The world is getting to be increasingly complex, fragmented and polarized. A sharper focus on sustainability, a constantly evolving regulatory environment and emerging geopolitical and other risks are continually impacting technology organizations as they are enterprise architectures going forward.
Driving sustainability across the ecosystem
From a sustainability standpoint, most companies are looking to industry norms and regulatory guidelines in order to reduce scope 1, scope 2 and scope 3 emissions – but in many cases the regulators are seen to be moving slowly, and the industry leaders are choosing to pave the way. And in most cases, data is seen as a primary key to unlock this.
As an example, in the dairy industry - where 86% of carbon emissions come from the biological process – data becomes critical in reducing emissions – from incentive programs for farmers to sharing best practices from farm to farm. Similarly, in the FMCG industry, sharing sustainability and substitution information with retailers is enabling better choices and driving reduction in the carbon footprint through a better understanding, and substitution of components. One last example is in the energy industry where data is driving product design – and a three-tiered approach is evolving: creating energy out of carbon, improving the way hydrocarbons are produced globally, and launching green coding initiatives.
Large global corporations are increasingly leveraging their buying power to influence the market and pressure the supply chain to be more eco-conscious, by setting carbon targets for partners and tracking their progress.
Balancing agility and regulatory pressure
Regulations are fast evolving across the world, and technology teams are redesigning enterprise architectures in light of significant uptick in regulations related to critical infrastructure, privacy, security, and data.
The financial services industry is at the forefront of the regulatory dynamic and perhaps provides a glimpse of what’s to come more broadly. Many financial institutions work with some 100 plus regulators around the globe - covering both consumer protection areas as well as prudential requirements specifically governing the systemically significant institutions.
Regulatory overhead is increased when operating in multiple jurisdictions, and organizations must be ever more resilient to changing regulations. The challenge is to work through new laws in an affordable manner while maintaining speed and innovation. The other challenge is that while regulatory acts are very precise, categorization of risk and defining consequential decisions is left to the companies to work out – in a world without precedents or operating manuals. As an example, the European AI act means that technology organizations must stratify the risks and clarify what decisions they are going to make with data. While tight governance drives responsible AI deployments, the cascading data related regulations also drive significant cost impact. At the extreme, one way to look at this is that life is risky, but we seem to want to quantify every possible risk - and this drives spiraling cost expansion if not managed in an agile and balanced fashion.
New risks on the Horizon
One of the areas that is getting stress tested is resilience and recovery - and specifically the distressed exit of third-party providers - including cloud services providers. Indeed, as cyber security has changed the landscape for cloud outages, the “extreme and plausible” scenario - which previously didn't apply - what if your cloud provider went away - now becomes plausible. As a result, the challenge of “how do you disconnect from a Microsoft/Amazon/Google” is a meaningful one some are wrestling with today. More broadly the heterogeneity of third-party players is now introducing significant risk and needs to be managed.
Threat surfaces and threat actors are getting increasing complex challenge to stay ahead of. Nation-state attack consistently rises to top of the risk list – in particular for corporations with critical national security classifications – but also more broadly - not only because of heightened activity but also because of the ability to have a large impact. In Ukraine, for instance, we very much saw cyber as the first attack surface - before power, water, energy, food and war.
In addition, Generative AI - now with enhanced multi modal and a strong emotional quotient capabilities, is almost commoditizing cybercrime with highly contextualized deep fakes. With quantum computing now closer on the horizon, it will drive associated change management and cost impact. Correspondingly there’s been a significant uptick in regulations globally covering critical infrastructure to privacy, we are tracking over 20 laws globally, and there is an urgent need to educate the board on the importance of cybersecurity investments.
One other risk appears to be the increasing concentration of power in the provider space - from LLM to GPUs - and vendor-locked-up infrastructure is increasing exposure to price increases and associated financial risk. In addition, the high concentration of tech power in certain countries (US, China, UK, UAE), as an example for LLMs, is also seen as a long-term risk – as it has implications on bias, inclusiveness and digital ethics. Related, there is a concern that some parts of the world, like Europe, are getting weaker long term in competitiveness because of underinvestment and lack of innovation in AI.
A different set of risks deriving from the growth of digital in organization is mental health of employees and the impact of technology. Employees are increasingly overwhelmed by information and “infobesity” is a new emerging challenge. With the incorporation of Generative AI into daily tasks, there is a risk of “synthetic accomplishments”, diminishing the sense of accomplishment amongst employees.” Some companies are considering including employee mental health into their ESG programs, at the same level as physical health. Personalizing the employee experience and training programs can help bring more diversity of thinking into organizations.
Final thought
As new, unanticipated risks emerge, the use of AI to identify risks is also on the rise – can LLMs become a risk advisor? At the end of the day, each company needs to determine its own appetite for risk, along the axes of complexity and impact.
Executive Technology Board (c) | North America & Europe