Business Today

'Cyber risk sizes up to significant; risk, opportunity are two sides of same coin'

In an interview with Business Today, Sam Balaji, Global Risk Advisory Business Leader for Deloitte Touche Tohmatsu and Vice Chairman on the US Board of Directors, explains how risk pattern is changing and how companies take advantage of the risk.

twitter-logoNevin John | December 26, 2017 | Updated 17:08 IST
'Cyber risk sizes up to significant; risk, opportunity are two sides of same coin'
Sam Balaji, Deloitte Global Risk Advisory Chief

In an interview with Business Today, Sam Balaji, Global Risk Advisory Business Leader for Deloitte Touche Tohmatsu and Vice-Chairman on the US Board of Directors, explains how risk pattern is changing and how companies take advantage of the risk.

Post the financial downturn we have seen a lot of changes in the total risk portfolio. How is it now and what do you think are the new age challenges?

Financial risk is obviously a very serious, which has impacted not only banks and financial institutions but almost everything. What is quite evident today is 'brand and reputation risk'. This is a very significant, top of the mind issue for CEOs as well as board of directors. The other is cyber risk, which we read about every day in the newspapers. It is a distinct risk in itself. Historically it has been perceived as a technology issue, but it actually is a much more significant brand and organisational reputation issue. So, these are probably the most frequent risks that we are seeing today. We are seeing a lot of disruption that is pushing the frontiers in risk. In my view, risk is a strategic issue. We are actually seeing that leading organisations are taking advantage of risk in a very different way than they have in the past. They are focussing more on business of tomorrow, as opposed to where they stand today. Earlier their actions have been compliance based, but today one can't afford to do that anymore. As a consequence of disruption and volatility, a lot more people are using risk to capitalise on trends and take advantage of changes in order to subvert the status quo and disrupt themselves before they get disrupted.

So you mean to say one should foresee the kind of business and evolve according to that?

With innovation and adoption of artificial intelligence, cognitive computing, quantum computing and machine learning, I think a lot of this can be put in perspective. But, at the end of the day, senior executives have to make judgement calls and be resilient enough to figure out how to capitalise on an opportunity. They also need to balance the said opportunity with its associated risks. Opportunity and risk, after all, are the two sides of the same coin.

When did this transformation come about? How has this transformation impacted our approach to risk?

Our approach has always been evolving. The financial crisis and the events after that led to a massive change across businesses and business models. We are still in a big economic boom globally, but what is different now is the pace of change. The pace of technology disruption and innovation we are witnessing today, is much more significant than it has been in the past. If we look back, every ten or fifteen years there have been big technology booms. In the late 90's, early 2000s we had the dot com boom. I truly think, the rapid innovations in technology are changing people's views on business, and introducing a lot of start-ups that are disrupting traditional business models... The other change that can be seen is that, people have been vertically integrated in their enterprises, doing everything themselves. However, now they are moving towards ecosystems: picking core competencies and sticking to them, and thereby recognising that you don't need to do everything yourself to be a successful business. The more successful companies have actually changed their business models as opposed to sticking to the tried and tested rule. It is important to understand that to preserve the business model, one has to change the business model to get into newer businesses.

In India, many corporate houses in manufacturing have entered into new businesses like financial businesses. B2B company like Reliance invested huge capex into B2C telecom. Do you see it as risking the portfolio or see it as calibrated opportunity hunt?

As I said, risk and opportunity are two sides of the same coin. Your approach needs to be balanced when you take on new projects. Many organisations are reinventing themselves and their business models and what you just described are examples of those. If you look at even Amazon in the US, they started as a book retailer and today it is the biggest cloud computing platform. If you look at Netflix, it started as a DVD subscription service, and now they have completely reinvented themselves. Jio is an obvious one. Reliance started as a conglomerate specific to one vertical and then moved to multiple ones. We'll see more of this in the future as a consequence of blurring industry lines. People can no longer restrict themselves to one sector.  They have to bring competencies from multiple sectors which will help them differentiate and win.

How is the risk appetite evolving in the India as compared to the other developed economies?

Rohit Mahajan (Leader Risk Advisory, Deloitte India): I think, when you look at it from an Indian perspective, there has been a significant transformation in the industry. So, if I take an example of an ecommerce company, and there are a couple of them which are very large, we have really seen convergence. Today, if you order online there are several players involved like telecom, banking, e-commerce as also there is an entire supply chain. With the entire convergence of industry, the definition of risk is changing. It is no more just about compliance. In the past, when it came to compliance, India has been very reactive. We in India have always looked at compliance as a cost. However, that is changing. Compliance is being looked as an investment because it no longer can be ignored. If you don't comply, you are obliged to pay penalty. At one point in time penalties used to run in lakhs, today penalties are running into crores. It is pinching companies really bad. Having said that, in India the mind set is changing and it is becoming more risk averse, rather than figuring out what to do as and when things go wrong. Organisations are proactively anticipating situations and taking precautionary action. Hence, the mindset is changing but there is still some way to go if you compare it to some of the more developed economies. But, we are definitely moving in the right direction.

When you talk about cyber risk, which are the major areas really coming to your mind?

Sam Balaji: There are many different facets of it. Before the internet, everything was isolated. Hence, cyber was not an issue. But today, in not only an interconnected world but also interconnected ecosystems, you can go into organisations and disrupt their business by paralysing their infrastructure. You can cause a brand issue by publishing sensitive information about the company, or fake news for that matter. Intellectual property theft can also be one of the areas of concern here given the sheer number of ransomware incidents the companies have had in the recent past. So, my view is that cyber is going to be the new dimension that would need constant re-investment. Many of the boardroom conversation today, are about stepping up the amount of cyber investments in order to constantly evolve in accordance with the changing technology and cyber environment. Every day, some or the other incident that has impaired the business or the brand or a combination of both, gets published in the newspapers. Conduct of the companies is a big issue, especially because it brings the accountability of the board of directors into question. Therefore, one needs to effectively manage risk.

What are the kind of risk issues specific to India that are getting highlighted globally?  How do the multi nationals see us?

If you rewind the clock and look back, geopolitical risk was very real at one point in time. I don't think it is an issue any more. I actually think there have been a lot of positive things over the last few years - changes that the government has introduced over time towards ease of doing business in India. There have been some bumps along the road but that is no different from what the mature economies have faced in the past. So, all the changes have actually been positive. Multinationals are not only looking at India as a big source of talent and labour but also as a big market. Think about the market of the future. This is where we have the largest middle class. India and China are going to be big markets. It is important for global business to recognise that irrespective of where they are located.

How did the exercise of demonetisation get perceived the world over?

It actually got a positive reception. Nobody else had done it before, especially at this scale. The move fostered the process of digitisation in many businesses including the smallest business that everyone deals with. Moreover, it brought in greater transparency. Time will only tell about the long-term impact it will have but it has been viewed as incredibly courageous and positive move by the rest of the world.

GST came in after that and made massive changes...

GST will transform multiple supply chains. Many corporations, if not all, will have to introduce massive changes to re-optimize themselves, because all businesses eventually have to optimize to the environment they are put in to survive. And that is why I said, people who embrace change, and view risk as a strategic enabler, will get differentiated in the market and do better than others.


  • Print

A    A   A