Tag Archives: WEF

The Cyber Threat in Manufacturing

A friend of mine asked me if the cyber-risk threat was a bit of flimflam designed to sell more insurance policies. He compared cyber-risk to the Red Scare of the 1950s, when families scrambled to build bomb shelters to protect them from a war that never came. The only ones who got rich back then were the contractors, he concluded.

I found his question incredible. But I realized that he didn’t work in the commerce stream, per se, which quelled my impulse to slap him around.

See also: 3 Things on Cyber All Firms Must Know  

I shared with him some statistics that sobered him up quickly. I explained that cyber-crime costs the global economy more than $400 billion per year, according to estimates by the Center for Strategic and International Studies. Each year, more than 3,000 companies in the U.S. have their systems compromised by criminals. IBM reports more than 91 million security events per year. Worse yet, the Global Risks 2015 report, published in January by the World Economic Forum (WEF), included this rather stark warning: “90% of companies worldwide recognize they are insufficiently prepared to protect themselves against cyber-attacks.”

Cyber protection is not just about deploying advanced cyber threat technology to manage risk; you also have to educate your employees to not fall victim to unassuming scams like “phishing,” which is stealing private information via e-mail or text messages. It remains the most popular con as far as stealing company data because it’s so painfully simple. Just pretend to be someone else and hope a few people fall for it.

While most people understand the threat to data privacy for retailers, hospitals and banks and other financial institutions, few realize that manufacturers are also vulnerable in terms of property damage and downtime. In 2014, a steel manufacturing facility in Germany lost control of its blast furnace, causing massive damage to the plant. The cause of the loss was not employee error, but rather a cyber-attack. While property damage resulting from a cyber-attack is rare, the event was a wake-up call for manufacturers worldwide.

According to The Manufacturer newsletter, “the rise of digital manufacturing means many control systems use open or standardized technologies to reduce costs and improve performance, employing direct communications between control and business systems.” This exposes vulnerabilities previously thought to affect only office computers. In essence, according to The Manufacturer, cyber attacks can now come from both inside and outside of the industrial control system network.

See also: Now Is the Time for Cyber to Take Off  

Manufacturers also need to be concerned about cyber attacks that would: a) interrupt their physical supply chain or, b) allow access to their system via the third-party vendor. Manufacturers must then take steps to mitigate those risks. When Target and Home Depot were hacked several years ago, it wasn’t a direct attack on them but an attack on one of their third-party vendors. By breaching the vendors’ weak cyber security, the criminals were able to access the larger prize.

To circle back to my friend’s weird fallout-shelter theory, it’s certainly a good idea to have a backup plan in case one is hit by a proverbial “cyber-bomb.” But rather than hunker down and wait for the attack to occur, it’s critical to educate employees, vet vendors’ cyber-security and adopt — and continuously optimize — a formal cybersecurity program.

A SWOT Analysis of SWOT Analysis

A classic SWOT (strengths, weaknesses, opportunities and threats analysis) is usually considered as a good start for strategic planning efforts and further analysis. A disruptive and cascading SWOT can re-position the whole strategic plan to seriously pursue disruptive innovation. A great strategic plan should not just be about beating the competition at their game, but about redefining the game as no one has done before you.

The hyper-connected and cascading behavior of global risks

The World Economic Forum (WEF) has published a global risk report since 2006. The WEF pleads the case that the more connected our world becomes via a globalized economy, social media, the Internet, etc, the more vulnerable the whole world is to any weak links in the system. The reports include constant references to the connected risks that can cause global system breakdowns. The descriptions of the potential threats include combinations of slow-building and creeping risks that are hyper-connected, capable of linking to create unforeseen and high-energy cascade effects that can create tipping points into a perfect storms with high local and even global fallout.

The hyper-connected and cascading behavior of internal risks

My independent research into the causes of historical disasters, which started in 2004, has identified certain cascading principles and mechanisms of how the combined effects of underestimated internal risks can wreak havoc and self-destruction even without the help of external forces. If your SWOT ignores the cascading and hyper-connected nature of internal and external risks, your efforts could be futile. Too often, risks are assumed to approach from over the horizon from the outside. This mindset ignores the fact that most organizational failures stem from internal risks and a dysfunctional work culture. The triggers of such havoc can emanate from the top of the organization and quietly ripple through the organizational cascades to create undesirable events.

A SWOT analysis on the SWOT analysis

A SWOT analysis is a mini-risk assessment and mitigation brainstorm tool.  However, its strengths will become weaknesses if the assessments are superficial. If the SWOT is reconfigured to meet the realities of a hyper-connected and cascading world, this tool can be very insightful.

What follows is a short SWOT analysis on the SWOT analysis tool to assess its capabilities to pursue true disruptive innovation. This exercise can be viewed as a self-diagnostic of a SWOT:

Strengths:

  • Simple and easy to understand
  • Helps you identify and understand challenges and opportunities
  • Can be used to develop a robust action plan
  • Concentrates on the most important factors

Weaknesses:

  • Its simplicity will not always prompt its users to go deep enough to make its analysis meaningful
  • It does not prompt its users to investigate hyper-connected risks that can cascade and ripple through an organization in a destructive manner
  • It does not prompt its users to investigate slow-burn/slow failures (aka creeping risks) that can build up over time and create tipping points that produce a perfect storm of unintended consequences
  • It does not prompt its users to solicit true and candid cultural perceptions and threats for all employee levels
  • It will not lead to disruptive innovation in its basic form

Opportunities:

  • Invigorate the classic SWOT into a cascading SWOT to match the way in which the world and modern organizations actually operate
  • Identify hidden threats and uncomfortable and unspoken talk rules
  • Include assessment of internal leadership gaps
  • Include factual assessments of cultural health of the organization
  • Include assessments of internal process inefficiencies and risks in key business processes
  • Assess the quality of your business metrics
  • Assess the organization’s responses to critical situations
  • Assess how your organization learns from its mistakes and makes the necessary changes
  • Assess the internal and external customer satisfaction levels
  • Include a “points of pain” assessment as perceived for various levels of employees

Threats:

  • The assumption that SWOT-KISS (keep it simple, stupid) is the right approach may not fit well in the complex and cascading world in which we live
  • It can misdiagnose luck as skill; the organization will be ill-prepared for adverse events
  • It assumes that, if you ask fellow employees for inputs, they will tell you the whole truth, without fear of punishment

Summary of the SWOT analysis on the SWOT analysis

A good SWOT should be provocative and assess the sensibility on your own strategies, track your efforts to solicit and address internal taboo talk rules, monitor employee frustration levels and assess your internal culture’s momentum toward success or failure. Most importantly, do not forget to gather multiple perceptions on the above opinions from leadership, mid-management and non-management employees. If the perceptions are vastly different, determine why the same people under the same roof are describing the same company in very different manners.

Transforming the SWOT into the foundation for disruptive innovation

It must be stressed that an energized SWOT is only the foundation of a good strategic plan. It is not the final analysis or strategic planning tool. The annual corporate strategic planning cycle is usually time-consuming and interactive and must get off to a good start with the right tone if anything of value is to be expected.

SWOT expansion to include internal cascading risks

The biggest opportunities to achieving strategic objectives lie in the ability of leadership to identify, assess and manage the internal cascading connections and cause-and-effect relationships that exist. The main areas of internal, hyper-connected top-to-bottom cascading elements and loops include:

  • Leadership strategies, attitudes and behaviors
  • Cultural behavior
  • Process efficiency
  • Performance outcomes
  • Responses to shortfalls in performance metrics
  • Feedback loops to leadership that either incorporate lessons learned or ignore such lessons, offering the next cycle of adverse events the opportunity to sink the ship

Each of the above mentioned elements of internal cascades should be SWOT-ed separately with candid and honest inputs from all levels of employees (See graphic below). Embracing such logic allows leaders to create a cascading strategic plan that can energize the organization instead of just addressing the symptoms of issues with sugar-coated Power Point slides or adding a fresh coat of paint to the Titanic while it is sinking.

Untitled

Figure 1. Each element of internal cascades should be SWOT-ed separately with candid and honest inputs from all levels of employees

SWOT expansion to include external cascading risk assessments

External risks need to be listed, rated for connectedness and assessed for their impact and likelihood of affecting the business. This offers a good start for subsequent strategic risk management efforts. The World Economic Forum’s annual Global Risk Report offers a good reference to use as a starting point for possible risks to consider. Separate SWOT analysis should be carried out for the six main areas of global risks:

  • Economic
  • Environmental
  • Geopolitical
  • Societal
  • Technological
  • Real-time feedback loops to leadership on the status and changes in global risks

Conclusion

Organizations and the world are hyper-connected communities that are exposed to threatening invisible cascade, ripple and domino effects. Today’s risks can easily leap past national borders, firewalls and other security safeguards and trigger very unexpected circumstances that can threaten the reputation and existence of the business. Modern applications of the SWOT analysis should consider this complex and cascading nature in which the world now operates. A thorough SWOT analysis can be a good start for any level of strategic planning, including the ultimate wish of any organization, which is to create disruptive innovation and value that will ignite the passions of its employees and customers.