in Norway, and was the method that state-sponsored hackers recently used in an attempt to steal the passwords of prominent U.S. journalists. Phishing is on the rise for a simple reason: it is a relatively cheap and effective form of attack, and one that puts the security onus on the end-user. And, given that many users tend to reuse passwords, once these passwords are compromised, they can be used to break into other systems and bypass traditional network security measures.

In response to the increased frequency of such authentication-based cyberattacks, governments around the world are pursuing policies focused on driving the adoption of multi-factor authentication (MFA) solutions that can prevent password-based attacks and better protect critical data and systems. The U.S., UK, EU, Hong Kong, Taiwan, Estonia and Australia are among the countries that have focused on this issue over the last five years.

One challenge countries face: there are hundreds of MFA technologies vying for attention, but not all are created equal. Some have security vulnerabilities that leave them susceptible to phishing, such as one-time passwords (OTPs) — a password that is valid for only one login session or transaction — which, while more secure than single factor authentication, are themselves still shared secrets that can be compromised. Some solutions are unnecessarily difficult to use, or have been designed in a manner that creates new privacy concerns.

As policymakers work to address these authentication issues, they will need to adopt solutions that move away from the shared secret model while also being easy for consumers and employee to use. Per a new white paper that The Chertoff Group published, governments can best ensure the protection of critical assets in cyberspace by following eight key principles for authentication policy:

  1. Have a plan that explicitly addresses authentication. While a sound approach to authentication is just one element of a proper approach to cyber risk management, any cyber initiative that does not include a focus on strong authentication is woefully incomplete.
  1. Recognize the security limitations of shared secrets. Policymakers should understand the limitations of first-generation MFA technologies such as OTPs that rely on shared secrets and look to incent adoption of more secure alternatives, such as those that utilize public key cryptography where keys are always stored on — and never leave — the user’s device, like FIDO authentication standards.
  1. Ensure authentication solutions support mobile. As mobile transaction usage grows, any policy that is not geared toward optimizing use of MFA in the mobile environment will fail to adequately protect transactions conducted in that environment.
  1. Don’t prescribe any single technology or solution — focus on standards and outcomes. Authentication is in the midst of a wave of innovation, and new, better technologies will continue to emerge. For this reason, governments should focus on a principles-based approach to authentication policy that does not preclude the use of new technologies.
  1. Encourage widespread adoption by choosing authentication solutions that are easy to use. Poor usability frustrates users and prevents widespread adoption. Next-generation MFA solutions dramatically reduce this “user friction” while offering even greater security gains. Policymakers should look for incentives to encourage use of next-generation MFA that addresses both security and user experience.
  1. Understand that the old barriers to strong authentication no longer apply. One of the greatest obstacles to MFA adoption has been cost — previously, few organizations could afford to implement first-generation MFA technologies. Today, there are dozens of companies delivering next-generation authentication solutions that are stronger than passwords, simpler to use and less expensive to deploy and manage.
  1. Know that privacy matters. MFA solutions can vary greatly in their approach to privacy — some track users’ every move or create new databases of consumer information. Such solutions raise privacy concerns and create new, valuable caches of information that are subject to attack. Thankfully, today several authentication companies have adopted a “privacy by design” approach that keeps valuable biometrics on a user’s device and minimizes the amount of personal data stored on servers.
  1. Use biometrics appropriately. The near ubiquity of biometric sensors in mobile devices is creating new options for secure authentication, making it easier to use technology such as fingerprint and face recognition. However, biometrics are best used as just one layer of a multi-factor authentication solution — matching a biometric on a device to then unlock a second factor. Ideally, biometrics should be stored and matched only on a device, avoiding the need to address privacy and security risks associated with systems that store biometrics centrally. Any biometric data stored on a server is vulnerable to getting in the wrong hands if that server is compromised. This was the case in June 2015 with the United States Office of Personnel Management (OPM) breach resulting in 1.1 million compromised fingerprints.

Policymakers have resources and industry standards to help guide them as they address these principles. The Fast Identity Online (FIDO) Alliance has developed standards designed to take advantage of the advanced security hardware embedded in modern computing devices, including mobile phones. FIDO’s standards have been embraced by a wide cross-section of the technology community and are already incorporated into solutions from companies such as Microsoft, Google, PayPal, Bank of America, Facebook, Dropbox, and Samsung.

No technology or standard can eliminate the risk of a cyberattack, but the adoption of modern standards that incorporate MFA can be an important step that meaningfully reduces cyber risk. By following these eight principles, governments can create a policy foundation for MFA that not only enhances our collective cyber security, but also helps to ensure greater privacy and increased trust online.

The Business Case for Providing Health Insurance to Low-Income Employees

April 25, 2017 - 10:58am

After the failed negotiations over the repeal of Obamacare earlier in March, the Trump administration appears to be on the brink of proposing a new health care bill. While the details are still sketchy, it seems likely that the new bill will leave many lower-income Americans without access to health insurance.

I believe there is a case to be made that, should this take effect, the private sector has a strong incentive to step in. The provision of health insurance by organizations is a sensible business decision—especially for low-income individuals. In fact, a number of studies—including one that I co-authored—highlight that health insurance coverage can be beneficial to the bottom line of businesses, and should be endorsed by managers as good corporate strategy if they seek to increase their productivity.

Health insurance for low-income employees is good business for at least three reasons: it is linked with reduced levels of stress, more long-term decision-making, and increased cognitive ability, as well as (perhaps somewhat obviously) increased physical health — all of which are crucial components of higher organizational performance.

Health Insurance Can Reduce Stress

Among other positive outcomes, health insurance significantly decreases the level of stress employees experience, as a study described in a recent working paper shows. Johannes Haushofer of Princeton University and several colleagues worked with an organization in Nairobi, Kenya — the metalworkers of the Kamukunji Jua Kali Association (JKA) — and randomly allocated some employees to receive health insurance free of cost for one year. In other words, the researchers sponsored a health care plan for a proportion of JKAs’ employees, whereas others continued working for JKA as usual.

In addition to collecting data through surveys — for example on the employees’ self-reported health and well-being, and their household characteristics — the researchers did something rather unusual: they collected saliva samples from all respondents, which were later tested for the stress hormone cortisol. These measurements occurred at two time points, at the start of the study and at the end.

The researcher’s results were striking. Not only did employees who received free health insurance report feeling less stressed, but this decline correlated with a reduction in the cortisol measured in the saliva sample. The decrease in cortisol was comparable to roughly 60% of the difference between people who are depressed, and people who are not.

This is important for organizations because employees who experience higher levels of stress are more prone to burning out, and less likely to attain high levels of performance. Stressed employees hurt the bottom-line — and interventions that reduce stress benefit it.

Health Insurance Can Lead to More Long-Term Decision-Making

But health insurance can do more, too. A paper I co-authored with Elke Weber of Princeton University and Jaideep Prabhu of Cambridge University that was recently published in the Proceedings of the National Academy of Sciences focuses on one reason why low-income individuals have difficulties escaping their destitute situation. As research has found, we show that poor people are more likely to make decisions that favor the short term, even when these decisions involve smaller payoffs than larger payouts they might receive in the future.

In our study, we find that this is partially the case because low-income individuals experience more pressing financial needs than their richer counterparts. Because they are so pre-occupied with making ends meet, they are unable to even consider a possible larger payout in the future. This way, they remain captured in what Johannes Haushofer and Ernst Fehr of the University of Zurich so aptly call the “vicious cycle of poverty.”

However, we also find that interventions that serve to reduce levels of financial need that low-income individuals experience can make them more likely to make more long-term-oriented decisions. One such intervention may be the provision of health insurance. With a safety net they can draw on when health problems arise, poor people may be less likely to experience their financial needs as pressing — and as a result, make more long-term-oriented decisions.

This can lead to significant improvements for organizations as well. Companies require their employees to make many long-term decisions. In many cases, a more long-term orientation is necessary for companies to thrive.

Not Having Health Insurance Can Hinder Cognitive Ability

Finally, health insurance can give low-income individuals peace of mind. A seminal study led by Anandi Mani of the University of Warwick investigated the cognitive consequences of poverty. The researchers found — in concordance with an increasing body of evidence — that lack of money saps people’s attention. While they did not specifically study health insurance, it is easy to extrapolate their research to this question. Given that everyone’s attention is limited, the more people’s concerns weigh on their mind, the less attention they can pay to any one concern.

To illustrate this finding, imagine a case where a low-income employee uses her car to come to work every day. She lives paycheck to paycheck and depends on her steady stream of income. Every day, even when she isn’t driving, she worries about what she would do if her car broke down. Such thoughts circle in her mind incessantly — they are always there, no matter what else she tries to focus her attention on.

Obviously, such worrying thoughts have detrimental consequences for her performance. Constant ruminations make it more difficult to focus on tasks that matter in the moment. Now replace the car in the above scenario with her health; let’s assume she has a chronic condition that requires medical attention when it breaks out. This is not an uncommon case: over 34% of employees have chronic medical conditions, which are even more widespread amongst low-income individuals.

Although many of these physical ailments cannot be cured, their accompanying cognitive detriments can be. Thoughts such as, “How will I pay for the doctor? How can I afford my medication?” could be eradicated with the provision of health insurance. This is especially important for low-income individuals who are more likely to have such worries. And with an increased ability to focus on their work, employees are also more likely to be productive members of the organization. 

It is unclear what will happen in Washington D.C. in the next few months. Will Obamacare be repealed? Will millions of low-income individuals lose their health insurance? In the absence of a resolution, managers may have to step up. There is a business case to be made for providing employees with health insurance, which may make them less stressed, improve their long-term decisions, and lead to increased attention on the task at hand — and the case is especially strong for low-income employees.

We Need to Ask How We Can Make Economic Growth More Inclusive

April 25, 2017 - 8:05am

Some questions have what I like to call a catalytic quality. That is, they do for creative problem-solving what catalysts do in chemical processes: they dissolve barriers and accelerate progress down more productive pathways. Take the question that has lately been put on the political table because of the prosperity bind facing so many mature economies. Innovation abounds (especially in technology) and new value is being created hand over fist — yet the resulting wealth gains go to the few, while the many wind up financially worse off. Case in point, even if everyone benefits from the freer flow of information allowed by the internet, information alone can’t pay your heating bill or buy a new transmission for your car. As the costs of things like phone calls and televisions have dropped, the cost for basic necessities like food and housing has soared.

This vexing global challenge causes me to wonder, “What if the world’s innovators turned their sights on solving this problem? Could we make growth more inclusive?” That’s a huge question, and I hope it’s a catalytic one.

Many people are already trying to answer it. There’s Zeynep Ton’s path-breaking work on “why ‘good jobs’ are good for business.” There are people in the business community launching initiatives like I4J, a group that challenges the Silicon Valley tech community to “innovate for jobs.” Scholarly publications like the Journal of Management Studies put out calls for new research that could inspire enterprise-level change. Perhaps my favorite example is the MIT Inclusive Innovation Challenge. Now in its second year, it distributes cash prizes to inspiring organizations who “are using technology to reinvent work and create economic opportunity for people below the top rung of the economic ladder.”

A top prizewinner for 2016 was a company not too far from MIT geographically — but in an industry that seems 100 years distant. It’s an apparel manufacturer called 99Degrees Custom. In a wonderful bit of symbolism, it is located in the historic Everett Mill in Lawrence, Mass., which the company does not exaggerate in calling “the birthplace of the U.S. Industrial Revolution.” In the midst of a new, twenty-first-century technological revolution, no workers are being made redundant by machines. Instead, by using robotics, lean processes, and agile systems, 99Degrees Custom is allowing new jobs to be created using “sew free and wearable technologies, on-demand manufacturing, and fastest-turn development and production cycles.” Company founder Brenna Schneider told The Boston Globe: “You hear a lot of fear about machines replacing our jobs and excitement about robots… But I see there is an incredible sweet spot between the machine and human side.”

I’ve always been a believer in the principle of celebrating what you want to see more of. This prize competition does that. But there is something more that a well-constructed “challenge” gets right. Whether it’s Open IDEO’s ongoing challenges, or Elon Musk’s Hyperloop Challenge, or any of Peter Diamandis’s amazing, annual XPRIZE competitions (to name just a few), their power lies in posing a provocative question, and then flinging the doors wide to whoever can respond to it. The creative energy unleashed not only produces one winner — it engages a whole spectrum of people in a quest, and galvanizes the collective conviction that a solution must be found.

Peter Drucker, long before me, championed the power of questions as the critical fuel behind high-impact challenges. “The most serious mistakes are not being made as a result of wrong answers,” he once observed. “The true dangerous thing is asking the wrong question.” (And since the lion’s share of my work is with corporate clients, this one also resonates: “My greatest strength as a consultant is to be ignorant and ask a few questions.”) I think that if Drucker were alive today, he would see this question—how can we ensure that we not only have growth, but that growth is inclusive?—as the right one for our times. It’s the kind of question that anyone can engage with, and one that may well require everyone’s engagement to solve and at the core, inquisitive leadership is ultimately inclusive leadership. Wouldn’t it be fitting, if our society’s biggest question about inclusion could only be answered through inclusion?

This post is one in a series leading up to the 2017 Global Drucker Forum in Vienna, Austria — the theme of which is Growth and Inclusive Prosperity.

How a Macron Presidency Could Fuel More Nationalism in France

April 24, 2017 - 12:28pm

This weekend’s election in France has narrowed the field of 11 candidates to two: the most anti-EU candidate, nationalist Marine Le Pen, and the most pro-European candidate, centrist Emmanuel Macron. For the first time in the almost 60-year history of the Fifth Republic, neither the mainstream Left nor the mainstream Right will have a candidate in the second round of the presidential elections. Although Macron is the candidate who promises more continuity with the policies of the previous government than any other, he founded his own political movement only a year ago, and has never previously held an elected office. But although Macron is the strong favorite to win, a look at the broader context shows that his election may only be a temporary reprieve from the nationalistic, anti-EU sentiments that have been rising across Europe.

The runoff election was the most recent in a chain of events that will have transformed the political landscape of France. In just a few months, the country has peacefully thrown out almost all of the leading figures of its (former) political class. The incumbent president, François Hollande, was so irreparably unpopular that he was forced to not seek a second term. The primary elections for the candidate of the mainstream conservative party, the Republicans, eliminated the immediate past president, Nicolas Sarkozy, and a former prime minister, Alain Juppé, while those of the Socialist Party disposed of Hollande’s former prime minister, Manuel Valls. The first round of the presidential elections has now delivered the coup de grâce to the last survivor, Sarkozy’s former prime minister, the scandal-ridden François Fillon, who late last year looked as if he only had to stay on his feet to succeed Hollande as president.

All of this reveals the extent of the public’s rejection of the French political establishment. France has followed the precedent set in Austria’s presidential election last year. The old Left and Right political divide, based on social class, has at least temporarily been displaced by one between a nationalist, economically and culturally closed, and authoritarian France, for which Le Pen stands, and an internationalist, economically and culturally open, and liberal France, which the younger, former private banker Macron incarnates. On the one side is struggling, pessimistic, small-town, and semiurban France; on the other, the France that is “winning” and optimistic, especially well represented in the big, globally connected cities.

No candidate in the elections fought on such an unabashedly pro-European platform as Macron. His anticipated victory in the next round — polls suggest that he should secure no less than 60% of the second-round vote — should make it politically feasible for the EU to pursue more “pro-integrationist” strategies to combat the euro zone, refugee, and other current crises. Especially if the German elections in September go to the Social Democratic chancellor candidate, Martin Schulz, the Franco-German tandem that is indispensable for any effective crisis management in the EU could be reenergized. Even if the Germans elect Angela Merkel for a fourth term, the tandem may develop more momentum than in the last decade. (Owing to domestic financial and political constraints, neither Sarkozy nor Hollande could emulate the kind of role played by earlier French presidents, such as Valéry Giscard in the 1970s and François Mitterrand in the 1980s and early 1990s.)

But Macron can only play this role and establish an equal partnership with Germany if he turns around the economic and social fortunes of France. Since the global financial crisis, the economic disparities between France and Germany have widened. The most striking manifestation of France’s economic ills is the rate of unemployment, which, at almost 10%, is twice that of Germany, the UK, and the U.S., and which affects almost one-quarter of French 18- to 25-year-olds. Its public debt has also been rising faster than that of its neighbor across the Rhine.

Can Macron, if he is elected, address these problems and deliver the kind of change the French public seems hungry for? It’s unclear how much he wants to, despite his rhetoric. Macron was Hollande’s closest adviser for two years, and then his government’s minister for the economy for two more. In these functions, Macron held significant responsibility for the business-friendly U-turn in economic policy — before finally deciding to mount his own political movement and presidential bid out of alleged frustration at the obstacles he faced trying to reform the French economy more radically and rapidly. He now aspires to loosen business regulations and restrictions, but without curtailing employees’ rights or existing levels of collective social welfare provision. He intends to limit the government budget deficit, but at the same time increase public spending in some areas and reduce a range of taxes and social insurance charges on firms and their employees. He has said little about the €60 billon of government spending cuts that would be necessary to reconcile these conflicting objectives.

It is conceivable that, once in office, Macron will try to be a bolder market-oriented reformer than his background implies, fearing that otherwise his presidency may be destined to end in failure, like Hollande’s. However, his room for political maneuvering after parliamentary elections in June may prove very limited.

That’s because, as a practical matter, Macron will find it very difficult to form a stable government. Macron’s political movement, En Marche! (On the Move!), will field candidates in all parliamentary districts, but currently has no MPs. Macron has pledged that half of his candidates will be members of “civil society” with no previous political party parliamentary experience. It is highly unlikely that, starting from scratch, he will win a majority of parliamentary seats. Otherwise, to form a government backed by a parliamentary majority, which he will need if he is to avoid being a lame-duck president, he will have to win over MPs from the ranks of moderates from the Socialist Party on the left and/or moderates from the conservative Republican Party on the right. Such a majority is unlikely to prove very stable or robust, especially if, after the initial honeymoon period, the public is disappointed by the results of his economic policy, and the incentive for MPs to support him correspondingly diminishes.

Paradoxically, after a campaign in which, to mollify a profoundly unhappy electorate, virtually all candidates had to sound as if they were running against “the system” or “the establishment,” it looks as if France will choose, in Macron, the status quo candidate. If his presidency fails, it will likely mean even more disaffection with the status quo — and that, one after the other, the mainstream Left, Right, and Center will be judged by French citizens to have failed in office. That could mean that although Le Pen will almost certainly fail in her presidential bid this time, the prospects for her party may be even brighter in 2022.

A different version of this essay appeared in INSEAD Knowledge.

Pages