Issue Twenty Nine
September 2023
In a world where digital transformation is no longer optional, businesses are racing to harness the full potential of AI advancements, a journey fraught with both unprecedented opportunities and evolving threats. McKinsey's recent study in the banking sector unveils the remarkable dividends awaiting digital leaders who dare to reimagine the end-to-end process, leveraging AI not just as a tool but as a catalyst for holistic transformation.
Yet, as organizations forge ahead in this digital frontier, they find themselves navigating a minefield of ever-sophisticated cyber threats. The integration of generative AI platforms in phishing schemes is revolutionizing the cyber threat landscape, with hackers crafting personalized and convincing malicious content that can deceive even the most vigilant individuals. The threat magnifies with the innovative misuse of QR codes, a tactic that leverages the inherent trust associated with these codes, ushering in a new era of cybersecurity challenges.
As we stand at this pivotal juncture, the call to action is clear: organizations must foster a culture of continuous innovation and vigilance, nurturing a workforce adept at recognizing and countering emerging threats. The road ahead demands a harmonious marriage of innovation and caution, steering a course where progress and security go hand in hand, ensuring a future where the digital landscape is both a powerhouse of opportunity and a fortress of security.
ZEROING IN
The Value of Digital Transformation
In the world of business, the call for digital and AI transformations has become increasingly loud. Business leaders, shareholders, and board members are seeking the tangible benefits of these transformations, but many organizations seem to fall short in realizing the full potential of their efforts.
Though 89% of large companies globally have embarked on digital and AI transformations, they have only captured 31% of the expected revenue lift and 25% of expected cost savings. This raises questions about the true value of such endeavors and whether they are worth the investment.
To shed light on the value of digital transformation, McKinsey researchers turned to the banking sector. Analyzing a unique longitudinal dataset of 80 global banks, they identified 20 digital leaders and 20 digital laggards based on specific metrics. They then assessed the financial performance of these banks against key digital and AI capabilities.
The findings were striking: digital leaders significantly outperformed laggards in creating shareholder value. Between 2018 and 2022, digital leaders achieved average annual total shareholder returns of 8.1% compared to 4.9% for laggards. The leaders also demonstrated better return on pre-tax tangible equity (ROTE), growing it from 15.5% in 2018 to 19.3% in 2022, compared to laggards' growth from 13.6% to 15.3%.
The success of digital leaders can be attributed to their ability to drive revenue growth and control expenses. Leaders grew their active customer base and retail revenues at an annual rate of 0.5% and 0.8%, respectively, while laggards experienced stagnation and decline. In terms of operating expenses, leaders' growth rate was 1.3% per year, significantly lower than laggards' 2.3%.
Digging deeper into the drivers of value creation, the research revealed that mobile app adoption was not a significant differentiator between leaders and laggards. Instead, the key differentiator was the extent of digital sales growth. Digital leaders managed to increase digital sales from 40% to 70%, while laggards only achieved growth from 8% to 17%.
The reason for this gap lies in the approach to digital transformation. Leaders go beyond just implementing mobile apps; they focus on transforming the end-to-end process, from origination to fulfillment to servicing. This involves orchestration of multiple teams developing digital and AI innovations across customer journeys and core business processes.
At the front end of this process, leading banks deploy personalization analytics and digital marketing campaigns to bring relevant offers to customers. In the middle, they create an omnichannel experience that seamlessly integrates online and offline interactions. At the back end, they enable customer self-servicing through well-designed digital workflows.
The transformation also extends to contact center staffing, where laggards saw a 20% increase over five years, while leaders managed to reduce staffing by 11%. This reduction was achieved by fulfilling customer demand online and providing effective self-servicing capabilities.
To outcompete in the digital age, companies need to develop six core capabilities: creating focused transformation roadmaps, building a quality digital talent bench, mobilizing cross-functional teams, adopting modern software engineering practices, creating data products and modern data architecture, and implementing effective change management.
Through a blind assessment, leaders were found to excel in these capabilities, with talent and operating model standing out as the most differentiated. Leaders understand the importance of attracting top-notch talent and empowering them to drive digital innovation. Their operating models emphasize agile cross-functional teams, enabling quick and effective solutions development.
Digital transformation is not a one-time project but a continuous journey. To succeed, organizations must embrace a holistic and strategic approach. It requires a shift in mindset, a culture of continuous innovation, and a relentless focus on delivering value to customers.
“A digital and AI transformation, however, cannot be done in “special project” mode. To pull this off, the entire organization must be able to deliver constant digital innovation, which requires a holistic set of capabilities. The effort is significant, but so is the reward.”
While this study focused on the banking sector, the lessons of digital transformation extend to all industries. Embracing digital transformation is essential for organizations seeking to remain competitive and thrive in the ever-evolving digital landscape. By understanding and harnessing the true value of digital transformation, businesses can unlock growth opportunities and drive sustainable success in the age of digital and AI.
SQ Insight: Kenneth Holley - Chairman
Generative AI Could Revolutionize Email—for Hackers
In the realm of cybersecurity, our environment is constantly shifting. For those who recall the early days of phishing, the attackers' attempts were relatively transparent emails filled with grammatical inconsistencies, absurd propositions, and evident errors. Yet, recent developments indicate that these times are rapidly becoming a relic of the past. With advancements in artificial intelligence (AI), the nature and sophistication of phishing attempts are evolving at an unprecedented rate.
Historically, phishing emails were easily discernible. Their primary objective was to deceive the recipient into revealing personal information or engaging with malicious links. Their hallmark? Poorly constructed narratives filled with glaring linguistic mistakes. Today, however, we witness a paradigm shift in their composition and impact.
Pioneering AI platforms, such as OpenAI’s ChatGPT and Google's Bard, are at the forefront of this change. Their capabilities extend beyond simple text generation; they can emulate human language nuances with unnerving precision. Such platforms no longer produce generic, error-laden content; instead, they generate tailored messages that resonate on a personal level with their targets.
The implications of this are profound. Advanced AI tools can harness data from various online sources, ranging from social media to news articles, constructing a digital profile of potential victims. By merging this wealth of information with AI's refined linguistic abilities, the resulting emails can be eerily tailored. A message could reference a recent publication, an attended conference, a vacation, or even subtly hint at personal milestones or achievements.
While some platforms incorporate safeguards against the creation of malicious content, not all AI tools are ethically aligned. Numerous open-source tools lack these protective mechanisms, making them prime candidates for misuse. In the hands of adversaries, these platforms can transform into potent tools, enabling them to orchestrate cyberattacks with unparalleled speed and precision.
However, it's essential to highlight that the cybersecurity community is not a passive observer of these transformations. Companies are already leveraging AI's potential for defense. For instance, training platforms are beginning to employ generative AI in their strategies, using AI-generated phishing emails to enhance employee training and awareness. The ethos is clear: to counteract AI-enhanced threats, AI-driven defenses are imperative.
The challenges we face are multidimensional. Beyond sophisticated emails, we anticipate the rise of deepfake technology, combining manipulated videos and voices. This will further blur the lines between authenticity and deception, making the discernment of threats even more challenging.
Simple Rules to Protect Yourself:
Stay Skeptical: Even if an email mentions personal details, don't immediately trust it. Cybercriminals leverage familiarity to make you drop your guard.
Verify Independently: If you receive an unexpected request, especially ones involving clickable links or attachments, verify it outside the email. Call or message the sender separately to confirm.
Guard Your Data: Avoid oversharing on social media. The less public data available, the harder it is for AI to craft a persuasive phishing email tailored to you.
Report Suspicion: If an email feels off, even if you can't pinpoint why, report it to your security team.
As we navigate this new terrain, vigilance and continuous adaptation are paramount. As AI reshapes the landscape of cyber threats, our strategies, both in defense and awareness, must evolve in tandem. While the road ahead is fraught with challenges, with innovation and collaboration, we can fortify our defenses against these emerging threats.
SQ Insight: Adam Brewer - CEO
QR Code Phishing Scheme Targets Prominent U.S. Energy Company
A recent cyber incident has brought attention to a concerning QR code phishing campaign targeting a prominent U.S. energy company. This campaign underscores the evolving nature of social engineering tactics and the necessity of caution within our interconnected digital landscape.
In this operation, attackers exploited the trust associated with QR codes. They embedded malicious QR codes within seemingly harmless emails, directing employees to counterfeit websites resembling legitimate ones. Once on these sites, employees were deceived into revealing sensitive information, potentially leading to data breaches and network compromises.
This event highlights the ongoing need for continuous cybersecurity awareness and education. As users become more adept at recognizing common phishing tactics, threat actors are quick to adapt with new methods to circumvent such awareness. While a vigilant user might inspect link URLs to avoid malicious destinations, attackers employ QR codes that are unreadable to humans, hidden within convincingly branded emails. This tactic aims to obscure the true destination and intentions.
The aftermath of this campaign underscores the importance of robust threat detection and real-time monitoring. Given attackers' increasing sophistication, it's essential to possess a comprehensive understanding of the typical behavior within your organization. By knowing what normal looks like and having the capability to identify abnormal the moment it happens, organizations are empowered to intervene before an issue can escalate.
This QR code phishing attack serves as a reminder that cyber threats consistently evolve. By cultivating a culture of cybersecurity awareness and implementing proactive defense strategies, organizations can enhance their resilience against emerging tactics and safeguard their digital assets.
SQ Insight: Chris Ellerson – Director, Client Experience
