The missing piece of the cyber and robotics revolution

20th CEO Survey

Like their global counterparts, Australia’s business leaders are starting to harness robotics, automation and artificial intelligence to drive productivity and growth.

And why wouldn’t they? These powerful new tools can perform many tasks more efficiently and more accurately than humans. In fact, PwC estimates that 45% of work activities can be automated, and this automation would save $2 trillion in global workforce costs.

But in another sense, robotic process automation is still at an early stage in Australia. Although CEOs are seriously looking at how these new technologies can work in their business, most projects are still at the pilot stage.

The next challenge for business leaders is to start thinking about the transition from experimentation to implementation.

For example, how can these tools be deployed at scale, and what are the implications for policy and operating procedures?

And how will people be affected? It’s already having an impact: over three-quarters (76%) of Australia’s CEOs who plan to cut headcount this year say it’s a result, to some extent, of automation and other technologies.

Automation will replace a lot of low-value, repetitive work and companies need to think about the impact on both culture, people and training. CEOs will need to figure out very clearly how and where value gets created in their organisation’s human system and act on that.

The over enthusiasm to drive forward these new innovations should not be at the detriment of security concerns and need to include an assessment of risk. It is a similar story that we see with the increase in cyber security concerns.

Stealing customer data is bad enough, but what if hackers took control of automated machinery at a construction site? What if ‘hacktivists’ didn’t agree with what your business does and decided to try and shut down an entire automated assembly line?

The implications for trust in business – which is already in decline – are significant.

As the range of technologies that companies are using in their business continues to expand, CEOs need to start taking a much more holistic view of security.

For example, CEOs need to consider changes to security policies to accommodate virtual staff and robots - the Operating Technology - as well as how to align IT practices and policies with robotic requirements. They also need to think about how they talk about this to employees to ensure concerns are addressed, and risks managed.

Integration and Collaboration

There are learnings companies are going through today in relation to cyber security that apply in the new era of automation and robotics. 80% of CEOs are concerned about cyber threats and they’d be right.

But when asked what areas of the business they wanted to strengthen to capitalize on new business opportunities – opportunities like robotics and digital technologies – not a single CEO mentioned cyber security.

This is despite cyber risk being ranked as a threat to business growth.

This blindspot means if companies are to embrace innovations, they need to plan for the risks involved.

Ultimately, CEOs must accept ownership of cyber security across the whole of the business, including Information Technology and Operating Technology. Today, many companies invite both customers and suppliers to be a part of their IT ecosystem. For customers, it’s part of the overall customer experience, and for suppliers it can be a seamless way to run operations. This idea of a ‘systems of systems’ attack is very real.

Take for example the cyber breach of Target in the US, in which hackers stole 40 million customer credit card details. The access and exit point for that attack were not the company’s computer system, but the heating, ventilation and air-conditioning management system, which was operated by a third party supplier.

It’s a fact there are thousands of attempts to breach security each day. And CEOs should prepare for the worse.

This means identifying how to deal with threats and how that relates to trust, allocating real budget and time, and dedicating resources to plan for, and maintain these breaches.

Integration and collaboration are needed for when things do go wrong. You should ask now ‘how are we, our customers and suppliers integrated from an IT lens. And how will we collaborate when things go wrong’.

Combine robotics with the Internet of Things – sensors and machines linked to the cloud – and over the next decade, we will see billions of potentially vulnerable devices connected to corporate networks. Both the motivation and opportunity for malicious attacks on business will soar.

The term ‘cyber risk’ should disappear and become ‘risk’ and that risk is in cyber and the new automation era. Robotic devices typically have less sophisticated security software than computer systems. And being more closely linked to the physical processes of the company, such as moving goods or controlling machines, they’re often procured and managed by operations, rather than the IT department; this means they can sit outside the company’s digital security ‘fence’.

Even if robotic and automation technologies sit within the company’s IT firewall, you can’t assume your business is safe. Because the central question of cyber security – including traditional IT and Operating Technology – is what to do, not ‘if’, but ‘when’, you are breached

A holistic view of security, from the top down

In February 2017, the Notifiable Data Breaches Bill passed the senate and will come into effect in 12 months. This means Australian companies accountable to the Privacy Act will be required to inform the Australian Information Commissioner and members of the public if their data has been compromised.

While this now brings Australia in-line with other countries (and 15 years after the U.S.), there are still questions to be answered. For example, breaches will need to be disclosed if there is unauthorised access, disclosure or loss of personal information which is likely to result in serious harm to any individuals to whom the information relates.

But the definition of ‘serious harm’ could be argued.

This is the prime time for CEOs to refresh their cyber strategy – breaches could (and do) take place each day.

Again, this will take time, resources and committing budget. As the range of technologies companies use in their business continues to expand, CEOs need to start taking a much more holistic view of security both now around cyber and with burgeoning interest in the era of A.I. automation and robotics.

3 of Australia’s CEOs discuss the issues of today and the battlegrounds for the future

Australian findings

Contact us

Follow us