The Journal The Authority on Global Business in Japan

Having recently attended various international conferences and meetings, I’ve observed three worldwide trends. The first of these is the dissemination of “wearable devices” which, as the term implies, are worn directly on the person.

On April 24, sales of the Apple Watch were launched in the US and Japan. Worldwide attention is now being focused on what impact the watch’s maker—multinational Apple Inc.—will have on the world of the future via such devices.

As compact as it is, the Apple Watch incorporates nearly the same processing power as did a supercomputer of 15 years ago. So, given the intensifying competition to develop ever-better dedicated applications, I expect a slew of ideas and new business opportunities to result.

The second trend is “data mining.” Rather than compiling data into Big Data, the next step has become the focus of attention. This points to the possibility of artificial intelligence someday generating business models that are yet to be conceptualized.

This leads to the introduction of the chief integration officer (CIO). In the past, CIO stood for chief information officer, the individual tasked with proposing the company’s data strategies and responsible for their implementation. However, the era of the so-called Internet economy or digital economy, as we have known it, has ended.

As circumstances have evolved to the point where economy equals digital, the integration of IT and security measures on a company-wide or trans-organizational basis has taken on much greater importance.

One of the main concerns of business organizations is cyber security. If the Internet is to be utilized as a business tool, then it will be necessary to ensure that cyber security measures evolve on an ongoing basis. Even so, cyber attacks may someday drive companies to bankruptcy.

On January 20 in Davos, Switzerland, US-based consulting firm PricewaterhouseCoopers released the findings of its 18th annual global CEO survey, A marketplace without boundaries? Responding to disruption, which surveyed 1,322 CEOs in 77 countries. In the survey, the percentage of CEOs who expressed concern over cyber threats showed a considerable increase, from 48 percent in 2014 to 61 percent in 2015.

Behind this rise were three cyber attacks that occurred between the end of 2013 and 2014 and which, I believe, had a major impact on the CEOs’ concerns. The first of the attacks, in November 2013, involved the hacking of Target Corporation, the fifth-largest retail chain in the US, resulting in a huge volume of customer data being revealed. Disclosure of the breach caused the value of [Target’s] shares to decline, and trust in the company to be undermined.

In May 2014, the company’s CEO was dismissed, to take responsibility for major losses. Instead of the CIO or [the chief security officer (CSO)], the executives responsible for cyber security, it was the man at the top who was fired, a move that may have made numerous other CEOs feel threatened.

In August 2014, JPMorgan Chase & Co, which reportedly budgets the equivalent of ¥45 billion per year for cyber security, was hit by a cyber attack. This points to the difficulty of guarding against such attacks, even with such enormous outlays, and is a painful reminder of a passage in one of my previous columns [in Diamond online]:

“Even when security functions appear robust, there is definitely a means to get past them, and unfortunately no perfect countermeasures exist to prevent hackers from breaking in. All one can really say is that there are two kinds of companies in the world: those with concerns over getting hacked, and those that are not concerned.”

At the end of 2014, the Sony Pictures Entertainment network was the target of a cyber attack. Its Twitter account was hijacked and data was leaked, resulting in a storm of criticism and disapproval.

These incidents, however, are merely a prelude. This year, I won’t be surprised if a publicly traded company is driven into insolvency as a result of a cyber attack. And because Japanese companies tend to be more lax in their crisis management, compared with companies in Europe and the US, perhaps it will be one of them that falls victim.

In addition, security countermeasures are a necessity across all business functions, including supply chain management. This is all the more reason for top administrators at companies to embrace cyber security. In the US, more companies are placing executives in charge of cyber security—as CSOs or chief risk officers—under a CEO, with security measures involving all departments, including general affairs, legal, and marketing departments.

To avoid the various risks, one of a CSO’s tasks is to obtain the most current data concerning cyber attacks, and have the general affairs division conduct staff training.

As new methods of cyber mischief are constantly popping up, security measures need to be regularly updated. These efforts must be made to include not only a company’s head office but also its affiliated firms, clients, and so on, that make up the supply chain. Since hackers always probe the weakest links in security when they attack, they will shift their efforts to [attack] weaker measures at a company’s clients or partner firms when major firms implement robust security precautions.

In the aforementioned case of Target, for example, the hacker obtained access via one of the retailer’s clients, an air conditioning company. From this, then, you can understand the importance of bringing affiliated firms under the security umbrella.

Cyber security, by extension, also encompasses company-wide crisis management. Once a nasty rumor is tweeted and circulated by the so-called super-connectors of industry, it can become the spark that, figuratively, sets the prairie ablaze.

As implied by the Japanese expression, “Rumors spread by people (have a life of only) 75 days,” there was a time not so long ago when things would eventually peter out of their own accord. Unfortunately, however, the Internet does not forget, and such stains become virtually permanent, making it essential to nip problems in the bud.

The debut, in January 2016, of Japan’s social security and tax identity system called My Number will require that security measures be built from the ground up. The system’s adoption will require companies to make additional investments in their systems, to ensure even more stringent safeguards for the management of individual data.

By aiming not only to prevent data leaks, but also to boost competitiveness, business organizations can expect to hit two birds with one stone. The “safety, assurance and trust” that come with comprehensive security will become a major asset for businesses in the future.

I also suppose the day may not be far off when investors, likewise, consider whether corporate management teams maintain awareness of cyber security as a key criteria for selecting companies in which to invest. n

Full-length original article: Diamond online.


William H. Saito is an entrepreneur, venture capitalist, TV commentator, speaker, and author of bestselling novel The Team. He has founded several businesses and serves as a special advisor to the Cabinet Office of Japan and other G-8 governments.