"To lead is to live dangerously”, says Ronald Heifetz, professor at Harvard University's John F. Kennedy School of Government.
An advocate for “adaptive leadership”, Heifetz argues that bold decision-making is the single most important factor determining an organisation’s capacity to thrive in today’s ever-changing risk environment.
“Adapters” are different. According to the Boston Consulting Group, highly adaptive leaders constantly think outside the box, experiment with new market offerings and business strategies, and side-step bureaucratic solutions.
PWC findings also suggest that leaders with adaptive risk management attitudes are three times more likely to see revenue growth — at more innovative companies — than their less-nimble peers. Always adjusting, they are also twice as confident in their ability to thwart AI, big data, IoT, and automation threats. When black swan events hit, “adapters” survive.
In New Zealand’s tech sector, this brand of leadership needs to be more widely adopted, according to a recent tech liability white paper from Delta Insurance. To turn growing cyber and legal threats to their own competitive advantage, Kiwi innovators must change their ideas about risk management.
State of the nation
New Zealand’s tech pioneers are as agile as they are ambitious. In 2017, the tech sector was the fastest growing segment of our economy, generating 8% of GDP, employing 5% of the country’s workers, and contributing to 9% of all exports.
Local innovators like Xero and Orion lead the pack driving huge revenue growth — last year, the combined revenues of our top 200 tech industry companies (TIN200) hit $10 billion for the first time. Meanwhile, low-cost barriers at home make New Zealand a prime start-up environment, ranked first in the world by the World Bank Group for ease of doing business.
Growing success is triggering heavier investment in the market, with foreign investment in early stage Kiwi tech companies increasing 239% in 2016. According to NZ’s Private Equity and VC Monitor, over $1b of new capital was raised by NZ private equity and venture capital investment funds in 2016.
New environments demand new strategies
But “an army of threat actors” marches in lockstep with the industry’s growth, says John Moore, senior underwriter and financial lines manager at Delta Insurance.
For example, distributed denial of service (DDoS) attacks — which flood websites with simulated requests until the site crashes — disproportionately hit IT, SaaS and cloud service providers, with 33% of global DDoS incidents affecting tech companies, at an average cost of $40,000 per hour of outage.
With hackers increasingly harnessing domestic IoT devices (like IP cameras and baby monitors) into DDoS botnets, there is no limit to the scope of potential damages — as demonstrated by the 2016 Dyn attack that downed most of the world’s high-traffic websites, including Netflix, Twitter and Amazon.
Other cyber threats, such as data breaches, ransomware, and phishing incidents, also continue to proliferate. Yet attitudes remain shockingly complacent — most organisations surveyed in a recent IBM/Ponemon Institute study were confident they could resist a cyber-attack, though only 23% had a response plan in place.
With CEOs and risk analysts now ranking cyberthreats a top risk to global growth in 2018, these challenges should provoke an adaptive response from New Zealand’s tech leaders. As Deloittes notes, high-tech organisations are highly exposed by their famously open workplaces, and reliance upon cutting-edge technologies. But most aren’t prepared to tackle rising cyber threats.
Broader horizons, bigger lawsuits
New threats also lurk offshore. In 2016, IT services exports from New Zealand saw double-digit percentage growth in most major markets, and our digital economy contributed more than $6.9 billion in export earnings last year.
But intellectual property (IP) infringement
on patents and copyrights are increasingly
landing Kiwi software developers and
designers in hot water in foreign markets,
especially Europe, Asia, and the USA —
where tech giants typically amass software patents like tactical nukes.
Case in point: US audio company Bose’s claim of patent infringement against NZ noise-cancelling technology maker Phitek Systems. Though the Kiwi company admitted no liability, it was nevertheless strong-armed into settling for NZ$4.5m plus legal costs.
“If you’re the new kid on the block, established players will want to shut you out,” explains Moore. “In the end, Phitek exited the market because it just wasn’t viable to fight against the incumbent. The disparity in bargaining power was too big.”
Worse are the trolls, says Miles Valentine, founder of Kiwi tech company Zeacom. Stung twice by patent trolls in North America, Zeacom was litigated for technology it didn't even possess: "[But] It was going to cost me USD$1 million to get to court to tell them that,” says Valentine, “so I gave them $350,000 to go away."
Adaptive opportunities for Kiwi tech leaders
With experts declaring that attacks are now a question of “if”, not “when”, Kiwi tech leaders must adjust to these new uncertainties to thrive. Consider a heart attack, advises Heifetz: once the patient has stabilised and the emergency has passed, adaptive challenges remain.
“Staying aware and informed about coming threats, and planning to mitigate or take advantage of them” is key to forging new competitive advantages, says Delta Insurance managing director Ian Pollard. For TaaS or SaaS-based companies, this might mean deploying anti-DDoS attack shields, or running disaster scenarios and penetration tests.
Having a business continuity plan (BCP) or disaster recovery plan (DRP) in place will also make it easier to take advantage of risk situations when they strike. As Matt Taylor of Kiwi IT company Red Shield puts it: “If the
bad guys come, you want a private army on
your side.”
According to Moore, technology liability policies must also be constantly updated to respond to new exposures: “If you’re accessing the systems of big companies in Asia through APIs and other connections, they’ll want some comfort that you’ve got insurance to cover their costs if you mess up and release all their data,” he explains.
Pollard goes even further, saying that adaptive tech leaders also have a responsibility to “build risk management mindsets and cultures within their companies.” With the majority of security incidents caused by employees, strong cyber education can stave off an infiltration.
Though the storm clouds look dark, Delta Insurance challenges the idea that external stresses are bad for business. Periods of disequilibrium, argues Pollard, are energising. Faced with cyber threats or legal risks, adaptive leaders must mobilise — by altering the DNA of their organisations, and redefining the rules of the game.
Delta Insurance recently presented a series of nationwide seminars for Techweek in tandem with Deloitte and Augen Software Group. The theme of the seminars was “With
new innovation comes new risks” and outlined the risk management necessary for the technology sector.
