Cyber chaos versus climate chaos
It is not if, but when, they will hit your company.
Companies around the world are being hit by cybercrime. I'm told that it is not if, but when, cybercrime will have hit and affected all businesses and households.
The recent attack on Equifax affected 143 million U.S. citizens plus citizens from Canada and the United Kingdom. At this point, nobody knows how many will be affected by identity theft, which potentially will turn lives upside-down.
Insurance companies are selling policies and businesses are using time and money to ensure that their systems are checked and protected to the best of their abilities. Cybersecurity is on companies’ board agenda and contingency plans for what to do when the chaos strikes. Still, when the catastrophe hits, most companies and individuals talk about being paralyzed, although the preparation and mitigation efforts have helped.
Some would say that we just have to adapt to the "new normal" and accept that cybercrime is something to be well-prepared for. For companies that are affected, it doesn’t only affect the business for a few days but also its customers’ businesses, and creates sleepless nights for the board, C-suite and many employees and advisors.
Much time and many articles are being devoted to talking about the criminals that are behind. And many hours are being devoted by the world's best minds from the world's cybercrime prevention organizations — all to try to catch the bad guys and minimize the losses to the economy. Cybersecurity has become big business.
But even though cybercriminals can destroy a company, it doesn't destroy the physical surroundings or take human lives. After all, it is happening in cyberspace. The world goes on and other companies invest even more hours and dollars in protecting their business, as they learn from the mistakes and misfortunes of others.
When it comes to climate change, there are many similarities.
As with cyber-disruption, it is not if, but when, climate disruption and chaos will affect businesses and households all over the world. Just ask the companies and employees affected by the hurricanes, flooding, wildfires and earthquakes we have seen in the past month, including hurricanes Harvey, Irma, Jose and Katia. With the speed of new hurricanes, we will get to Hurricane Zoe before the year is out and start over at the top of the alphabet.
Then there are the floods, including in India, Pakistan, Nepal and Nigeria; the forest fire in Manitoba, Canada, and heartbreaking catastrophes such as the earthquake in Mexico. Unfortunately, climate chaos seems to be the new normal.
As with cybersecurity, insurance companies are selling policies so that we feel protected against flooding, fire, hurricanes, etc., while we also ensure that we are prepared and are mitigating or adapting to all the risks.
Or are we?
Out of gas
Businesses, households, cities and countries were not as prepared for the climate change chaos the last month as we could have hoped for. Even less prepared than the companies in the hardest-hit areas are many of their suppliers as well as their customers. This includes the end consumers who have seen a spike in gasoline prices, as Harvey affected more than 30 percent of U.S. refining capacity. A number of pipelines that move gasoline to regions outside the Gulf Coast are reporting limited capacity or closures, restricting deliveries of fuel to many parts of the United States.
That’s just today. Who knows about the long-term consequences of flooding, drought, fires, storms and earthquakes around the world? How will they affect drinking water, or our choice of where to build the next factory and where to source from? How will they affect our ability to have goods shipped and the capability of airlines to fly you to see business partners or loved ones?
Are corporate boards discussing how to mitigate or adapt to a world with climate chaos? Or is the discussion only about how much to donate to help? Are boards and C-suites talking about their responsibility, ability or opportunity to ensure that their company and supply chains are climate-resilient? How much time is devoted to talking about where customers are located and if the customer base could get hit — not only in cyberspace but in the physical world where the price to be paid is much more than pecuniary?
Boards in Canada, where I spoke late August at the annual conference of the Governance Professionals of Canada, are paying attention. In an interactive survey, 66 percent reported that either climate change or other sustainability issues will be on their board’s agenda this year. This might be due to investors engaging with the board on sustainability issues either regularly (13 percent) or occasionally (40 percent).
At the conference, I pointed to the then-recent flooding and wildfires, and told attendees that companies need to think about the full range of potential risks they face from climate change. Those may include problems with their supply chain that could affect delivery of services and products, or challenges by employees trying to get to work.
We need to use the same diligence when dealing with climate security as we do with cybersecurity. Unfortunately, climate security seems to be further down on the boards' agenda. Are companies focusing resources on preventing cyber risks because we can identify — although seldom catch — the criminals, while it's harder to identify the criminals behind climate disruptions? Or because cybercriminals target one company at a time while climate disruption hits many?
One explanation: We seldom think that climate chaos will be that bad until it hits us. And then it is too late.
Or perhaps it’s because we don't believe that we can mitigate climate risks. If that is the case, there is good news, as all companies can make strategic choices that not only will have a positive impact on the company but also on its stakeholders and surroundings.
The late CEO of Interface, Ray Anderson, once said, "In the future, people like me will go to jail," pointing to the pollution caused by his company before establishing a new sustainability course.
I don’t think we'll need jails. Rather, we'll need to use our brains to ensure that we are prepared and not just responding to changes, but working to change the direction we are heading. That can start with a plan to be prepared, followed by a plan on how to be part of the solution. I’m sure that your customers, employees and other people you value will thank you.
We also need the companies that were hit by climate chaos to share their stories — as the stories about cyber attacks have been widely cited in media, and ensured that companies are being more aware and prepared for when chaos hits.
I encourage leaders from companies affected by climate change, directly or indirectly, to share their stories and the time and money that they must spend to get back to "normal."
And I ask corporate boards around the world to ask a simple question: Are we prepared for the consequences?
