Skip navigation
2017

Executives at global organizations are more confident than ever that their companies can predict and resist a sophisticated cyber attack, but most also recognize their organization falls short of needed investments and plans to recover from a breach in today’s expanding threat landscape, according to a new study.

 

EY’s annual “Global Information Security Survey (GISS)—Path to cyber resilience: Sense, resist, react” found that half of the survey’s respondents indicated their organization could detect a sophisticated cyber attack—the highest level of confidence since 2013—due to investments in cyber threat intelligence to predict what they can expect from an attack, continuous monitoring mechanisms, security operations centers (SOCs) and active defense mechanisms. Nonetheless, despite these investments, 86 percent of the respondents also indicated that their organization’s cyber security capabilities does not fully meet their organization’s needs.

 

The survey of 1,735 C-suite leaders and IT executives and managers from large, global companies examines the cyber security issues businesses face. Among other notable findings, the survey found that more than half (57 percent) of respondents said their organization had a cyber incident in the past year. Tellingly, nearly half (48 percent) of the respondents cited outdated information security controls or architecture as their highest vulnerability—an increase from 34 percent in the 2015 survey.

 

Business continuity and disaster recovery was cited by respondents as their top priority (57 percent), along with data leakage and data loss prevention (57 percent). Although 42 percent of the respondents say their company plans to increase spending this year on data leakage and loss prevention, only 39 percent of the respondents say the company plans to spend more on business continuity and disaster recovery.

 

“Organizations have come a long way in preparing for a cyber breach, but as fast as they improve, cyber attackers come up with new tricks,” says Paul van Kessel, EY Global Advisory Cybersecurity Leader. “Organizations therefore need to sharpen their senses and upgrade their resistance to attacks. Executives also need to think beyond just protection and security, and consider ‘cyber resilience’—an organization-wide response that helps prepare for and fully address these inevitable cyber security incidents. In the event of an attack, they need to have a plan and be prepared to repair the damage quickly and get the organization back on its feet. If not, they put their customers, employees, vendors and, ultimately, their own future, at risk.”

 

I was also interested to read that although the survey found that respondents continue to cite the same key areas of concern for their cyber security, they also said all of their top cyber security threats, including malware, phishing, cyber attacks to steal financial information, or cyber attacks to steal intellectual property or data are markedly on the rise. For example, respondents said they see increased risks from the actions of careless or unaware employees (55 percent compared with 44 percent in 2015) and unauthorized access to data (54 percent compared with 32 percent in 2015).

 

Meanwhile, the executives also noted that obstacles to their information security function are virtually unchanged from last year, including: budget constraints (61 percent compared with 62 percent in 2015), lack of skilled resources (56 percent compared with 57 percent in 2015), and lack of executive awareness or support (32 percent, the same as in 2015).

 

Do the responses of the survey respondents mirror what you think about your company? Are you confident the organization can predict and resist a sophisticated cyber attack? If there is a cyber incident, is there a plan to maintain business continuity?

In one of its last acts under the Obama administration, the U.S. Department of Transportation last week announced it had picked 10 sites as locations for testing self-driving cars before they hit U.S. roadways. The selections follows a nationwide competition among national testing centers that began in November. Automakers will share the facilities and data to foster innovations that can safely transform personal and commercial mobility, expand capacity and open new doors to disadvantaged people and communities, says outgoing U.S. Transportation Secretary Anthony Foxx.

 

“The designated proving grounds will collectively form a Community of Practice around safe testing and deployment,” says Foxx. “This group will openly share best practices for the safe conduct of testing and operations as they are developed, enabling participants and the general public to learn at a faster rate and accelerate the pace of safe deployment.”

 

The proving grounds will also provide critical insights into optimal big data usage through automated vehicle testing, and will serve as a foundation for building a community of practice around automated vehicle research Foxx says.

 

Designees were selected from a competitive group of over 60 applicants. They included academic institutions, state Departments of Transportation, cities, and private entities and partnerships. Proving grounds designees all have different facilities that can be used to gauge safety, manage various roadways and conditions, and handle various types of vehicles.

 

The Proving Ground designees are:

City of Pittsburgh and the Thomas D. Larson Pennsylvania Transportation Institute

Texas AV Proving Grounds Partnership

U.S. Army Aberdeen Test Center

American Center for Mobility (ACM) at Willow Run

Contra Costa Transportation Authority (CCTA) & GoMentum Station

San Diego Association of Governments

Iowa City Area Development Group

University of Wisconsin-Madison

Central Florida Automated Vehicle Partners

North Carolina Turnpike Authority

 

The future of transportation undoubtedly includes vehicles which operate with little or no input from human operators, but there are still a lot of questions about safety and human interaction, as well as plenty of technological challenges that need addressing, says Peter Rafferty, a program manager at University of Wisconsin-Madison’s Traffic Operations and Safety Laboratory (TOPS). AV technology in development ranges from one- and two-person vehicles and small buses for local trips up to platoons of trucks driving in tandem on the interstate, and UW-Madison has places to test most or all of those vehicles, he says.

 

“There’s evidence of unmet demand for these proving grounds—controlled roads where you can safely challenge a vehicle and figure out how to make it react differently to a big rock in its way than it would to a shopping bag in the street or to tell the difference between the ruts that develop in new snow and broken pavement,” says Rafferty.

 

The Wisconsin AV Proving Grounds includes MGA Research’s Burlington site—400 acres of roadways and crash-testing facilities originally built as a proving ground for American Motors cars—and the four-mile racing circuit at Road America in Plymouth will provide secure environments for AV testing. The headquarters of Epic Systems in Verona and UW–Madison’s own streets are also included in the proving grounds, and present more public and realistically interactive situations for driverless vehicles, Rafferty says.

 

Considering the commitments from Tesla Motors, BMW AG, General Motors, Ford Motor and Volvo to produce fully autonomous cars within five years, and continued work by Alphabet’s Google Self-Driving Car Project, it seems federally appointed proving grounds are a good idea. What are your thoughts? Is this an appropriate next step for testing autonomous vehicles?

Ethical audits and inspections of global supply chains for multinational corporations is “working” for corporations, but labor abuses, poor working conditions and environmental degradation within global supply chains remain widespread, according to a new report.

 

Many key questions and serious concerns hang over the ethical audit regime, say researchers from the University of Sheffield, Sheffield, South Yorkshire, England. They include: are audits effective in identifying non-compliance and driving up standards, what does the audit regime mean for governments and non-governmental organizations (NGOs), where does power lie within the audit regime, and, ultimately, in whose interest is the ethical audit regime working? To investigate corporate supply chains, researchers from the Sheffield Political Economy Research Institute (SPERI) at the University of Sheffield interviewed supply chain auditors, business executives, NGOs and manufacturers in North America, the UK and China, and also visited factories in the Pearl River Delta region of China.

 

“Recent disasters such as the Rana Plaza factory collapse in Bangladesh have put the spotlight on supply chains [of global corporations], but what has been less reported is that labor, safety and environmental abuses often take place within ‘certified’ and audited supply chains,” says Dr. Genevieve LeBaron, co-author of the report and Senior Lecturer in Politics at the University of Sheffield and a current visiting professor at Yale University. “Our interviews reveal how corporations have designed an inspection and auditing system for global supply chains that is ‘working’ for them, but badly failing workers and the planet.”

 

Among the key findings in the report are that some corporations have designed a system of self-regulation which allows their suppliers to cover-up abuses and easily cheat a weak inspection system. The research also found that audits may be ineffective tools for detecting, reporting or correcting environmental and labor problems in supply chains, and actually reinforce existing business models and preserve the global production status quo, the report explains. The report goes on to note that the audit system, with the involvement and support of NGOs, increasingly reduces the role of states in regulating corporate behavior and reshapes global corporate governance toward the interests of private business—and away from the public interest and social goods.

 

“Arguably, it’s the unsustainable business models of large corporations, which are reliant on cheap labor and environmental degradation, that drive abuses within supply chains,” says Dr. LeBaron. “And yet, corporations, by working with a growing audit industry, are presenting themselves as the solution to the abuses.”

 

This report should be a “wake-up call” for governments, international organizations and NGOs because it raises serious questions about the effectiveness, legitimacy and accountability of a system of supply chain monitoring that is increasingly being designed, implemented and reported on by corporations themselves, says Dr. LeBaron. Unless concerted effort is taken to strengthen non-corporate led inspections, it seems highly likely serious abuses will continue within the supply chains of major global brands, she says.

 

Co-authored by Jane Lister, Senior Research Fellow and Associate Director of the Centre for Transportation Studies at the Sauder School of Business, University of British Columbia, the report is the first publication in a new series of SPERI Global Political Economy Briefs. SPERI intends for the series to present the expertise of its academic researchers and enable SPERI to influence and contribute to public debates on major contemporary global political economy issues.

 

I’d like to know your thoughts on the study and the use of ethical supply chain audits. Do you think use of weak self-regulation allows suppliers to cover up abuses?

A new report from the U.S. Department of Transportation confirms what most people already suspect, which is that more investment is needed not only to maintain the nation’s highway and transit systems, but to overcome a nearly trillion-dollar investment backlog.

 

“We have an infrastructure system that is fundamental to the nation’s economic health, and it needs greater attention and resources,” says U.S. Transportation Secretary Anthony Foxx. “Improving our nation’s roads, bridges and transit helps create jobs, connects communities and ensures that our nation is equipped for the future.”

 

The report, “2015 Status of the Nation’s Highways, Bridges and Transit: Conditions and Performance,” is a biennial report to Congress that provides information on the physical and operating characteristics of the highway, bridge and transit components of the nation’s surface transportation system. Secretary Foxx added that the Congressionally mandated report confirms the projections outlined in “Beyond Traffic,” a U.S. Department of Transportation study issued in early 2015, which examined the challenges facing America’s transportation infrastructure over the next 30 years, such as a rapidly growing population and increasing freight traffic.

 

The Conditions and Performance report identifies an $836 billion backlog of unmet capital investment needs for highways and bridges, or about 3.4 percent more than the estimate made in the previous report. Addressing the growing backlog—while still meeting other needs as they arise over the next two decades—will require $142.5 billion in combined transportation spending from state, federal and local governments. In 2012, the most recent year in which the report’s data were available, federal, state and local governments combined spent $105.2 billion on this infrastructure—35.5 percent less than what’s needed to improve highways and bridges.

 

“The case for more investment in our nation’s transportation system is clear,” says Federal Highway Administrator Gregory Nadeau. “A strong transportation system will make businesses more productive and freight shippers safer and more efficient while improving America’s quality of life.”

 

Interestingly, the report found that between 2002 and 2012:

·                     The percentage of structurally deficient bridges decreased from 14.2 percent to 11 percent

·                     Road quality improved, with the share of travel taking place on smooth pavement increasing from 43.8 percent to 44.9 percent

·                     Delays in traffic cost the average commuter more time than ever, with an estimated 41 hours of delay per year in 2012, up from 39 hours in 2002, and

·                     Transit route miles increased by 32 percent, with light rail growing faster than any other transit mode.

 

On the one hand, President Trump’s administration committed to make infrastructure investment a priority, however, recent reports about the new administration’s initial agenda indicate there won’t be an infrastructure bill within the first 100 days. On the other hand, many states are already putting infrastructure issues on the table.

 

The American Society of Civil Engineers reports that in California, the first bills introduced in each chamber for the 2017 regular session address methods to raise more than $6 billion for state and local roads, trade corridors and public transit. In Indiana, lawmakers are proposing to invest in the state’s roads and bridges, which need more than $1 billion in additional funds, through new gasoline and vehicle taxes. In Minnesota, Governor Dayton is proposing a $1.5 billion bonding package for state public works projects that will allocate $70 million for local road and bridge projects. Finally, in Montana, Governor Bullock is calling for a $200 million investment of cash and bonds during the 2017 legislature to fund infrastructure needs, the society reports.

 

What are your thoughts on nation’s highway and transit systems? What impact do traffic delays and other problems have on your organization’s supply chain?

As rhetoric—and tweets—about imposing so-called “big border tax,” or tariffs of 35 percent, on goods imported to the U.S. from Mexico increase, it’s worth observing how companies, and industries, respond.

 

For example, FCA, the U.S. arm of automaker Fiat-Chrysler, recently announced it would invest a total $1 billion in plants in Michigan and Ohio, which will add 2,000 new jobs in the U.S. In a statement, FCA clarifies that the plans are “consistent and combined” with investments announced last year, and are a “continuation of the efforts already underway to increase production capacity in the U.S. on trucks and SUVs to match demand.” The plans, the company further notes, will help solidify the U.S. as “a global manufacturing hub” for its flagship brands.

 

It’s worth pointing out that FCA’s announcement came days after Ford Motor Company decided to scrap its plan to build a facility in Mexico, instead opting to invest in a plant in Michigan. Ford’s CEO Mark Fields said evolving demand—rather than the policies of President-elect Donald Trump, who has vowed to impose a “border tax” on companies that send jobs abroad—was the reason for the change.

 

It isn’t just companies in the auto industry, however, or simply those companies targeted by Trump, that are increasingly exploring the economics of moving production to the U.S. Indeed, a proposal to apply a border-adjustment tax to products that are imported into the U.S. while exempting exports encourages businesses to re-examine their supply chains, an article in the Wall Street Journal explains. Consequently, contract manufacturers say they have seen an increase in calls asking about the possibility of shifting some production to the U.S. since the election, the article reports.

 

“We are starting to get more and more requests to do more analysis,” Mike McNamara, chief executive of Flex Ltd., a Singapore-based contract manufacturer with operations around the world, says in the article. Although it’s early in the process, McNamara says he expects some manufacturing to be relocated to the U.S.

 

The factors that influence where a company decides to source a component or product vary by industry. A company’s willingness to reshore manufacturing to the U.S. might be driven by the location of customers and parts, as well as the labor costs, taxes, duties and lead times, or a combination of those factors.

 

On the one hand, shifting the manufacture of some high-tech products, such as smartphones, to the U.S. isn’t likely to generate much benefit for a company. That’s because more than 90 percent of the supply chain for components is embedded in Asia, Marco Gonzalez, chief operating officer for the Americas at contract manufacturer Sanmina Corp. says in the WSJ article. Some parts simply aren’t available in the U.S., and moving operations to the U.S. would hurt margins, he says.

 

Then again, consider, for example, the case of Microtronic, which moved some of its manufacturing to the U.S. in 2015. The maker of semiconductor inspection equipment used to import a fabricated aluminum part from Eastern Europe, the WSJ article reports. The price was 20 percent to 25 percent less than the prices quoted by U.S. manufacturers, Bruce Allen, director of operations, says in the article.

 

However, Microtronic had to pay five percent to 10 percent more for shipping from Europe, Allen says in the article. Further, roughly every third delivery would have problems, such as the use of the wrong alloy or improper specification, which required Microtronic to stockpile inventory. If an issue wasn’t discovered until the afternoon, the company would lose a full day before it could even report the problem to the supplier, Allen says.

 

Today, Microtonic sources the part from a contract manufacturers in the U.S. at a higher price, but lead times and transportation costs are lower, the article explains. More importantly, Microtronic no longer loses valuable time waiting to follow up with suppliers several times zones away.

 

“You have to look at the broad picture,” Allen says. “The communication lag was a big factor.”

 

What are your thoughts on reshoring? Would a new “border-adjustment tax” have an impact on sourcing decisions?

The share of women in the U.S. computing workforce will decline from 24 percent to 22 percent by 2025, according to research last fall from Accenture and national nonprofit Girls Who Code. However, successfully creating programs to encourage girls to pursue a computer science education could triple the number of women in computing, growing their share of technology jobs from 24 percent today to 39 percent in the same timeframe, according to the report.

 

That’s why I was interested to read earlier this week that General Motors and Girls Who Code (GWC) announced a partnership to, as they explained, “inspire and empower” thousands of U.S. middle and high school girls to become future leaders in these fields. Through the partnership, girls from underserved communities will gain “increased access to computer science education, sisterhood, mentorship and projects that demonstrate the real-world impact of computing” through a model that significantly increases young girls’ interest in pursuing technology and engineering degrees, GM and GWC announced. GM is giving a $250,000 grant to expand GWC’s Clubs programs, which provide free after-school activities in schools, universities and community centers.

 

“Becoming an engineer paved the way for my career,” said GM Chairman and CEO Mary Barra. “It’s one of the reasons I am passionate about promoting STEM education to students everywhere. Partnering with Girls Who Code is one more step in GM’s commitment to inspiring and growing diverse future leaders. I’m extremely proud that some of GM’s top female leaders will spend time with the students, teaching them about the possibilities and rewards of a STEM education.”

 

The demand for computing skills far outstrips supply, creating a talent shortage for U.S. employers. In 2015, there were more than 500,000 open computing jobs to be filled in the U.S., but fewer than 40,000 new computer science graduates to fill them, the Accenture/GWC report notes. The untapped potential of women to fill these roles has significant implications for U.S competitiveness.

 

Indeed, programs designed specifically to spark and maintain girls’ interest from middle school into the workforce could triple the number of women in the computing workforce in the next 10 years, Accenture and GWC predict. Consequently, partnerships such as that announced by GM/GWC with a tailored and sequenced series of actions could not only increase the pipeline of women to 3.9 million by 2025, but also boost women’s cumulative earnings by $299 billion, the report explains.

 

“While we’re proud of our progress to-date in closing the gender gap in technology, our work is just getting started,” says Reshma Saujani, founder and CEO of Girls Who Code. “It’s never been a more urgent time to help our girls succeed in technology and engineering. We need more of our daughters to become engineers like Mary Barra, not just because these are goods jobs, but because having diverse thinkers in these roles makes our companies more innovative and competitive. I’m thrilled that our partnership with GM will help thousands of girls get access to top jobs, and they’ll get to shape the products and services we use every day.”

 

What are your thoughts on promoting computer science—or STEM, for that matter—for girls in middle and high school? Are you aware of any such programs in your community?

The good news is that the overall number of organizations experiencing supply chain disruptions fell from 74 percent in 2015 to 70 percent in 2016. The bad news is that organizations which did suffer disruptions suffered more of them, with the percentage of organizations experiencing at least 11 disruptions during the year increasing from seven percent in 2015 to 22 percent in 2016, according to The Supply Chain Resilience Report, published by the Business Continuity Institute and supported by Zurich Insurance Group. Furthermore, while the percentage of organizations reporting losses in excess of €1 million from a single incident remains static at nine percent, supply chain disruptions have cost one in three organizations more than €1m in the last year, the report notes.

 

There are a number of key findings in the report. For instance, unplanned IT and telecommunications failures remains the top cause of disruption, with loss of talent/skills moving up to 2nd place from 6th in 2015. The other top causes of disruption were outsourcer failure, transport network disruption and cyber-attack or data breach. Startlingly, 40 percent of the respondents indicated their organization doesn’t analyze the source of supply chain disruption.

 

The consequences of supply chain disruptions are notable as well. For instance, respondents cited increased costs linked to significant increases in the amount of lost productivity, increased cost of working, customer complaints, impaired service outcomes and damage to brand reputation and loss of revenue as the consequences of supply chain disruptions. Increases in lost productivity and damage to brand or reputation were most significant, with lost productivity cited by 68 percent of the respondents (up from 58 percent in 2015); and damage to brand or reputation cited by 38 percent of the respondents (up from 27 percent in 2015). The survey found 43 percent of organizations don’t insure these losses, and so bear the full brunt of the cost themselves.

 

Arguably, one of the reasons for the increase in the number of disruptions for many organizations is that fewer of them are maintaining adequate visibility over their supply chain, the report notes. Indeed, the percentage of respondents reporting that their organization maintains adequate supply chain visibility decreased from 72 percent in 2015 to 66 percent this year.

 

This could have major consequences when it comes to managing the supply chain and ensuring that disruptions are minimized, the report continues. It further notes that ensuring supply chain visibility remains one of the biggest challenges for organizations with the data showing increased dependencies between suppliers and downstream organizations, reinforcing the need for organizations to understand their supply chain in more depth, identify key suppliers and improve reporting of disruptions.

 

There are two other “worrisome” findings, the report notes. The first is that only 27 percent of the respondents reported top management commitment to supply chain resilience, down from 33 percent last year. Secondly, only 73 percent of the respondents indicated their organization has business continuity arrangements in place to deal with supply chain disruptions.

 

A lack of top management commitment is important to address because that commitment is required to drive supply chain resilience and performance, the report notes. The findings “affirm how leadership input can significantly influence good practice and help build an appropriate organizational culture and structure,” the report concludes.

 

What are your thoughts on supply chain disruptions? Have they increased or decreased for your organization?

President-elect Donald Trump’s Twitter campaign against the auto industry has gone global. After berating Ford and GM, Trump has now also threatened Toyota with high tariffs for making cars in Mexico for the U.S. market. His attack is now cause for concern for both domestic car manufacturers and those in Japan.

 

On the campaign trail, Trump repeatedly criticized Ford’s investments in Mexico, and vowed that he would impose a 35 percent import tariff on any cars built in Mexico that Ford tries to sell in the U.S. Now Trump has taken aim at other automotive manufacturers. Early last week, for example, he threatened via Twitter to impose a “big border tax” on General Motors for making some of its Chevrolet Cruze compact cars in Mexico. Trump didn’t provide further details.

 

Hours later, in surprising news, Ford announced it will cancel a planned $1.6 billion factory in Mexico and will instead invest $700 million in a Michigan factory. Ford’s executive chairman, Bill Ford Jr., said he personally notified Trump of the decision, but after Trump’s early-morning GM tweet.

 

Ford officials say the revised plans to expand a plant in Flat Rock, Mich., to build electrified and autonomous cars are tied to market conditions which have depressed small-car sales, and that they didn’t consult with the incoming Trump administration before making the decision. Mark Fields, Ford’s CEO, added in an interview that the president-elect’s emphasis on tax changes and cutting regulations should have an overall positive effect on automakers such as Ford.

 

“We are encouraged by the pro-growth plans that President-elect Trump and the new Congress indicate they will pursue,” Fields said, the New York Times reports.

 

Moving on though, yesterday, Trump blasted Toyota.

 

“Toyota Motor said will build a new plant in Baja, Mexico, to build Corolla cars for U.S. NO WAY! Build plant in U.S. or pay big border tax,” Trump wrote in a post on Twitter.

 

Toyota broke ground on the $1 billion Corolla plant in Guanajuato, Mexico, in November. Trump’s tweet appears to incorrectly state that Toyota plans to build a new plant in Baja, Mexico. Toyota said in September it plans to increase capacity at an existing plant in Baja that makes pickup trucks, but no sedans.

 

In reply, Toyota released a statement saying that “Toyota looks forward to collaborating with the Trump Administration to serve in the best interests of consumers and the automotive industry.” It went on to note that Toyota has $22 billion invested in the U.S., which includes 10 manufacturing plants and 1,500 dealerships that employ a total of 136,000 workers. The majority of cars Toyota produces in factories in Kentucky, Alabama, West Virginia, Texas and Indiana are sold in the U.S., and the company exports more than 160,000 vehicles annually from the U.S. to 40 countries.

 

Toyota President Akio Toyoda said yesterday that the company is aligned with the incoming administration in that it wants to be a good corporate citizen and grow employment in countries where it operates plants, including the U.S.

 

“If you look over the long term, we are oriented in the same direction,” Toyoda told reporters, the Wall Street Journal reported.

 

As president, Trump won’t be able to punish GM, or any other company, for building cars in Mexico without violating NAFTA. On the one hand, trade experts agree that presidents have wide latitude to impose penalties on imports, at least temporarily, even if courts later find them unlawful. However, as a recent Bloomberg article notes, targeting a single company with a tariff as Trump threatened to do is unheard of and barred under the North American Free Trade Agreement, according to trade experts.

 

“The notion of using emergency tariff-raising authority to influence the investment location decisions of a single company would be an unprecedented use of that authority and far beyond what Congress ever intended,” Edward Alden, a trade expert at the Council on Foreign Relations, says in the Bloomberg View article. “Turning those powers on a single U.S. company because you don’t like its strategy just takes us to a whole new realm.”

 

Then again, the mere threat of a tariff or other punishment may be enough for Trump to get what he wants. Since winning the election, he has pressured companies to change their business plans—such as when United Technologies Corp. unit Carrier announced in November it would keep a furnace plant in Indianapolis open instead of moving about 850 jobs to Mexico, and, as Trump appears to be doing now.

 

What do you think? Are President-elect Trump’s threats of tariffs influencing companies’ plans about where to source operations?