Blockchain’s ability to securely expand an AI implementation’s access to data across organizations will drive a whole new set of insights and value.
Artificial Intelligence (AI) could change the world more than any other advancement since the Industrial Revolution; fundamentally reinventing how businesses compete, grow, and succeed. However, each AI system, and each algorithm within, is dependent upon training and acting upon trustworthy data to which it has access; typically limited to the organization implementing it. Simultaneously, blockchain is redefining business processes and systems of record, enabling secure and confident access to shared data between organizations and increased trust and confidence in the data. Together, AI and blockchain will enable organizations to exceed their current boundaries and gain access to significant amounts of trapped value.
Blockchain: the perfect partner for AI data
As surely as steam powered the Industrial Revolution, the ample flow of accurate data will drive artificial intelligence systems.
Leading business innovators recognize data’s central role inharnessing AI’s value, though many feel constrained by the relatively meager flows of trusted information they can currently draw upon to feed their systems. That’s why the leading technology firms have invested billions to acquire data-focused companies and their capabilities. The power of AI depends on the access to, magnitude, and quality of the data it can process.
So, while AI redefines the systems of business engagement, blockchain is recalibrating the systems of record. Together, they will remap organizational boundaries, moving them from siloed verticals with complex processes to operate efficiently across horizontals, and, in the process, releasing large amounts of currently trapped value.
Meeting the challenge; capturing the opportunity
AI systems are dramatically changing the nature of services and experiences for consumers. The current phase of the scaled use of AI has focused on the value and services individual organizations can deliver to people. This “internal application focus” results from the natural commercial emphasis of individual businesses attempting to drive profit and growth. Companies usually start with what they can do and control and the data they store in their systems. Rarely can a single organization comprehensively meet a consumer’s holistic needs, and most current AI implementation efforts reflect that limitation.
Take the example of a family relocating to a new home; one of the most basic aspects of life. Basic, yes, but simple? Not really. A myriad of organizations will focus on that single objective, including banks, insurance companies, realtors, inspectors, movers, retail firms (purchases for the new house), new school systems, utility companies, postal systems, the department of motor vehicles, tax authorities, and more. Today, virtually none of these organizations share access to the same information, and consequently, the family’s data remains fragmented and perhaps inaccurately replicated across different players. To sort things out, the family must message data back and forth with each organization. As all these entities begin to implement AI systems, they will focus mainly on their own data or information they have permission to access and that could limit AI’s effectiveness.
Now imagine a world where, through a blockchain-based system, every party involved in the move could see the data and information pertaining to the end-to-end relocation process with appropriate permissions granted by the stakeholders— in this instance, the family. Organizations could access just the data they need, and because the information reflects blockchain’s enhanced trust levels, parties no longer need to engage in messaging and reconciliation. As organizations widely implement these kinds of models, the possibilities for AI systems will grow significantly.
In this situation, AI could become a type of consumer advocate service. A family would “own” and control their data since they alone would have full access to it. As a result, they would act as the conduit to drive that data into an AI system, which then makes recommendations and optimizes the data for their benefit.
AI systems will evaluate and optimize the elements of the moving experience across the end-to-end process, making links and connections that simply can’t be done today without severely overtaxing current fragmented data sets. For instance, an AI system could potentially access data related to the operational data for a house, including its historical utility/energy use, its insurance claim history, maintenance schedule, weather data, and combine this with the family’s behavior patterns, including hobbies and entertainment options, and use this and other information to calculate an accurate home maintenance cost profile. It could then design a service and insurance plan custom-tailored to the family’s needs.
In the future, wider access to data across an ecosystem and the advances in automated business logic via smart contracts could enable new and greater access for AI machines to traverse business ecosystems and deliver more comprehensive solutions to customers.
AI’s promise: for starters, doubling today’s economic growth rates
Artificial intelligence could double annual economic growth rates in 2035, according to an analysis of 12 developed economies by Accenture Research. It will change the nature of work, creating new, human-led relationships with machines that should increase labor productivity by up to 40 percent. And that’s just the beginning.
By helping people work smarter, AI could boost average profitability by as much as 38 percent, producing a bounty of up to US$14 trillion across 16 industries by 2035. The information and communication industry alone could deliver an extra US$4.7 trillion in gross value added in that year.
Combining multiple technologies in unique ways, artificial intelligence enables leaders to harness new entrepreneurial savvy that can rapidly sense and comprehend opportunities or threats, act on that information, and ultimately learn from the experience.
Use cases: blockchain makes AI better—faster
The combination of AI and blockchain is fueling the onset of the “Fourth Industrial Revolution“ by reinventing economics and information exchange.
As the following examples demonstrate, from healthcare to government and beyond, the potent combination of AI and blockchain is slowly but surely transforming industries and institutions worldwide.
1 Smart energy, smart buildings
Green-friendly AI and blockchain solutions can help reduce energy waste and optimize energy trading. For example, an AI system with access to a host of city-wide data sources through blockchain could be used to maintain a building, such as overseeing energy use by considering factors like the presence and number of residents, seasons, and even traffic information. To supply the energy, distributed blockchain technology will
ensure transparent and cost-effective transactions between producers and consumers, while machine learning algorithms that can hone in on transactions to estimate pricing. What’s more, blockchain combined with AI could significantly expeditereal estate-related transaction processes, which can otherwise go through too many channels before a contract is approved.
2 Public science
The “file-drawer problem” in academia occurs when researchers don’t publish “non-result” experiments. Because no record of them exists, duplicate experiments and a lack of knowledge follow, trampling scientific discourse. To resolve this problem, research institutions could store and access an index to academic research, making this experimental data available across the ecosystem. By adding data analytics to the combined data, scientists would have a much richer data set to pull from than would be feasible within a single institution. Then they could begin to identify elements and patterns, such as how many times teams have tried the same experiment or determine the probable outcome of a certain experiment, with greater certainty.
Hossein Kakavand, CEO of Luther Systems, asserts that AI will also play a bigger role in public science once “smart contracts” transacted using blockchain technology require smarter “nodes” that function semi autonomously. Smart contract simulate contractual agreements and can have wide-ranging applications—in public science and elsewhere—when academicsembrace the blockchain for knowledge transfer.
3 Supply Chain
The advancement of free trade has created increasingly complex global value chains. As goods move across production and supply networks, they cross through multiple jurisdictions, connect both advanced and emerging economies, involve multiple players and are subject to different laws and standards. This all requires a great deal of coordination, which not only adds to the complexity, it adds to the costs of these goods. The Global Alliance for Trade Facilitation, for example, estimates that roughly seven percent of the global value of trade is absorbed in documentation costs alone.
Blockchain-based digital identity promises to make the supply chain leaner, simpler, and more cost-effective. Digital identity for all actors, goods, and places in a supply chain, establishes provenance and a means of trackability throughout all touchpoints in the supply chain. Through creating digital representations of real-world assets, and tracking the relevant data of those assets as a single, shared source of information, major efficiencies and product improvements can be realized. Rather than valuable data being collected in siloes across myriad stakeholders, including manufacturer, distributor, wholesaler and retailer, data could be shared across relevant stakeholders.
Through adding artificial intelligence to the platform, that data can be fed through a variety of algorithms to improve the supply chain further. Consider the 3 A’s progression of AI, as it evolves from being an assistant to an advisor to an agent, applied to a shipment of apples. As an assistant, the AI can enhance accessing the data through a chatbot interface – one can ask and receive answers to specific questions like ‘Where are the apples now?’ or ‘What temperature are they being stored?’ As the technology and application becomes more sophisticated, the AI can be an advisor and proactively alert the employee of potential issues. If the AI has detected a high likelihood of storms, it can advise rerouting the shipping freight or if the weather is projected to spike, it can recommend additional cooling. And as the AI learns and demonstrates a high level of aptitude, it can become an agent by acting upon its recommendations, rerouting or adjusting the temperature itself.
4 Smart Devices
As the Internet of Things progresses and our lives are integrated with smart devices, a combination of blockchain
and AI will be used to decide how these devices act, interact, and transact. Sensors will be widely prevalent to
learn and ingest real world information, with AI used to train and improve the devices understanding and actions made from the data. When a refrigerator is out of milk and needs to communicate to a corresponding device its desire to purchase milk, a blockchain platform will facilitate this interaction. And just as consumers today use reviews on websites to evaluate the quality and trustworthiness of a site, AI will be able to look through each device’s history of transactions (hosted and secured on the blockchain) to determine which devices to trust, and even characteristics such as which agent most often delivers the milk quickest.
Accenture is a founding member of the ID2020 Alliance, a UN-affiliated public/private partnership committed to applying the latest in innovative technologies to provide verifiable digital identities to the 1.1 billion individuals that currently cannot prove who they are with any certainty. This and similar applications of blockchain technology for identity can be combined with AI to monitor the environmental conditions in a refugee camp or community health information and produce insights to guide care and support. As AI can more quickly digest and analyze this data, more accurate and timely decisions can be made to support the at-risk groups.
In healthcare, AI is revolutionizing diagnosis and treatment planning at scale. Early progress has been made with AI systems to improve cancer treatments, as well as Google’s DeepMind building capabilities to diagnose eye diseases through analyzing medical images. Smart, personalized medicine can improve health outcomes, but people are wary about sharing such personal data. For a standard hospital visit, data is likely collected by the primary care physician, the hospital, and labs where tests are processed, and that data could be lost, entered incorrectly, or be subject to hacking. By enabling secure and controlled shared access to health data through blockchain systems, patients can reclaim ownership of their data and allow access to it on a case-by-case basis. This would allow patients to benefit from AI-enabled personal care, while knowing their data is protected and encrypted.
Blockchain: redefining trust
Blockchain is a new type of database system that maintains and records data so that multiple stakeholders can confidently and securely share access to the same data and information. As such, it is changing the nature of boundaries between organizations.
Since the invention of modern databases in the 1950s, thegoverning business model concerning them has centered on trust. For example, Party A needs to have confidence that Party B (or anyone else) hasn’t unilaterally changed any data. Consequently, companies traditionally build data systems they can fully control and operate using a “messaging” based business model. In this case, Party A sends its view of the world in a “message” to Party B, and vice versa. Only when both parties can reconcile those views will they complete the business transaction. Blockchain is changing that concept of trust in data.
Through blockchain and other types of Distributed LedgerTechnologies (DLT), companies can now access a common shared data set that they and other stakeholders know they can trust.This new definition of trust emerges from several key blockchain concepts:
Provenance: Each participant with appropriate access can view the full history of a data element—from its inception through each stage of its lifecycle—including who introduced it to the system, all pertinent events and the key parties involved.
Tamper-evident: Thanks to sophisticated math and software rules, data is extremely difficult to manipulate without everyone knowing. As a result, participants can prove to themselves that the data has not been tampered with.
Control: Participants have the ability to specify access permissions at a data element level vs. to a traditional database, data table, or row level; allowing a significant increase granularity of control.
Security: Protection and control can be implemented at the data element level instead of the database or data table levels, making it much more difficult to penetrate.
Successfully melding AI and blockchain
Two new digital technologies could create synergies unlike anything the business world has ever seen, but tapping into that power could be challenging.
Companies that recognize the power of this combination will have to manage coordinated technology implementations and more complex transformations. To navigate the challenges ahead, leaders will need to think through several key decisions.
Dealing with privacy issues. AI thrives on oceans of data, and blockchain can expand that access and ensure information’s trustworthiness, but privacy concerns could scuttle initiatives before they’re even launched. For example, one experiment focused on AI and blockchain technologies has already created controversy by using patient data without consent. What’s more, the EU’s data privacy rules, which took effect in 2018, threaten
massive fines for organizations that violate them. Working with regulators and governments to demonstrate the value AI-plus-blockchain can deliver to individuals and society at large should be a mandate.
Thinking outside of the (corporate) box. AI needs comprehensive levels of data to function optimally, but most companies restrict the amount of information available due to trust issues. While blockchain offers a way to enhance trust and security, enabling shared access to data and securing this information appropriately require significant amounts of effort and resources. That puts a premium on understanding the value at stake in AI plays and creating a workable strategy to obtain it. Two new digital technologies could create synergies unlike anything the business world has ever seen, but tapping into that power could be challenging.
Preparing for a mega-mindset shift. Most leading companies are already hard at work digitalizing their organizations, introducing things like cloud concepts and big data analytics. This “stretching” of formerly static processes, policies and procedures can certainly help prepare organizations for the transition to human-led AI, but to achieve its fullest potential, companies must investigate and plan how to integrate it and blockchain effectively and embed these technologies into your overall corporate strategy to “pivot to the new”.
Pivoting to the new is a way of framing the digital age that demands companies exist in a constant state of change. That means a new approach to organizational change that enables companies to:
- Transform the core business to drive up investment capacity
- Grow the core business to sustain the fuel for growth
- Scale new business to identity and scale growth areas at pace
It’s a deliberate approach that can yield big results.
Blockchain helps deliver upon the promise of AI by providing new levels of data access, trust, and security.
Several organizations are already experimenting with this combination of technologies, but initiatives largely remain in the pioneering mode. As confidence increases and companies zero in on trapped value pools, the growth of AI-plus-blockchain plays will likely explode. In this environment, leaders need to stake an early claim to the talent, resources and capabilities their companies will need to succeed in this fast-moving new business world.
Securing South Africa’s Future Enterprise Today
WHEN EVERYTHING IS DIGITAL, EVERYTHING IS AT RISK
Around the world, companies are betting on a wholesale shift to tech-enabled business and operating models that promise to deliver bottom-line savings and top-line growth.
The connected, intelligent, and autonomous enterprise also comes with additional cyber risk. All that sensitive data, connectivity, and automation multiply the opportunities for hackers by expanding the “surface area” exposed to cyber attack. And, because digital systems are so embedded in daily operations, the potential damage from even a single security incident is magnified.
The threat is so significant that if cybercrime was a nation, it would be the 27th biggest in terms of GDP, and cost the global economy close to $450 billion a year. In South Africa, the threat of cybercrime is frightening. Consider this:
- South Africa reportedly has the third-highest number of cybercrime victims worldwide, losing over R2 billion a year to cyber attacks—the worst in Africa.
- 70 percent of South Africans have fallen victim to cybercrime and other risky behaviour, compared to 50 percent globally.
- 47 percent of South African smartphone users have experienced mobile cybercrime in the past 12 months, compared to 38 percent globally.
We have seen the massive impact that data leaks from unsecure websites can have on major organisations and how easily insurers can fall victim to cybercrime. And let’s not forget the infamous WikiLeaks group that hacked into South African banks and released the uncensored Competition Commission report in 2009.
South African businesses today are not only challenged by a fragile socio-political environment, they’re also starting to fall prey to sophisticated attacks that can cripple them. Often, the reputational damage alone—including waning customer loyalty—can impose significant indirect costs on the enterprise.
In a recent Accenture survey of over 1,400 C-suite executives from around the world, including more than a hundred from South Africa, respondents agreed that new technologies would raise cyber risk. Nearly 90 percent of executives in South Africa have adopted or plan to adopt technologies such as cloud and the Internet of Things (IoT). Seventy-four percent of executives agreed or strongly agreed that cyber risks will grow substantially in the next few years as a result of business becoming more connected, intelligent and autonomous.
ALWAYS ON, ALWAYS VULNERABLE
The future business relies on 24/7 connectivity to carry out internal processes, work with partners, and reach customers. Companies are linked electronically across value chains and supply chains with a growing universe of suppliers, partners, distributors, customers, and other external parties—increasingly over wireless networks and over long distances. In addition, with the rise of the Internet of Things, companies are also using digital connections to retrieve data and manage equipment in the physical world.
In the global survey, 77 percent of respondents cited the IoT as the technology that will increase cyber risk moderately or significantly. In South Africa, even more respondents—85 percent—cited the IoT as a potential source of cyber risk. Companies are installing IoT technology to control factory machines and manage physical environments—for example, turning off the lights and heat in a meeting room when sensors detect that it is unoccupied. The IoT is also being used extensively in supply chains to increase operational efficiencies, manage and track assets and monitor vital processes.
Cloud computing—using remote computing and storage facilities and services— was cited by 70 percent of respondents as posing a growing risk. Increasingly, companies rely on cloud setups to gain greater flexibility in IT operations and to access specialised services, such as AI analysis. Cloud computing is also used behind the scenes in many smartphone apps to do the data crunching that a phone can’t do, creating another potential vulnerability in the Bring Your Own Device (BYOD) or virtual work environment, which was cited by 67 percent of companies in South Africa as another potential cyber risk.
Top executives in South Africa are also highly concerned about the potential dangers of sharing data with third parties. In our survey, nearly 60 percent of respondents said they expect data exchanges with strategic partners and other third parties to raise cyber risk, and 90 percent of C-suite leaders anticipate that the number of third parties and strategic partners in their ecosystems will increase in the next three years.
Companies also expect to make and sell many more connected consumer devices— everything from connected cars and “smart” appliances to wearable health monitors and even Internet-enabled pacemakers. These products introduce potentially catastrophic cyber risks—expanding the risk from monetary and reputational loss
to possible loss of life and physical disruptions. Nearly 90 percent of South African executives recognise that smart products and connected devices would raise cyber risks for their companies.
MORE DATA BRINGS MORE RISK TO PRIVACY AND IP
Intelligent systems use a combination of advanced technologies, such as artificial intelligence (AI), and large data sets to take on tasks once performed by humans, and to do things that humans cannot easily do—like finding hidden patterns in massive files of social media data that point to changes in consumer preferences.
Using AI and machine learning, companies can extract ideas for new ways to boost sales—a tweak in pricing, a design refresh, or a custom offer for specific shoppers. Behind the scenes, intelligent systems enable continuous improvement in operations—for example, optimising how production machinery is used or raising customer satisfaction in the call centre by analysing performance data.
Executives from companies represented in our survey are well aware of the risks that they are assuming with the wider use of intelligent technologies. More than 85 percent of South African executives cited cybersecurity concerns regarding AI, making it the riskiest new technology in their view. The same AI technology that enables banks to create sophisticated profiles of individual consumers to customise loan offers can also be used by hackers to track consumers’ online activity to steal account passwords.
Given the intersection of AI, machine learning and big data within businesses, companies will need to address both security and privacy risks. Protecting larger amounts and new kinds of sensitive data is a major concern for executives. Three quarters of respondents in South Africa, the same number as global respondents, said they believe that storing business-critical information, such as corporate strategy, trade secrets, and intellectual property (IP) on their systems will increase cyber risk; 65 percent have similar concerns about the risks they face in trying to protect sensitive customer data.
SELF-DIRECTING SYSTEMS ALWAYS NEED PROTECTION
In the future business, a good deal of work is done autonomously. The most obvious form of autonomy is robotics—the cognitive systems used to perform difficult, repetitive, or dangerous tasks in production processes. Nearly 60 percent of respondents in South Africa say that robotics will be a growing source of cyber risk. As was the case with IT systems, security was an afterthought in the creation of robots. But unlike a computer system, a powerful self-directed robot that is hacked could put employees in grave danger.
Autonomous machines are spreading rapidly beyond the factory. Flying drones are being dispatched to inspect power lines and refinery pipes. In the back office, robotic process automation (RPA) is being introduced to standardise and streamline a wide range of business processes. Often, this involves autonomous machine-to-machine communication, such as automatically generating an order in a supplier’s computer when the procurement system signals that inventory is running low.
Businesses also rely on application programming interfaces (APIs), which two thirds of South African respondents say will increase cyber risk. Open APIs used in platform-based business models, such as the Apple app store or the Alibaba eCommerce platform, enable third-party developers to interact with the company’s systems and data to design their own applications—such as iPhone games or AliExpress shopping apps.
A less obvious form of autonomy involves employee activity. Increasingly, companies are using virtual work arrangements for contractors or employees who work remotely, often using their own devices. These “mobile workers” interact with company systems and data over public networks, raising cyber risk. In South Africa, 62 percent of respondents said that remote work arrangements would create additional cyber risk, only slightly less than the two-thirds of respondents in the global sample.
TODAY’S SECURITY STRATEGIES ARE NOT WINNING -THE LAST WAR
The future is arriving before companies have developed a broad perspective on the cyber risks, responses, and remediation plans that are required in the new business environment. Today’s security approach will not be enough to win tomorrow’s battles. The connected, intelligent, autonomous business needs pervasive cyber resilience— with proven methods for keeping cyber attacks from crippling the business and security baked into everything the organisation does. Security expertise must be dispatched to the front lines and security must be embedded not only in IT, but in product design, business processes, and the daily work of employees as well.
Closing the gap between risk and protection
There is a growing gap between the risks that companies are assuming and their cybersecurity posture or strength. Companies are not hesitating to race ahead with investments in new tech-enabled ways of doing business, often in response to competitors and “disruptors” in their markets. But there is a disparity between what C-suite executives say are the emerging areas of concern and the cybersecurity strategies employed.
For example, while companies say that the growing volume of data exchanged with third parties is a risk, few companies attempt to ensure data integrity beyond their own operations. Forty-one percent of companies in South Africa rely on the protocols of the third parties or simply trust third parties to protect information that they share.
THERE’S A WIDE GAP BETWEEN RISK AND PROTECTION
There is a consistent pattern of gaps between awareness of growing risks and the protection afforded by current cybersecurity strategies
As Figure 1 illustrates, our survey data exposes a consistent pattern of gaps between awareness of growing risks and the protection afforded by current cybersecurity strategies. For example, 64 percent of respondents in South Africa say that open APIs will raise cyber risk, but only 20 percent said that open API technology is protected by their cybersecurity strategy—indicating a wide gap of 44 percent between awareness of risks and their protection. In South Africa, wide gaps are also found in smart products and customer data, and the BYOD/virtual work environment.
To close the gap between current capabilities and future cyber resilience needs, companies must update the way they plan and execute cybersecurity. Companies today are waging war with outdated, backward-looking battle plans. For example, 92 percent of companies in South Africa base their cybersecurity investments solely on today’s known risks and cybersecurity needs, and do not consider future business needs in the investment plan.
In general, companies are not governed, organised, and managed to deal with the pervasive risks of the future business. Responsibility for security is left largely to the chief information security officer (CISO) and the cybersecurity team, and it’s not surprising to learn that half of CISOs feel their responsibilities for securing the
organisation are growing faster than their ability to address them. Business-unit leaders are rarely asked to build security into product designs or other offerings—or held accountable for cybersecurity.
While most companies have hired a CISO or assigned cybersecurity to a C-suite executive, such as a CIO, these leaders often have limited impact beyond the security organisation. Nearly half of respondents in South Africa say the CISO is brought into discussions only after a new business opportunity has been agreed by top
management, for example.
Companies are doing little to spread security knowledge among employees and to create a “security-first” culture that will support pervasive cyber resilience. Only 29 percent of CISOs in South Africa—fewer than the low 40 percent at global level—said establishing or expanding an insider threat programme is a high priority.
HOW TO PROTECT THE FUTURE
To make the future business cyber resilient, companies must prepare for the risks that come with new business models and technologies, such as artificial intelligence and machine learning. Many C-suite respondents in our survey expect cybersecurity risks to diminish substantially in the next few years, thanks to new cybersecurity technologies.
But new technologies alone will not do the job. To build the pervasive cyber resilience needed for the intelligent enterprise to grow safely, companies need to embed security into everything that they do. Companies must instill a “security-first” mindset—connecting security to the business, making security everybody’s job, and extending protection beyond the boundaries of the enterprise.
Companies can start by developing a coherent cyber strategy and investment plan that focuses on the key issues of data governance and protection. They will need to disperse security expertise and accountability across the organisation, educate the workforce and customers, and work with strategic partners, third parties, and industry alliances.
We identify five ways to start building pervasive cyber resilience:
1 Make the business leader a trusted security partner
Today, cybersecurity tends to be highly centralised. Just 19 percent of companies in South Africa make business-unit leaders accountable for cybersecurity, even though business units are developing their own data-driven processes and conducting business online without involving the CISO at times. Business leaders should be held accountable for the security of their products, services, and operations—and be given incentives to embrace cybersecurity.
To disperse expertise, companies can create new security roles within business units to help with product design or protections for consumer data, for example. General Electric is one company that has created CISOs for region and business units. A primary goal for these frontline CISOs is to weave security into the product life cycle, ensuring that GE’s products are secure and the people and organisations using them are protected.
2 Make the security leader a trusted business enabler
Many companies have hired CISOs or other C-level executives to take charge of cybersecurity. But few security chiefs exert influence across the organisation. This is owing to many factors, including a lack of understanding of cyber risks among business executives, and sometimes, a failure by CISOs to take the initiative to collaborate. Only 34 percent of South African companies surveyed said that their CISO and business leaders collaborate on a cybersecurity plan and budget.
Security must be in the room when strategy is being decided and options are being weighed. Over 80 percent of executives in South Africa agree that the CISO will need a seat at the table when discussions about strategy, new businesses, and new technology adoption are taking place among business leaders. AT&T’s Security Advisory Council, for example, is a forum that brings security and business leaders together to address strategy and security priorities.
While CISOs and other security professionals are doing a good job defending companies against well-established threats, new roles and skills are needed to implement pervasive cyber resilience. One approach that reflects the wide-ranging needs of the future business is the creation of a “Chief Digital Trust, Security, and Resilience Officer” who can oversee security in the broadest possible context and serve as a bridge between security and business units, as well as with the CEO and board.
3 Make employees part of the solution
Cybersecurity experts polled by Accenture say that, after outside attacks, they are most worried about accidental or intentional acts by employees that compromise security, such as publishing confidential data or sharing a password with a hacker. Few companies, however, have placed a high priority on engaging employees in the cybersecurity effort. Despite their concerns about employees’ role in breaches, only 52 percent of companies in South Africa said all employees receive cybersecurity training upon joining the organisation and then receive regular updates throughout their employment.
Companies should make sure all employees are trained in the basics and given the tools to identify possible threats and assist in fashioning protections. For example, all Cisco employees go through the “Security Ninja” training programme, in which employees who master the basics earn a white belt certification. Software developers, engineers, and managers at Cisco can earn more rigorous green, brown, or black belt certification with modules customised to their roles, which focus on building products and services in a secure way.
Training and reinforcement can reduce the risk of employees accidentally helping cyber criminals. To catch employees who are actively pursuing or abetting cybercrime, companies can monitor employees, in addition to using standard data protection techniques. User and entity behaviour analytics (UEBA) systems, for example, can flag suspicious employee activity, such as unusual file transfers that could indicate criminal intent.
To enact an effective insider threat programme, the CEO must rally human resources, learning and development, legal and IT teams to work closely with the security office and business units.
4 Be an advocate for customer protection
Digital trust and privacy are becoming major factors for consumers in their purchase decisions. Consumers are now alert to the privacy cost of using social media, consuming free content, and shopping online. Companies in our survey say that managing customer requirements for data protection is the second most urgent priority for their cybersecurity investments, just after their top priority of preventing high-profile incidents.
Companies must make security a top priority in the design and development of connected products and services. Companies must also assure their customers that their data is not going to be abused and educate customers about data protection, going beyond regulatory compliance to build trust. Consider Danske Bank’s “Keep It Safe” programme, which helps customers learn how to protect their data. The programme provides advice on simple everyday routines and procedures that can protect consumer data and gives customers a way to test their computer security. The bank uses humour and a friendly communication style to make the material more accessible to consumers. Companies that make the effort to educate customers about how to protect themselves and are transparent about what they do with customer data will be rewarded. Turning this into companywide practice will take a clear mandate from the top.
5 Think beyond your enterprise to ecosystem.
The future enterprise might conduct business electronically with hundreds or even thousands of suppliers and partners around the world, each of which can expose the company to a cyber attack. Companies need to work with these ecosystem partners to jointly protect their organisations.
Companies should work with partners to establish mutually-accepted rules (which can be backed up in contracts) for protecting the data they share. Companies should also participate in the standards efforts that are underway in most industries and work across industries to share cybersecurity knowledge and services.
BT, for example, shares threat information with other large telecommunications companies such as Orange and Verizon, as well as with national security agencies. The progress on information sharing is also an opportunity to shape participation in standards organizations. In our survey, 51 percent of CISOs in South Africa said they are contributing to creating a cybersecurity standard for their industry. Over 80 percent of respondents said that they expect to collaborate with companies in different industries in the next three years to improve cyber resilience.
- SABRIC: https://www.iol.co.za/mercury/sa-has-the-thirdhighest-number-of-cyber-crime-victims-worldwide 15608267
- Norton: https://www.scidev.net/sub-saharan-africa/icts/ feature/cybercrime-africa-facts-figures.html
KNOW YOUR PLATFORM PLAY
Globally, most executives know they need to capitalise on new relationships and develop a network of digital
partners to position their businesses in emerging ecosystems. Over a quarter (27%) of the 3,000-plus executives that responded to a worldwide Accenture survey said that digital ecosystems are transforming the way their organisations deliver value. 81% said they expect platform-based business models to be core to their growth strategy in 2018.
Why? Digital startups have used platform models to reach $1 billion valuations in just four years, a feat that Fortune 500 companies previously took 20 years to do. Credit the network effect—the more participants that join the platform, the greater the value for everyone involved. The other big reason? The platform revolution is disrupting industries and dramatically changing how business is done. Linear, resource-heavy, producer driven industrial business models are giving way to many-sided, demand driven platform models. Companies can now create ecosystems with their businesses at the centre, changing the very way they compete and create new value.
Consider Pegasus, a mobile payments platform. In East Africa, mobile-network operators give citizens added purchasing power via mobile wallets, even though these payment types are not integrated with all businesses looking to accept mobile payments as an option. To bridge the gap, Pegasus integrates utilities and other service providers on its platform too. This gives customers the ability to pay their bills with their wallets from a range of mobile operators. The service now oversees 200,000 electricity payments per month, totalling $10 million in pass-through value.
In South Africa, not every company needs to be a platform provider. While some organisations may have this opportunity, most will find it cheaper and faster to leverage existing platforms to enter new ecosystems and become enablers or collaborators in building new products, services and customer experiences.
Well-established large enterprises can embrace platforms as well. Seeing that an effective platform can provide efficient demand and-supply matchmaking to the stakeholders, the principles can be applied in many business areas; from logistics to HR and procurement to innovation.
The best platforms are however more than matchmakers. Platforms can be combined with other advanced technologies to reduce risks and guide the incumbents to find the best solutions. Such smart platforms increase the strategic adaptability of large enterprises by enhancing their resource elasticity, efficiency of liquid workforce practices and adaptability to the ever-changing environment.
Regardless of whether they are providers of platforms or participants in others’ offerings, all companies will have to excel at leveraging the strength of platforms in their ecosystem to maximise their success.
That way, they will successfully capitalise on the innovation of the entire ecosystem instead of only the resources within a given company or even industry.
GETTING PLATFORM READY
1 CREATING AN ENABLING ENVIRONMENT
South Africa is a country struggling with high unemployment and anaemic growth– its economy is expected to expand by just 1.5% in 2018, one of the lowest rates in sub-Saharan Africa according to the World Bank. A platform economy would provide a much-needed salve. The problem is the country is simply not platform ready, despite being home to the highest number of digital platforms in sub-Saharan Africa.
Figure 1: Platform Readiness Index Rankings
South Africa ranks 14th out of 16 G20 countries on the Platform Readiness Index and is expected to remain in this position by 2020.
Accenture’s Platform Readiness Index benchmarked G20 countries on factors that create an enabling environment for digital-platform adoption. The index measured the maturity of the digital population and market based on its size, savviness, culture and spirit of collaborative innovation. It also looked at the quality of each country’s technology infrastructure and assessed market regulation.
South Africa ranked near the bottom. Why? A poor enabling environment. For a country to be platform ready, our research shows that five common factors are key enablers for platforms to develop and scale successfully:
1 Digital user size and savviness: The scale of the market matters. Countries with a large digital user base and uniform culture, language, and regulations have a competitive edge. South Africa has a relatively small digital customer base, and South African consumers make limited use of internet channels to transact, which
indicates low digital savviness.
To remedy this issue, governments must incentivise the development of digital uptake or adoption. Businesses operating in smaller markets, like South Africa, should adopt market expansion strategies into adjacent geographies or markets.
2 Open innovation culture: Innovation relies increasingly on collaboration. South Africa’s just over $2 billion spending on research and development is modest, indicating a lack of innovation. Large companies need to design new open organisation structures, processes and governance to manage platforms’ open ecosystems, while embedding a collaboration culture. Governments need to foster innovation hubs, bringing together universities, laboratories, start-ups and large businesses.
3 Technology readiness: The status of technology and digital assets, including levels of connectivity and investment in next-generation technologies—such as the industrial internet and artificial intelligence—will influence platform generation, growth and scale. In South Africa, information and communications technology assets only make up 8% of the total assets, compared with an average of 15% in G20 countries. South Africa has the lowest level of technology preparedness of all its G20 counterparts.
4 Digital talent and entrepreneurship: Science, technology, engineering and mathematics (STEM), entrepreneurial and creative skills are fundamental in enabling digital innovation. South Africa has few STEM graduates. STEM skills must become an educational priority for governments, and must be nurtured by businesses to grow the talent pool
5 Adaptive policy and regulation: Policymaking requires collaboration, especially in complex areas such as data privacy, blockchain and cybersecurity. Cybersecurity regulation in South Africa is not as advanced as in other countries. There is little supporting digital legislation, and few frameworks to guide or incentivise digital adoption or growth.
To encourage platform development, governments and policy makers must:
- Prioritise data protection standards and rules. Drive the harmonisation of data privacy and data security legislation.
- Design regulations with digital platforms in mind. Be strategic about future regulation to encourage experimentation with new technologies and business models, while helping to reduce investment risk.
- Actively encourage cross-border electronic trade. E-commerce is a game changer but requires greater harmonisation of taxes and standards, consumer protection, contract laws and the development of an internet and logistics infrastructure.
- Invest in digital infrastructure. African countries differ in the prevalence of reliable, low-cost, high-speed broadband and the level of consumer trust in transacting online. Focused government programmes can accelerate internet penetration and adoption.
- Think small, act big. Governments should educate users to enable platform adoption and growth. Initiatives on consumer protection and redress can improve consumer confidence in digital transactions.
SHIFTING MINDSETS IN SOUTH AFRICA
In discussing these challenges during a recent discussion held at the University of Pretoria’s GIBS Business School, South African industry leaders underscored the country’s poor physical infrastructure, skills shortages, and lack of a stable government—which, taken all together, are getting in the way of the country’s platform readiness. The attendees’ overall conclusion on the issue? Mindsets need to change. Traditional linear business models and political and economic uncertainty in the country have engendered a scarcity mindset, where victory means success at the expense of someone else. This needs to shift to an abundance mindset, where success brings mutually beneficial results to all involved.
To succeed in a platform economy, South African companies will need to address not only these technology and societal issues but also their own business value and competitiveness. The good news is, according to Accenture’s Tech Vision survey in South Africa, almost two thirds of local executives are already taking steps to participate in digital ecosystems, albeit at a slow and moderate pace due to uncertainty regarding future markets and cybersecurity issues.
REPOSITIONING FOR PLATFORM ECONOMY SUCCESS
Can companies fast track their success in a platform economy? The opportunities are immense but for many South African organisations, the platform journey has only just begun.
- Re-assess customers’ needs. What do your customers need in the age of digital disruption—and how can you adapt to deliver it?
- Make yourself indispensable. Become a critical part of the integrated solutions that customers demand—determine where you will position yourself in the value chain and what your sustainable, competitive position in the digital ecosystem will be.
- Question your value proposition. Moving from observing to acting needs to be a key priority for industry leaders because if you don’t offer it, your competitors will. Decide whether you are going to be a platform; a platform across platforms; or a developer of apps and services on other people’s platforms.
- Prepare for the new normal. Now is the time to examine whether you have the capabilities you need to fulfill your value proposition successfully and to transform your operating model and culture
- Make your ecosystem successful. Think about how you can deliver ongoing value for your value proposition within your ecosystem, versus just relying on it as a transaction-based partnership. Consider yourself as a key driver of your ecosystem development, independent of which role you are playing. Encourage existing and new ecosystem partners to participate.
2 GROWING CRITICAL MASS
Companies in South Africa must do more than create an enabling environment; they also must create a critical mass.
In the initial stages of platform development, platform owners often emphasise critical mass over profit generation while maintaining a focus on value creation. For example, Alibaba’s Taobao platform initially used free listings to gain user momentum. In the process, they personalised the user experience, introduced a wide range of horizontal services, and protected customers by addressing security and counterfeit issues.
The argument for any small sized country, like South Africa, is that the company must consider a wider reach in the design stage itself, i.e. the digital platform strategy of a South African company must eventually target to bring other African markets into its fold after launch and stabilisation in the home market – only then can the scale benefits or network effects be realised. Even Alibaba, despite its access to a huge domestic market, has
not limited its footprint to China but expanded to other countries.
Figure 2: Accenture Platform Economics Model
As Figure 2 shows, critical mass is a function of proposition, personalisation, price and protection, orchestrated by the owner in collaboration with an ecosystem of partners. Each of these five Ps takes on new meaning as companies move from traditional “pipeline” businesses which succeed by enhancing the activities in their value chains, (most of which they owned or controlled) to platform businesses (which bring together consumers and
To grow critical mass and generate the network effects crucial to the success of platforms, platform owners need to focus on the five P’s.
1 Proposition. Continuously innovating the platform value proposition and business model will create value for all ecosystem participants.
For example, RecoMed assists patients to find and make appointments with quality healthcare providers 24 hours a day, seven days week without any phone calls or paperwork. The company has become South Africa’s largest and fastest growing online healthcare booking platform with over 100,000 patients and 1,500 providers connecting with each other every month.
2 Personalisation. Targeting individuals and organisations across all channels at scale relies on mass personalisation. The aim is to understand customer intent, then target them through tailored experiences across all channels, using customer data to anticipate needs and offer bespoke experiences.
Takealot.com, a South African online retailer, has partnered with predictive-customer analytics platform provider Zodiac to bring its powerful, forward-looking insights to its marketing efforts. Takealot.com uses Zodiac’s predictive metrics to gain insights into high-churn-risk customers and to improve its customer acquisition and retention strategies.
3 Price. Pricing strategy differentiates platforms from traditional businesses and presents a dynamic opportunity for greater flexibility and reward. Apply new pricing models such as pay-as-you-go “freemiums,” reward programmes, and surge pricing to respond to peak demand.
Industry players like banking leader FNB and health insurer Discovery have partnered with Takealot.com, offering customers the option to pay for their Takealot. com orders using eBucks and Discovery Miles. Takealot.com offers over six million products, giving FNB and Discovery customers a rich selection of goods to purchase with their rewards currencies.
4 Protection. According to Accenture’s Technology Vision research, over a quarter of South African executives’ rank cybersecurity as the top concern for participating in digital ecosystems. Customers need to be sure the right safeguards are in place. An effective platform strategy must also establish the appropriate governance framework and clearly articulate the policies to all stakeholders. These good practices prevent unnecessary complications and clarifies the rules of engagement. It is important to embed trust at the heart of the platform, using both prevention and compensation techniques to attract customers and differentiate the platform.
E-commerce payment-services provider PayGate (acquired by DPO Group9 in 2016) partnered with global fraud-prevention company ReD10 to provide added protection for South African online merchants. As e-commerce in the country increases, more local merchants will do business outside the country’s borders, increasing demand for expanded protection for merchants.
5 Partners. Digital partners improve the potential for platforms to scale rapidly and robustly. Identify digital partners, such as application developers and payment service providers who can enrich the platform experience and fulfil customer needs.
A platform with a carefully crafted a multi-sided value-proposition will be well-received. An effective platform embraces its customers as partners. Continually educating and engaging the partners will be crucial to the overall success. Implementing creative ways that permit the users to help you to help them will also increase the impact of a platform. Cultivating servanthood leadership, cultural intelligence and mechanisms to embrace diversity will be helpful for platforms that intend to compete both locally and globally.
Payment services provider PayGate launched PayPartner11, a support and rewards programme for the community of web developers using its services. Companies turn to developers for advice on how to implement e-commerce and what payment services provider to choose. Approved developers receive rewards for referrals as well as free shopping cart plugins. In addition, developers get their own back office area where they can track the performance of each client and get all the information they need to manage them effectively.
In another example, e-commerce payment provider DPO PayGate has opened its application programming interfaces (APIs)12 to developers as the company strives to expand the use of its payment gateway technology. The API will allow developers to implement e-commerce payment facilities on websites and increase security for online transactions.
CREATING THE MULTIPLIER EFFECT
How African companies and governments react to the change brought about by the platform economy will define their prospects going forward. Entrepreneurs, large incumbents, and policymakers all have a role to play in establishing a vibrant platform economy. However, the task ahead is not just reimagining new business models and markets; digital platforms will play a significant role in driving growth and jobs across the continent and transforming economies—the network effect is the bigger prize we must aim for.
- The Platform Readiness Index is a proprietary model developed by Accenture covering 16 G20 countries and takes into account 30 quantitative indicators. G20 YEA paper, “5 ways to win with digital platforms” – https://www.accenture.com/usen/_acnmedia/PDF-29/Accenture-Five-Ways-To-Win-With-Digital-Platforms-Full Report.pdf
- Accenture Technology Vision 2017
- Platform Strategies: How the rules of competitiveness have changed in the era of ecosystems, Accenture, 2016
- “The Business of Aggregators: A Changing Market,” CGAP, February 10, 2016. http://www.cgap.org/blog/business-aggregators-changing-market
- “RecoMed – Supplier Profile,” Terri Chowles, March 1, 2018. http://ehealthnews.co.za/recomed/
- “Takealot.com Partners with Zodiac to Get Predictive Customer Insights,” Carrie Brunner, December 14, 2017. http://nbherard.com/scitech/takealot-com-partners-with-zodiac-toget-predictive-customer insights/37563
- “eBucks partners with online retailer,” Gareth Vorster, June 12, 2012. https://businesstech.co.za/news/internet/15162/ebucks-partners-with-online-retailer/
- “Use Discovery Miles on TAKEALOT.com,” IT-Online, February 14, 2013. https://it-online.co.za/2013/02/14/use-discovery-miles-on-takealot-com/
- “PayGate Re-brands, Extends Reach Into Africa,” PayGate, April 11, 2018. https://www.paygate.co.za/paygate-re-brands-extends-reach-africa/
- “PayGate bolsters security with ReD,” PayGate, January 30, 2015. https://www.paygate.co.za/paygate-bolsters-security-with-red/
- “PayGate launches PayPartner programme,” PayGate, August 4, 2015. https://www.paygate.co.za/paygate-launches-paypartner-programme/
- “SA e-commerce gets API boost,” PayGate, June 9, 2014. https://www.paygate.co.za/sa-e-commerce-gets-api-boost/