The Decoding AI™ Podcast
Episode 4: Dr Andrea Bonime-Blanc on Cybersecurity, Operational Resilience and Risk Management
Show Notes and Transcript
This episode is sponsored by Teradata.
Teradata is the connected multi-cloud data platform for enterprise analytics company. Our enterprise analytics solve business challenges from start to scale. Only Teradata gives you the flexibility to handle the massive and mixed data workloads of the future, today.
The Teradata Vantage architecture is cloud native, delivered as-a-service, and built on an open ecosystem. These design features make Vantage the ideal platform to optimize price performance in a multi-cloud environment. Learn more at Teradata.com.
Dr. Andrea Bonime-Blanc is a globally recognised risk and corporate governance expert. Andrea’s work spans across decades and it is quoted in leading corporate governance journals.
Andrea is CEO and Founder of GEC Risk Advisory, a global firm that provides strategic and tactical governance, reputation and crisis advice to boards, executives, and investors. Andrea is the author of many books, including Gloom to Boom: How Leaders Transform Risk Into Resilience and Value.
In this episode we cover cybersecurity, corporate resilience, ESG+T, risk and governance.
Key points discussed in this episode
Model of organizational resilience life cycle
Nuggets of Wisdom
what has happened over the last two or three years with the pandemic and now with the Ukraine war and other things that are coming out of this like supply chain crisis, economic crisis, food crisis, all of which are hitting us really hard. All of these things are reverberating and ricocheting all over the place and any leader who doesn't have a culture of risk management that is adapted, focused, and really not only looking at the risk, but the opportunity coming out of the risk, is really missing delivering on their fiduciary duty.
I think in terms of the boards of the companies, there just has to be part of their everyday awareness because they themselves may be the target of some kind of a cyber attack to steal their information and the information of their company.
You don't think about a blueprint for a ransomware response after the ransomware has happened, you have to think about it before. The point that I was making about what boards need to do to be prepared and ask the right questions.
the time of sitting on a board is over, the time of serving on the board is now necessary. A board is not a country club.
Contact Dr. Andrea Bonime-Blanc
Andrea Bonime-Blanc, CEO
GEC Risk Advisory
P.O. Box 231351
New York, New York 10023
Links to books and materials
Dr Andrea Bonime-Blanc books are listed here
Colonial Pipeline Ransomware attack. Link
[00:00:00] Clara Durodie: Welcome. Today we will be talking about cybersecurity, resilience, ESG+T agenda, risk and governance. I'm very excited to welcome Dr. Andrea Bon Malan, a globally recognized risk and corporate governance expert. Andrea's work spans decades and is quoted in leading corporate governance journals. She's an author. A professor at the New York University and a trusted advisor to many decision makers. Andrea is the CEO and founder of G E C risk advisory, a global firm that provides strategic and tactical governance, reputation, and crisis advice to boards, executives, and investors. She is the author of many books, but I'd like to talk a little bit about the most recent one. It's called gloom to boom, how leaders transform risk into resilience and value. It was published in 2019, and was to many, the blueprint to navigate the 2020 pandemic. But it remains one of the governance books I recommend even post the pandemic.
[00:01:28] I called this book, the recipe to make lemonade when life throws you lemons. Welcome, Andrea!
[00:01:35] Dr Andrea Bonime-Blanc: Thank you so much, Clara. That is a beautiful way to put it because we do have a lot of lemons, and we do need to make lemonade and move forward. So thank you for the warm welcome.
[00:01:47] Clara Durodie: It is my pleasure to have you today, Andrea. You are an expert who looks at the world in a realistic and pragmatic way, but also gives people a recipe on how to transform risk into business value. And I think it's very important for all of us to understand how we transformed risk into value at the onset of the pandemic in March 2020 when I was thinking that we are at the bottom of everything and when the only way was up. That was the only thing that kept me going. It's been a while, almost two years, but we seem to be back in the risk arena again, with even more challenges ahead. Despite my optimism. I believe that knowing your risks affords one the opportunity to create value, Andrea, you help decision makers understand strategic risks and leverage them to create more business value.
[00:02:54] Do you think leadership and culture are crucial in managing risk?
[00:02:59] Dr Andrea Bonime-Blanc: I actually think leadership and culture are key when managing risks, because I think organizations, corporations, it can be other kinds of entities, even government agencies and nonprofits, etc. If they don't have leadership that's attuned to, or sensitive to, the risks surrounding them and affecting their business and their business plan and their strategy, then they are missing maybe more than half of the picture at this point. Given what has happened over the last two or three years with the pandemic and now with the Ukraine war and other things that are coming out of this like supply chain crisis, economic crisis, food crisis, all of which are hitting us really hard. All of these things are reverberating and ricocheting all over the place and any leader who doesn't have a culture of risk management that is adapted, focused, and really not only looking at the risk, but the opportunity coming out of the risk, is really missing delivering on their fiduciary duty. Right now and going forward, I think we are going to continue to live in what I coined a couple of years ago in an article, an era of continuous risk and crisis. And it's not like you have one crisis and you have to deal with it. It's one crisis after another, some may be bigger, some may be smaller, but if you don't have that mentality in the leadership - and when I say leadership, I mean, executive management and board - if you don't have that kind of mentality and then the culture suffused within your management team and staff, you're going to not only miss out on some of the some the serious problems that will come back to haunt you, but you will also miss out on the opportunities to make products and services stronger, more resilient, etc. and therefore more survivable and sustainable and in the end, more valuable. So that's where the risk into value kind of proposition lies.
[00:05:14] Clara Durodie: We talk a lot about the ESG agenda as a way to understand some of these risks. You wrote that the most important strategic risks fall under four main categories: environment, social, governance and technology. You were the one, at least as far as I know, to coin the ESG plus T agenda in 2018.
[00:05:46] As I was finalizing my book, I read about your ESG plus T thesis in one of your newsletters. I remember it arrived in my inbox and I was thinking this makes a lot of sense and I decided to mention it in my book. Your ESG plus T thesis has been featured on the world economic forum, online publications, as far as I remember, in one of your eBooks. Why is it important that we address this alongside the ESG agenda?
[00:06:31] Dr Andrea Bonime-Blanc: Well, thank you for that question. Clara, you know, you're a voracious reader of news and information just like I am. And there is this raging, sort of debate that ESG is just letters. You know, a group of letters that are being imposed on people. And then others are saying, ESG is the wave of the future. Whether you call it ESG or you call it sustainability or you call it something else for me, the whole point of ESG plus T is that we have a series and a portfolio of both risks and opportunities that fall into these really big categories. The environmental category, the social category, the governance category, and the technology category that business leaders and other kinds of leaders must. I'm not saying they should consider it. They must consider it as part of their strategic thinking of their risk management and of their product and service development. And here we are, in the third decade of the 21st century and technological disruption and change has never been more powerful than it has been in the last decade or two.
[00:07:45] We are moving at the speed of light On every front, when it comes to AI, nanotechnology, cyber security and insecurity, fake news, misinformation, things manipulated and created by technology that also have a really good side to them. I mean, we were solving things during the whole pandemic period.
[00:08:16] One of the silver linings of it was that the scientists of the world, across borders, shared information on these mRNA vaccines and other kinds of vaccines, and they were able to create a half a dozen vaccines in nine months which, if you compare it to the creation of vaccines in the past, was basically a world record, solving to a huge pandemic, which continues.
[00:08:47] But it continues at least with some help from the scientific community. And the only reason the scientific community was able to do that is because they have so many technology tools, such as biological, communications, AI and, and so on and so forth. They have all these tools they were able to gang together and to solve these problems.
[00:09:10] Now, was it perfect? No. Did everybody benefit? No, but my point here is you take something like the vaccine development and it combines certain biological environmental issues. It combines social issues because it affects humans around the world, and the work of humans and, the living of humans and the health and safety of humans.
[00:09:36] It has governance implications at every level; global governance, like the world health organization, national governance where each country had to deal with it; corporate and business and UN and entity governance, where every organization had to decide, how do we deal with this issue? How do we manage our workers?
[00:09:57] Do we let them work from home? If they work in a facility, how do we protect them? And then it had the technology piece. So this is an example to me, of an ESG plus T. A sort of cluster bomb of issues and without thinking about the T piece, the technology piece, we're basically missing a very huge portion of this story.
[00:10:22] And so the same goes for almost everything else that's going on. Look at the Ukraine and Russia war, maybe that's a geopolitical issue first and foremost, but it's a governance issue. It's a social issue and frankly, it's a technology issue. The cyber piece of this war, the misinformation, disinformation, social media, we have all of this going on. For example, in sort of the reporting, both from a journalistic standpoint and from a NGO standpoint of reporting and finding information on the atrocities that the Russian military has perpetrated against the Ukrainians, they're able to piece together through geospatial satellite imagery and geolocation activity and other social media footprints. They're able to piece together the exact soldier who raped somebody in a town. Now this would not be impossible without technology.
[00:11:34] So my thesis with ESG plus T is not to create a whole new consulting framework and so on and so forth. My point here is for business leaders, business entities, boards of directors and others who are dealing with the world as it exists, not as they want it to exist. If they're not thinking about their ESG and technology issues as a portfolio of issues, risks and opportunities as part of their strategic development, as part of the development of their products and services and as part of their enterprise risk management, they are living like an ostrich with their heads in the sand. So to me, the T adds a whole series of other intertwining issues that you have to consider as part of some of the other things that you're doing.
[00:12:34] Clara Durodie: Well, most certainly the T piece in the ESG plus T narrative keeps coming at the board level in different guises and one of them is the cyber which I would argue is the cybersecurity piece.
[00:12:53] Dr Andrea Bonime-Blanc: Absolutely.
[00:12:55] Clara Durodie: It's on everyone's agenda. Can you help refresh my memory? I remember reading about two or three weeks ago, that at the onset of the war in Ukraine, there were recommendations to CEOs and board of directors to pay close attention to cybersecurity and cyber attacks incidents. As governments believed the war exaggerated them quite frankly. So it put the whole cybersecurity discussion in an immediacy. We do something now because it's absolutely necessary. So what signals in your view with a governance perspective should boards and risk teams really be aware of? Given the current influx of new types of risks that we have been experiencing since the beginning of 2020.
[00:14:15] Dr Andrea Bonime-Blanc: Just when we thought it was safe to go back out right. I think a couple of thoughts, reactions. Right before the war actually started and people were still hoping maybe this won't happen, we had a cybersecurity threat matrix in the world that we kind of knew any day now, something big is going to happen. An onslaught of new cybersecurity attacks might happen, but we had already experienced during the pandemic, a real increase in all kinds of attacks, especially ransomware, especially against healthcare, and around the world. Although of course the US and Western European countries are the biggest targets for this kind of attack. Since the Biden administration in the US, there has been a very distinct ramping up of cybersecurity measures, executive orders, and requested legislation and funding and budgeting to ramp up the whole cybersecurity protection situation.
[00:15:33] And that has happened in the year and a half that the Biden administration has been in office. There have been some distinct and positive changes from a cybersecurity standpoint in the US government, also in the public private collaboration that's occurred. But then I would suggest that in addition to that, maybe unbeknown to many people, but certainly not to people who are in this space Ukraine had really developed a very sophisticated cybersecurity protection, national sort of security posture.
Because they had been attacked repeatedly by the Russians in the past and of course through the 2014 invasion of Crimea and other parts of Ukraine. So they've been much more prepared for this sort of thing than maybe other countries, although there are other east European Baltic nations that have been very prepared as well because they have suffered those consequences before.
[00:16:45] Well prepared NATO has benefited immensely from this whole action in the sense that they've pulled together in a way that we haven't seen before and now are going to expand apparently with Finland and Sweden, deciding to no longer be independent and neutral. And so the cyber security sort of defense mechanisms and we don't know about the offense mechanisms, because we're not in government. And, even if we were, we wouldn't be able to talk about it, I suppose, but the cybersecurity capabilities of NATO, the US, and Ukraine have really ramped up dramatically and the collaboration with business and with the private sector has also ramped up substantially. It doesn't mean we can't have some devastating attacks, but I think we're much more prepared than we used to be. Ransomware skyrocketed during the pandemic period because it's very lucrative and most people get away with it like 95% or so of all attacks are never solved. But there are some new counter measures, for example, the FBI and other national security kinds of organizations are able to track crypto like Bitcoin and other things back to some of the people who received them.
[00:18:18] Ransomware. So there's more progress than there used to be. I'm sure it's still going to be a huge black hole of bad activity that doesn't get pinned down. But I think in terms of the boards of the companies, there just has to be part of their everyday awareness because they themselves may be the target of some kind of a cyber attack to steal their information and the information of their company.
[00:18:51] So I think from a board standpoint, we need to make sure that boards are educated regularly on this topic. Given even just 10 minute updates every time they get together about what the posture of the company is when it comes to cyber security, cyber risk management. How is the company dealing with all of these issues?
[00:19:12] There has to be people at the board level who are savvy about cyber or about technology issues generally. And that to me continues to be one of the biggest governance challenges. We don't have properly equipped board members who can actually either have the experience of knowing about these issues or at least.
[00:19:35] If you've been a chief risk officer, for example, you know what questions to ask of the cyber team, what good cyber resilience looks like. Push management on those issues and do it on a regular basis. Don’t think that once you've solved this issue, it's solved. It's not solved. It's a continuing evolving issue.
[00:20:00] Clara Durodie: cybersecurity is definitely one of the ongoing concerns. At the board level, as you rightly pointed out, is education. The ability to educate on this topic enables boards and leadership and C-suite to ask the right questions. I'm so glad that you put this point across. I keep saying that if you don't know what questions to ask, you'll never get the right answers and that doesn't put anybody, irrespective of the conversation, in a good place. So education on this topic is absolutely essential. The other thing I wanted to touch on after a panel and post panel conversations with a few non-executives two weeks ago, is how are we supposed to respond to ransomware? Is that something you'd be able to give us a little guidance on? Is there a blueprint we can look at and say, that's the way to do it?
[00:21:53] Dr Andrea Bonime-Blanc: Oh, boy.
[00:21:56] Clara Durodie: we need to start. Um, again, um, I lost you for a moment. Um,
[00:22:01] Dr Andrea Bonime-Blanc: I know.
[00:22:02] Clara Durodie: Can I pose the question again about the ransomware?
[00:22:06] Dr Andrea Bonime-Blanc: Yes. And let me J you know what, maybe we should take our videos off, so we don't use a lot of bandwidth.
[00:22:11] Clara Durodie: Yeah. Take your video off. Um, it's it's absolutely fine.
[00:22:16] Dr Andrea Bonime-Blanc: Okay.
[00:22:18] Clara Durodie: Can you still see.
[00:22:18] Dr Andrea Bonime-Blanc: hear. Yes, I can, although you're very blurry. So there's some
[00:22:23] Clara Durodie: Um, so what I'm gonna do, I think I'm wired connection, um, at my end. So it, it must be okay. I'm gonna switch off my camera. Um, and I'm gonna post the question again, the question about ransomware. Okay.
[00:22:37] Dr Andrea Bonime-Blanc: Perfect. Mm-hmm
[00:22:40] Clara Durodie: So a couple of weeks ago, someone asked me after a panel discussion what we need to do when we get a ransomware request, is there a blueprint? Is there a place where we can go and to find out what best practice is? Would you be able to help on this?
[00:23:07] Dr Andrea Bonime-Blanc: I love that question. It kind of indicates a real sort of ignorance of the topic, right? You don't think about a blueprint for a ransomware response after the ransomware has happened, you have to think about it before. The point that I was making about what boards need to do to be prepared and ask the right questions.
[00:23:36] And among the right questions to ask is who is managing cybersecurity for the company and who is this person? Is this a talented person that has vast experience that's relevant to our business, or is this somebody you just pulled out of a different department and decided to make the chief information security officer.
[00:23:56] Very basic things like that should be asked before something happens. Other things that need to be asked before something like a ransomware situation, is where your computer systems or data or operational dashboards are shut down. Do we have a crisis management and business continuity program in place? And if so, Show me, show me what you're doing. How are you doing it? Who's in charge. How often do you train, do you have backup locations, independent and separate from the networks of the company? The companies that have had ransomware attacks that you haven't heard of, and that got away without a problem are the companies that backed up their data to a remote separated location and also had a chief information security officer or team that knew what they were doing in terms of protecting the crown jewels and the assets of the organization.
[00:24:59] When someone comes to you with: we have a ransomware problem, what should we do? Is there a blueprint we can go to? You're already in the hole. I mean, you're already way past midnight on that particular problem. So make sure if you have to recover from a situation like this, that you're bringing in the right kind of internal talent and external talent to help you with all the technical details of locking down and protecting.
[00:25:29] Your assets, your crown jewels, and also making sure you've rehearsed these kinds of cyber crisis situations so that you know who is going to do what to whom and how you communicate that. Whether you need to report it to the government, depending on what jurisdictions you are in you may have to report something like this.
[00:25:53] Think about the Colonial pipeline situation in the United States recently where major repercussions happened and there was ransomware. There was a shutdown of the gas pipelines and there was a gas shortage for a little while in part of the United States and then the FBI came.
[00:26:12] They were able to track and recover some of the crypto assets that were paid for the ransomware, but that's a very big visible story. Smaller, not so visible stories are happening. The ones that we hear about are the ones that go wrong. The ones that we don't hear about sometimes are because this company actually has a plan in place, crisis management plan, a cyber crisis management plan, business continuity plan with backed up assets, critical assets, with a plan with what you know, what people need to do next.
[00:26:44] This is why it's so important to have someone on your board who has lived through this stuff who has experience with this stuff and who can ask the right questions before the crisis happens so that the company builds resilience, that I like to talk about the organizational resilience to meet these moments because these moments will come. It's not a matter of if it's a matter of when.
[00:27:06] Clara Durodie: Well on the resilience piece Andrea, would you be able to take me through some of the latest ideas and what we need to know and keep in front of us at all times when it comes to corporate resilience. What would be the main topics and perhaps some trends?
[00:27:33] Dr Andrea Bonime-Blanc: As you know, you were kind enough to mention my book earlier and in one of the last chapters of the book, which, you know, the whole book builds up to, I present a model that I call a model of organizational resilience life cycle. I have eight elements in it that I think are critical to building corporate muscle: that internal capability and ability to deal with the things that are being thrown at us. We couldn't predict the pandemic and it happened, we couldn't predict the Ukraine war and it happened. And maybe those two really big issues didn't happen to us directly if we're sitting in the United States or we're sitting in some other country that wasn't directly affected, but there are certainly direct effects from the pandemic.
[00:28:31] And there are certainly direct and indirect effects from the, uh, Ukraine war that everybody's gonna feel. And these are just unfolding. So the point I'm trying to make is. All organizations require a certain amount of organizational resilience. And when I say these eight elements, I start with the first and foremost, it has to have what I call lean in governance.
[00:28:57] It's no longer good enough to have a board of directors that sits back, that is regaled with information and reporting and maybe makes some overall sort of strategic comments and maybe even decisions but that at the end of the day is sort of sitting back. I've recently been saying that the time of sitting on a board is over, the time of serving on the board is now necessary.
[00:29:27] It's not a country club. This is a really important role that needs to be played in a lean, proactive way, meaning that you have to have the right people on the board for that particular organization who know technology or know risk management or know web three, whatever's necessary for that particular business, not just the people who are the chief financial officers and the CEOs.
[00:29:54] So that's point number one. Point number two goes back to the question you asked me at the beginning leadership and culture. The second most important thing for resilience is having a culture that is a speak up culture. A listen up culture, a follow up culture where people are not afraid to bring up problems, issues, ethical concerns, legal concerns, operational concerns.
[00:30:18] You want to have a free flow of information and the ability to do it without fear of retaliation. So building that culture is incumbent on the CEO and the management team, and I could go on forever about this. it. We have to stop having these toxic narcissistic leaders in place, and we need to have more of the emotionally intelligent stakeholders, sensitive, leaders that are going to be able to navigate through these times.
[00:30:47] And that's where resilience also comes in. So leadership is first, governance lean in governance. Second is this idea of empowering, enabling a culture of integrity. My third element is stakeholder emotional intelligence. Knowing who your most important stakeholders are will allow you to gain resilience, strength, value, and will provide value back to your most important stakeholders.
[00:31:12] If you understand them and their expectations, a fourth point is really having an enterprise risk management system or risk management system that is intelligent and not stupid. Don't just collect information and put it in boxes. Understand how risk management affects your particular business and your particular strategy etc.
[00:31:36] The fifth element is integrating environmental, social governance and technology issues, risks and opportunities into your business strategy. It has to be a holistic exercise, not just one of profits and losses, revenues, new products and services. Integrate those ESG and T issues and risks and opportunities into the strategy piece.
[00:32:01] That's the fifth piece. The sixth piece is having performance metrics that go at these issues, not just the financial targets and have metrics for the ESG and T issues that are important to your business. Crisis readiness and preparedness is the seventh element of a strong resilient organization. And then finally, if you have a really well-oiled machine with these eight elements, sort of with these seven elements, really working well together, you will also be able to have a mentality of continuous improvement and innovation. What I call an innovation ethos. You will be able to create better, safer, more ethical, more productive, more value added products and services than your competitors.
[00:32:49] So to me, this is what organizational resilience means. It's not having just a business continuity program in place or being crisis ready or having a good risk management program. It's all these things working well together, but ignited by being lean in governance and a culture of integrity.
[00:33:09] Clara Durodie: As you are going through the eight points of the resilience cycle, I had your book open at page 347 looking at this diagram. With your permission, we can hopefully share it in the show notes for the readers. I would recommend buying the book because it's so important, especially the chapter you mentioned on resilience, the final chapter although it's important to read the whole thing. I remember the book you wrote and published in 2019, you mentioned pandemic as being one of the key risks and this was at a time when the pandemic was not even in our day-to-day vocabulary.
[00:34:21] Dr Andrea Bonime-Blanc: That's true. I was just gonna say, Clara, thank you for mentioning that. I remember one of my last business trips was to London to do the launch of the book. And you were so kind to show up at the launch.
[00:34:36] Clara Durodie: Yes, it was very timely. I continue to recommend your book to business leaders in financial services which is my space as a former practitioner. It is a book which helps so many people focus their attention on key points. As you said, it's one thing to think about what you need to do as a resilient organization, but actually when you see this diagram, when you see a whole chapter, it takes you through all the thinking required to come up with the right plan. I think it's very helpful. Talking about books Andrea, I'd very much like to talk about your ebook which was published in 2021 if I remember correctly. Do you have an updated version, a second edition coming?
[00:35:40] Dr Andrea Bonime-Blanc: Yes. Thank you for all the nice shoutouts Clara. Yes I published last year in May of 2021 with Diplomatic Courier, a global affairs media company that I collaborate with on a lot of things. I published with them what I call the E S G T megatrends manual. And the idea behind publishing it is it's basically a follow up on chapter one of my book, gloom to boom, where I talk about the 10 mega trends of our turbulent times, which is a tongue twister but, I was able to get it out. The 10 mega trends of our turbulent times was the first chapter in gloom to boom, where I laid out what I thought were some of the most important multi-year trends from an ESG and T standpoint that leaders and others need to think about as we navigate through these difficult and challenging times. I decided once the book had been published in late 2019, that I wanted to update it because it was an interesting way of framing the context of situational awareness that we need as leaders, as board members and as citizens frankly to navigate some of these really difficult things that are being thrown at us.
[00:37:05] So in 2021 I / we published the annual manual which distinguished five different mega trends. I can rattle them off, but the good news is I / we decided this was going to be an annual exercise.
[00:37:38] It's the same five mega trends give or take that I identified last year but with some very interesting nuances and reprioritization. What I do with the manual is exactly what I did in the first chapter of the book, which is to break it down so we know what we are talking about.
[00:37:59] So a definition about what are the dangers and the risks associated with this mega trend. Then I go to what the opportunities are and the upside of this particular mega trend. And then it ends each chapter. Each mega trend ends with a short sort of five take away points for leaders to do basically.
[00:38:21] So the mega trends for this year, I can rattle them off. Well, I'm gonna start with last year because I think it's really interesting to see the evolution because these are by definition multi-year trends, but they really are changing because so much is changing.
[00:38:45] So last year, my number one. Mega trend. I called it tech disruption at the speed of light. We talked a little bit about that already, and it's really all about all the things that are happening in the marketplace. I basically start with the ones that I think are most salient to this year, this coming year. Last year was called the 20 21 22 edition.
[00:39:23] This year's called the 20 22 23 edition. So it's really intended as a roadmap for Leaders. So Tech disruption went from one to three and what I call it this year is tech disruption becoming multi-dimensional. And what I mean by that is, we have all these sort of, almost different dimensions of technology that are becoming very important.
[00:39:50] The metaverse is one. The whole crypto web 3.0 is another. We have new worlds or domains that are potentially transforming us in more ways than one. I talk about some of the metaverse issues. I talk about disinformation and the war to find facts and protect facts.
[00:40:18] The second one from last year. I call it leadership and institutional trust plummeting because there's been a multi-year trend in declining trust in major institutions, including government, business, media, and NGOs. This particular mega trend this year drops to number five and it's called leadership and institutional trust recalibrating.
[00:40:44] And there's some silver linings, even in the midst of the doom and gloom here. And they're silver linings, best personified by the leadership, the democratic leadership of president Vladimir Zelensky in Ukraine. Ge's showing almost every other leader in the world how it's done and there are some other nuances there from a business standpoint that I talk about in that chapter.
[00:41:11] The third one last year was called complex interconnected risk rising, meaning that we have very big strategic, global risks that are happening and they're continuing to happen and interconnect. We talked about that a little bit already today. That one moves up to number two this year and it's transformed to a slightly different title, climate and war propelling, complex risk that's this year's mega trend because the climate issues and the war issues are gonna have a disproportionate effect on propelling. The complex risk that I talk about which was fourth last year was called global geopolitical tectonics.
[00:41:57] Shifting this year, that one becomes number one for very obvious reasons. And I call it geopolitical tectonic shifts, catalyzing. What I mean by that is we have seismic changes taking place or movements taking place in international governance, inherited in great part from the Trump administration's sort of attack on international governance, like the UN and the WHO and NATO.
[00:42:32] And also internally the decline of our democracies, a decline of many democracies happening over time. This year, with the Ukraine war, everything has kind of changed a little bit, but those shifts have continued to move. And why I say they catalyze is because we have major changes in international governance, NATO becoming stronger than it’s perhaps ever been.
[00:42:58] Democracies coming together to oppose the brutality of the Russian invasion of Ukraine and Ukraine showing, in some ways, how you protect democracy. So to me, that's the number one this year. And then finally the fifth one last year was stakeholder capitalism rising - pretty obvious what I mean by that.
[00:43:20] We're going from a shareholder centric model to more of a stakeholder model. This year, it’s the number four mega trend. And I call it stakeholder capitalism and ESG intertwining. There's lots of nomenclature, lots of developments, pros, cons, polarization, etc on this topic so I break down some of the issues and some of the concerns that are happening, but the trend line, the mega trend continues to be that stakeholder capitalism and ESG continue to rise through all of these difficult times. So I've said a lot in very little time but just to tell you, this year's ESG T mega trends manual 20 22 23. Number one is geopolitical tectonic shifts, catalyzing. Number two is climate and war propelling complex risk. Number three is tech disruption becoming multidimensional. Number four is stakeholder capitalism and ESG intertwining. And number five is leadership and institutional trust recalibrating. I'm going to stop there so you can, I can take a breath and you can get a word in edgeways.
[00:44:29] Clara Durodie: So just for my listeners, we will have a link to this ebook in the show notes along with a link to the previous edition of mega trends. So please do check them out. From experience and for the benefit of my listeners, when Andrea says something, I always pay attention given the accuracy of her predictions. Time has proven that it's something I should always rely on. I would very much recommend this ebook; not only for boards or C-suite, but also for investment management teams. I think it's very important to have this kind of high level understanding of risks and opportunities, which without doubt, will impact how the markets will behave.
[00:45:53] As we are wrapping up the interview today Andrea, I'd like to come back very briefly to the diagram you mentioned in your book that is printed on page 347. I have it in front of me and as I was looking at it, the Number four is risk intelligence and I remember you mentioned in your brief description of this entry as being risk smart.
[00:46:29] Well, we have the help of various algorithms. A number of companies have spent time building tools, which they claim enables companies to predict risk but how can we. How can we look at these tools in a constructive way? Do we want to rely on what they say a hundred percent or do we want to put them on the side and use them as information only?
[00:47:03] What, what would the best approach be to being risk smart when using technology?
[00:47:13] Dr Andrea Bonime-Blanc: What a great question. I think, and you are a proponent of this very important point, that whenever it comes to using technology tools, especially those that are AI driven which have reams of data in there that then get repackaged, you're told that this is either a predictive tool or some other kind of panacea to not think as a human, I always go back to the point that we have to pair AI tools and intelligence with human intelligence. I know you're the expert in this area Clara and maybe I'm wrong but, I don’t think there's ever going to be a point where we don't need human intelligence and judgment paired with these technology tools.
[00:48:11] So I think the real issue when it comes to looking at risk management technology and predictive technology is to really, really do your due diligence on who is offering you this information. Dig deep into what their processes are. What is their dataset. Is it garbage in garbage out or is it something that really is added value in terms of the information that's getting packaged, repackaged, retooled.
[00:48:40] What you are always going to need is the expert person who works in the field or who understands the field, who can ask the questions and also pose the issues that are problematic questions. The contours of this technology. Because at the end of the day, we cannot allow technology to be a substitute for human judgment. So we need to pair the two, whatever it is that we're using from a technology standpoint. I'd like to give an example of a company that I've been working with for a couple of years now; a UK based crisp who basically do actor intelligence on issues that are controversial or problematic and understand where the early embers of potential attacks, misinformation, disinformation happen in the dark and the deep web, and that get sort pushed into social media and then viraled and their tool is an AI tool but they also have human intelligence paired with that. There's not a report that goes out to their clients that doesn't include a very thorough human intelligence review of the data collected through the AI tools. I think we need to keep that in mind with almost everything that we do. We cannot default to - the tool, the tech is going to do it for me. That would be my general statement about that.
[00:50:21] Clara. I don't know if you have further thoughts or nuances about this.
[00:50:24] Clara Durodie: Well, I believe that we should never give machines the authority for final outcomes, especially, on key decision making positions. I think there are some legal implications of relying on those outcomes without questioning them. I'm not a lawyer, I have no legal background, but I've heard time and time again from legal experts who were concerned about moving the accountability of the final decisions to other machines and taking the humans out. That might be the topic of another conversation because it's very important to understand how the deployment of this technology actually introduces this type of risk which we need to consider but we’re fast approaching the end of our interview today.
Andrea it's always a pleasure talking to you. I learned so much from you and you are someone I always look up to. Um, I would always describe you as being a person who doesn't chase popularity of opinions at the expense of morality, ethics, and honesty.
[00:52:01] I've always felt that I connected with you on this level. I've always appreciated the integrity you show in everything you do. On that PO uh, note, I would like to say that in the show notes there will be all the details about your books, the company you mentioned today, the famous resilience diagram with your publishers permission or,if not, I will just list them as you mentioned them in the podcast. But definitely it's a lot of useful information for my listeners to dive into and learn every day.
[00:52:54] Andrea, thank you so much for your time today. Always a pleasure.
[00:52:59] Dr Andrea Bonime-Blanc: Clara. You are the best. I too, on a weekly basis, when I receive your wonderful newsletter in my inbox on Sundays, is the first thing I read and I always learn a tremendous amount from you. So it's a mutual admiration society as far as I'm concerned. You really make a difference, Clara.
[00:53:23] I appreciate being part of your podcast and let's keep the learning going, continuous learning from each other.
[00:53:31] Clara Durodie: Absolutely. Thank you so much and goodbye for now. We'll be in touch very soon for the next podcast. Bye-bye.
Copying commentaries, articles and transcripts to share with others is a breach of our T&Cs and Copyright Policy. Decoding AI® Newsletter and Podcast Disclaimer.