Category: Blog

Cyber Insurance Market: Carriers Navigating through a Changing Risk Landscape

With increased cyber attacks and data breaches post-pandemic, cyber insurance to protect against the rising digital threats is growing in demand. Cyber insurers can benefit by partnering with service providers to seize opportunities for growth and profitability in this fast-growing market. Read on to learn how.     

Cybersecurity continues to be a top priority for enterprises across all industries, primarily driven by increased cyber attacks and data breaches in the wake of COVID-19. Enterprises are increasingly strengthening firm-wide cyber defenses and turning to cyber insurance as a mitigating measure to counter the rising threats in today’s increasingly digitized world.

In particular, the pandemic has accelerated the severity, frequency, and complexity of ransomware attacks. Data from the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) suggests the total value of suspicious activity reported in ransomware-related incidents during the first six months of 2021 was US$590 million, more than the US$416 million reported for all of 2020. The frequency has also gone up, with 658 ransomware-related suspicious incidents being reported during the first six months of 2021, representing a 30% increase from the total reports filed for 2020.

Costs associated with cyber attacks also are rising. According to the IBM Cost of a Data Breach Report, the average data breach costs rose from US$3.86 million to US$4.24 million in 2021.

All of these factors have led to a substantial increase in cyber insurance pricing across the world. An analysis by Marsh shows US cyber insurance pricing increased 96% year-over-year during the third quarter of 2021, which also represented a 40 percentage point increase from the second quarter of the year.

1 1

Image 1: US insurance market pricing change – overall commercial vs cyber insurance segments

US cyber insurance market provides significant growth opportunities

Direct premiums for US-domiciled insurers stood at US$2.75 billion in 2020 – less than 1% of the overall direct written premium in the US property and casualty (P&C) insurance market – reflecting the runaway growth in cyber insurance. This segment has also grown at a decent pace over the last five years, registering a compound annual growth rate (CAGR) of 13.3% during that period.

Standalone cyber insurance policies are gaining prominence and have seen faster adoption than packaged policies sold as add-ons to other insurance products/policies. This can be attributed to enterprises’ need for broader coverage and a better understanding of policy terms and costs.

While most carriers have mainly serviced corporate clients, they are now starting to focus on the retail segment by providing standalone cyber insurance products that have typically been sold as add-ons to homeowners insurance. For example, Chubb recently launched Blink, a new personal cyber protection offering that covers expenses related to identity theft, fraudulent wire transfer, cyberbullying, and ransomware extortion.

Insurers are also offering joint go-to-market (GTM) products to provide comprehensive cyber risk management solutions to enterprises. In 2021, Allianz and Munich Re partnered with Google Cloud to launch a solution for Google Cloud customers that combines the risk-transfer expertise of Allianz and Munich Re with Google’s security capabilities to provide clients tailored coverage.

Advent of insurtechs in the cyber insurance market segment

The insurtech space has recently witnessed increased activity where most newcomers are catering to specific segments like small to medium enterprises. Insurtechs are leveraging their tech capabilities to make the underwriting process more streamlined and automated while incumbents continue to face legacy issues.

However, insurtechs lack the capital resources of their traditional counterparts and hence are forming alliances with traditional insurers to combine their respective capabilities. Some insurtechs are also offering coverage on behalf of incumbents through the Managing General Agent (MGA) model.

  • Cowbell Cyber, a full-stack insurer providing cyber coverage to SMEs, raised US$100 million this March to expand its go-to-market channels and increase investments in data science, underwriting, risk engineering, and claims management
  • At-Bay, a cyber insurtech MGA, announced a partnership in September 2021 with Microsoft to offer data-driven cyber insurance coverage to Microsoft 365 customers

Challenges for insurers in a hardening cyber market

While cyber insurers have experienced significant top-line growth, profitability remains a major concern as payouts have outstripped premium growth. The increased payouts have led to higher loss ratios. The loss ratio for US cyber insurers increased from a 42% average during 2015-19 to 73% by 2020. Insurers are responding by narrowing the cyber coverage scope and limiting cyber capacity. They also are imposing sublimits for ransomware coverage and adding coinsurance requirements to cyber policies.

2

Image 2: Insurers narrowing cyber coverage scope and limiting cyber capacity

How can cyber insurers benefit from BPS partnerships?

Partnering with Business Process Services (BPS) providers can help cyber insurers in the following ways:

Providing underwriting talent: As the adoption of cyber insurance grows, it will also lead to higher volumes for carriers. Service providers can provide support by standardizing parts of the underwriting process to enable carriers to handle increased work volumes. This can include deploying straight-through processing by standardizing the intake process and applying rule-based engines for low-premium policies to free up time for underwriters to focus on larger policies. They can also take over non-core pre- and post-underwriting work and help create scalable Centers of Excellence (CoEs) at profitable locations.

 Enabling technology: As carriers tighten their underwriting requirements with an increased focus on analyzing enterprises’ history of ransomware incidents and cyber breaches, they will heavily rely on third-party tools and public data sources to evaluate the insureds’ level of risk. This provides an opportunity for service providers to work with carriers to provide such tools and applications to help them assess risks associated with a particular firm.

Ensuring compliance: Amid the ever-evolving cyber threat landscape, governments and regulators across the globe are introducing new cybersecurity-focused legislation. The US Congress passed a new cybersecurity law in March mandating critical infrastructure entities to report cybersecurity incidents and ransomware payments to the relevant authority within 72 and 24 hours, respectively. Service providers can support carriers on various compliance-related matters. While some providers have compliance-specific expertise in licensing and filings, others have dedicated teams for compliance review and obligations. Third-party BPS providers can leverage these resources and work with carriers to ensure compliance.

Partnerships critical to the cyber insurance market’s future

As carriers seek growth in the cyber insurance market, they will need to strike the right balance to also achieve profitability. At the same time, service providers will have to keep up with the evolving market and appropriately build their cyber capabilities.

By working together, carriers and service providers can address some of the current market challenges and capitalize on the opportunities in the cyber insurance space to achieve sustainable growth.

For more information, please read our comprehensive assessment of the players in the P&C Insurance BPS segment, Property and Casualty (P&C) Insurance BPS – Service Provider Landscape with PEAK Matrix Assessment 2022.

To discuss opportunities in the cyber insurance market, please reach out to Somya Bhadola at [email protected] and Dinesh Singh Udawat at [email protected] or contact us.

 

Konecta-Comdata Merger Creates a Business Process Outsourcing (BPO) Giant – What Does it Mean for the CXM Market?

The planned merger announced last month between Konecta, the leading provider of Spanish-speaking Customer Experience solutions, with Italy-based customer management provider Comdata will create the sixth-largest player by revenue in the customer experience Management (CXM) BPO sector. This consolidation will intensify competition in the attractive CXM market, with the combined entity commanding close to €2 billion in revenues and €300 million in EBITDA. Read on to find out what this big deal will mean.

Creation of a global champion

Comdata

Global CXM provider Comdata offers end-to-end management solutions (acquisition, retention, customer service, technical support, and credit collection) in 30 languages across four continents and 21 countries with its network of 50,000-plus agents. Headquartered in Milan, it served more than 670 clients in 2021, generating revenue of approximately €980 million.

Konecta

Konecta, acquired by Pacheco together with the company’s management team in 2019, is a leading tech-enabled end-to-end CX BPO player in the Spanish-speaking markets. It has successfully integrated different companies such as the Brazilian Uranet and the Spanish Rockethall group, reinforcing the company’s leadership in Artificial Intelligence, digital marketing, and big data solutions. In 2021, it generated revenue and EBITDA of approximately €918 million and €148 million, respectively.

Combined entity

Subject to approval by authorities, the merger is expected in the third quarter of 2022, creating a global CXM leader capable of providing the “best shoring solution” to local, regional, and global clients in 30-plus languages across industries such as finance and insurance, technology, telco, retail and e-commerce, utilities, and healthcare.

The combined entity will be headquartered in Madrid (Spain), jointly chaired by the CEOs of Konecta and Comdata. It will serve more than 500 large corporations across Europe and America, leveraging the expertise of 130,000-plus employees. According to a statement by the companies, “the new group has a solid financial structure and will take advantage of its position in Spain, Latin America, Italy, and France to deploy all its commercial and operational capacity in its strategic markets. In addition, it will have additional capabilities to fuel its growth in the North American market and throughout Europe.”

Key drivers of the merger

The advantages of this deal are:

  • Expansion in Latin American and Spanish markets: The combined entity will become the market leader in Spain and Italy with a strong presence in Latin American domestic markets such as Mexico, Colombia, Brazil, Peru, Guatemala, Argentina, and Chile. It will have over 500 large corporate clients in Europe and Latin America. The new company will enjoy the advantage of Konecta’s strong dominance in the Spanish market, where Konecta has been aggressively expanding in the past few years, especially by acquiring four different Spanish companies that were part of the Rockethall Group in 2020. In these markets, the joint company will have a significant role in telecom, BFSI, utilities and energy, the consumer goods sector, and several big tech and new economy global brands
  • Enhanced delivery capabilities in Latin America: Labor-cost pressures, the talent shortage in onshore North America, and the desire to relocate some offshore operations closer after the pandemic have increased Latin America’s attractiveness for nearshore delivery capabilities. Some of the latest examples include Transcom’s re-entry in Colombia; new sites opening in Trinidad and Tobago by Teleperformance, iQor, and Valenta BPO; and itel’s acquisition of Emerge BPO with employees in Guyana and Honduras. The combined entity will have strong nearshore delivery capabilities to support US clients, including 20 sites in Colombia and seven in Mexico, offering a multi-country delivery model across the entire LATAM region
  • Differentiated customers: Both Konecta and Comdata are leaders in their respective local markets. The majority of Konecta’s revenue comes from Spain, Portugal, and Latin American regions, with Comdata having a strong presence in Italy, France, and some Latin American countries. Overall, the client overlap between both service providers is very limited, reducing the revenue loss due to cannibalization
  • Operational synergies: Buyers’ preferences when outsourcing CXM have evolved from the traditional levers of cost and scale to now prioritizing digital CX capabilities, end-to-end integration, and value-added services in their portfolio. This merger will allow the sharing and cross-selling of certain specific CX transformation capabilities such as Comdata’s C-suite tools, expertise in Voice of the Customer (VOC), and consulting and operational redesign services with Konecta’s content and performance marketing and conversational commerce offerings. Through its Uranet subsidiary in Brazil, Konecta also owns platforms for customer journey orchestration, knowledge management, and contact center infrastructure

Competition among other global providers

 With US$2 billion in revenue and 130,000 agents, the combined entity gives tough competition to other global CXM providers such as Teleperformance, Sitel, and Concentrix. Below is a look at the capabilities of these global providers in comparison to the combined entity. 

Teleperformance Sitel Concentrix Konecta+Comdata
Revenue US $8.4 billion US $4.3 billion US $6 billion Approx. US $2 billion
FTEs 420,000+ 160,000+ 290,000+ 130,000+
Languages 265+ 50+ 70+ 30+
Countries served 170 40 40+ 24

 

Considerations for buyers

Although organizations have the best intentions to use mergers and acquisitions to supplement their organic efforts, they generally underestimate the risks such as failure to achieve synergies, lack of due diligence, and security and integration challenges. Business leaders have often recognized people, culture, change management, and communication as the top reasons for integration failure. Lack of adequate change management policies can affect the organization’s governance and accountability structure, cause stress and uncertainty for employees, and decrease productivity for businesses, ultimately impacting service quality and timely delivery.

Future outlook for the CXM market

With Sitel’s acquisition of Sykes and Webhelp’s acquisition of OneLink BPO and Dynamicall in 2021, the trend of consolidation among CXM market players is gaining traction. Consolidation enables service providers to work with large clients across multiple delivery countries and end markets, a capability that is rising in importance for CX clients. It also enhances service offering portfolios and technology capabilities by serving as a one-stop-shop for buyers for all CXM needs.

This deal also represents an opportunity for buyers to reexamine their vendor portfolio since certain service providers might now be better positioned to support their clients across multiple locations and processes, representing an opportunity to optimize their portfolio with fewer providers to achieve operational and cost efficiencies.

To discuss the CXM market landscape, please reach out to David Rickard, Vice President, BPS, [email protected], Divya Baweja, Senior Analyst, BPS, [email protected], or contact us.

You can also learn how expanding and developing businesses are attracting technology-focused workers to help execute existing and evolving digital transformation, adopt new processes, and innovate. Join our webinar, How to Effectively Attract and Drive Productivity within the Tech Workforce.

Hiring Advice in Light of Potential Recession

Although companies are experiencing growth now, the signs are clear that a US recession is coming and likely will be upon us within a year. The Fed is starting to take measures to reduce liquidity and raise interest rates. Typically, recessions cause companies to pivot from their growth agendas into cost-saving agendas – including layoffs of staff. But layoffs would be a mistaken approach to a recession this time around. This blog shares my advice for handling the labor situation in the recession we now face.

Read more in my blog on Forbes

Is AI Emotion Detection Ready for Prime Time?

Artificial Intelligence (AI) solutions that aim to recognize human emotions can provide useful insights for hiring, marketing, and other purposes. But their use also raises serious questions about accuracy, bias, and privacy. To learn about three common barriers that need to be overcome for AI emotion detection to become more mainstream, read on.

By using machine learning to mimic human intelligence, AI can execute everything from minimal and repetitive tasks to those requiring more “human” cognition. Now, AI solutions are popping up that go as far as to interpret human emotion. In solutions where AI and human emotion intersect, does the technology help, or deliver more trouble than value?

While we are starting to see emotion detection using AI in various technologies, several barriers to adoption exist, and serious questions arise as to whether the technology is ready to be widely used. AI that aims to interpret or replace human interactions can be flawed because of underlying assumptions made when the machine was trained. Another concern is the broader question of why anyone would want to have this technology used on them. Is the relationship equal between the organization using the technology and the individual on whom the technology is being used? Concerns like these need to be addressed for this type of AI to take off.

Let’s explore three common barriers to emotion detection using AI:

Barrier #1: Is AI emotion detection ethical for all involved?

Newly launched AI-based solutions that track human sentiment for sales, human resources, instruction, and telehealth can help provide useful insights by understanding people’s reactions during virtual conversations.

While talking through the screens, the AI tracks the sentiment of the person, or people, who are taking the information in, including their reactions and feedback. The person being tracked could be a prospective customer, employee, student, patient, etc., where it’s beneficial for the person leading the virtual interaction to better understand how the individual receiving the information is feeling and what they could be thinking.

This kind of AI could be viewed as ethical in human resources, telehealth, or educational use cases because it could benefit both the person delivering the information and those receiving the information to track reactions, such as fear, concern, or boredom. In this situation, the software could help deliver a better outcome for the person being assessed. However, few other use cases are available where it is advantageous for everyone involved to have one person get a “competitive advantage” over another in a virtual conversation by using AI technology.

Barrier #2:  Can discomfort and feelings of intrusion with AI emotion detection be overcome?  

This brings us to the next barrier – why should anyone agree to have this software turned on during a virtual conversation? If someone knows of an offset in control during a virtual conversation, the AI software comes across as incredibly intrusive. If people need to agree to be judged by the AI software in some form or another, many could decline just because of its invasive nature.

People are becoming more comfortable with technology and what it can do for us; however, people still want to feel like they have control of their decisions and emotions.

Barrier #3: How do we know if the results of emotion detection using AI are accurate?

We put a lot of trust in the accuracy of technology today, and generally, we don’t always consider how technology develops its abilities. The results for emotion-detecting AI depend heavily on the quality of the inputs that are training the AI. For example, the technology must consider not only how human emotion varies from person to person but the vast differences in body language and non-verbal communication from one culture to another. Users also will want to consider the value and impact of the recommendations that come out of the analysis and if it drives the desired behaviors that were intended.

Getting accurate data from using this kind of AI software could help businesses better meet the needs of customers and employees, and health and education institutions deliver better services. AI can pick up on small nuances that may otherwise be missed entirely and be useful in job hiring and other decision making.

But inaccurate data could alter what would otherwise have been a genuine conversation. Until accuracy improves, users should focus on whether the analytics determine the messages correctly and if overall patterns exist that can be used for future interactions. While potentially promising, AI emotion detection may still have some learning to do before it’s ready for prime time.

Contact us for questions or to discuss this topic further.

Learn more about recent advances in technology in our webinar, Building Successful Digital Product Engineering Businesses. Everest Group experts will discuss the massive digital wave in the engineering world as smart, connected, autonomous, and intelligent physical and hardware products take center stage.

Increased Deal Activity in Revenue Cycle Management (RCM): What is the Winning Formula? | Blog

Health systems are increasingly seeking competitive proposals post-pandemic to outsource Revenue Cycle Management (RCM) and get the best prices and innovation in contracts. Learn what enterprises want and how providers can win these RFPs. 

Why has outsourcing gained traction in the Revenue Cycle Management (RCM) market?

The hospital revenue cycle process was not immune to the many changes COVID-19 brought to the US healthcare provider ecosystem, causing health systems to significantly shift operations to survive.

Challenges such as financial pressure, regulatory changes, the quality care and patient experience focus, and digital penetration pushed health systems – who traditionally prefer to keep operations in-house – to look outside for support. This drove more than 10% year-over-year growth in sourcing in the RCM market in 2021, and the strong contracting activity continues to gain traction this year.

Several health systems, including MarinHealth, Baptist Health, SSM Health, and Bassett Healthcare, have entered into outsourcing agreements with third-party vendors. However, unlike most past arrangements when sole-source was the dominant sourcing model, RFP-led sourcing is now the preferred model for healthcare providers in the post-pandemic world.

Exhibit 1: Split of new Revenue Cycle Management (RCM) services deals in 2021 – sole-sourced versus RFP-led

Picture1

Source: Everest Group’s coverage of 32 major RCM services outsourcing providers

Why do healthcare providers prefer RFPs?

Key factors driving health systems towards a competitive route over sole-sourced are:

  1. Unlike the pre-COVID era, when outsourcing was, typically, limited to a revenue cycle function or segment, the new deals coming in the Revenue Cycle Management (RCM) market are broad-based and many times encompass the end-to-end revenue cycle needs of healthcare providers. Given the size and scale of such deals, healthcare providers prefer the competitive route to get the best possible deal
  2. While cost used to be the primary decision-making driver, health systems are now emphasizing deal aspects such as innovative pricing (wanting third-party providers to have skin in the game) and offering diversified delivery network, innovation pool commitment, and compatibility with existing infrastructure, including experience of working with platforms such as Epic
  3. With hundreds of outsourcing providers in the RCM market, health systems know they can shop around to get the best deal

Key decision-making parameters for health systems in a competitive bid

Healthcare provider enterprises are looking for service providers who can provide end-to-end services covering the entire gamut of Revenue Cycle Management (RCM), rather than discrete, siloed services.

From a decision-making perspective, below are some of the key parameters that enterprises look for when selecting a potential service provider, along with their relative importance rated on a scale of 1 to 10:

Exhibit 2: Level of importance of key buyer decision-making parameters for outsourcing Revenue Cycle Management (2021)

Picture2

Source: Everest Group’s coverage of major Revenue Cycle Management (RCM) providing enterprises

Service providers need to pay special attention to how they position themselves effectively in the extremely competitive RCM market. The two main levers determining a winning proposal are:

  1. High-quality, well-structured proposals that demonstrate a deep understanding of the client’s needs
  2. Commercial proposals that are well aligned with the client’s budget and offer flexible payment terms

 

As competitive RFPs rise in the RCM market, providers who can create a differentiated value proposition and align their strategies with the enterprise’s vision will succeed in securing these lucrative deals.

To discuss Revenue Cycle Management (RCM) reach out to us at [email protected], [email protected]rp.com, or contact us.

Learn more about RCM operations in the healthcare industry in our video, Revenue Cycle Management RCM Operations – Emerging Opportunities & Strategies.

Strategies to Expand Labor Pools Today and in a Recession | Blog

In today’s hot labor market, with a difficult gap between talent demand and available resources, companies must try to widen the area where they can recruit workers, and hunt for labor pools in new, smaller markets. Google and other tech companies are reaching out to labor markets on the West Coast and in small markets in remote cities. FedEx and other large companies are investing in expensive TV ads to reach workers in non-traditional labor pools. However, the signs are clear that a recession will be upon us in months, and the new strategies for expanding a labor pool often have long run times. What are the best approaches to expand labor pools now?

Read more in my blog on Forbes

Invest to Grow or Invest in Efficiency? | Blog

Most IT technology in organizations focuses on helping to improve the efficiency of the organization. However, as digital transformation takes hold, we can now see that a significant portion of these new IT investments focus on building technology platforms that allow organizations to compete for customers. These new “growth-focused” investments behave differently than their efficiency-focused cousins. They create a more dynamic relationship between technology and the business and evolve at a faster rate, often in less predictable ways. This new relationship between the business and technology increasingly calls for a different governance, investment, and management philosophy.

Building a Resilient Supplier Cyber Risk Management Strategy | Blog

Sharing sensitive data with outsourcing providers in today’s interconnected digital world has increased organizations’ vulnerability to cyberattacks, making it more important than ever to have an effective supplier cyber risk management strategy. To protect against threats, read on to learn the best practices for supplier cyber risk management.  

In today’s risky and interconnected environment, it has become essential for organizations to have a supplier cyber risk management strategy to identify, protect, detect, respond, and recover from supply chain cyberattacks.

The critical importance of relationships with outsourcing service providers has been amplified by the pandemic and recent geopolitical turmoil due to the Ukraine-Russia crisis. Outsourcing suppliers now play a vital role in running business operations, and these partnerships have grown more sophisticated.

With data sharing between the two parties increasing multifold, organizations have greater exposure to ransomware attacks, phishing, denial-of-service, and other cyberattacks.

Depending on the sensitivity of data shared with suppliers, the potential risk of data loss can impact an organization’s business operations – making it essential to develop a supply chain cyber risk management plan to protect from significant financial and operational impacts.

Not having a formal supplier cyber risk management strategy can cause compliance issues. With scrutiny on global supply chains intensifying, a lack of supplier insights can lead to government regulation violations, resulting in financial losses and tarnishing an organization’s brand.

As suppliers have access to sensitive and business-critical information, managing permissions and protecting data from unauthorized access, misuse, and data loss become crucial.

Further, many other risks exist from a supplier’s operational perspective, including issues related to geopolitics, bankruptcy, and macro risks. Organizations should have complete supply chain visibility to rapidly respond to susceptibilities and disruptions at the supplier’s end.

All of these factors can have a long-lasting impact on an organization’s image and reputation, potentially deteriorating customer loyalty and trust. Hence, having a resilient supplier cyber risk management strategy that includes visibility, transparency, clear communication, and collaboration has become non-negotiable for organizations.

The Everest Group risk management matrix

Let’s take a look at the different risk scenarios and their remedial measures below:

Picture2 1

Exhibit 1: Everest Group Supplier Management Toolkit: Risk Management in Outsourcing

Best practices for developing a supplier cyber risk management strategy

Developing a Supply Chain Risk Management (SCRM) program is indispensable for organizations as they become increasingly vulnerable to supply chain attacks.

Currently, the risk management focus in outsourcing is limited to compliance requirements such as the Sarbanes-Oxley Act (SOX), Service Organization Control (SOC) certifications, industry-specific compliances such as Health Insurance Portability and Accountability Act (HIPAA) and Health Information Trust Alliance (HITRUST), and criminal background verifications.

Other vital factors such as geopolitical and offshoring risks have not yet become key executive priorities. Further, as more companies lean on service providers to drive digitalization and corresponding transformation in their outsourced processes, organizations rarely try to identify potential risks and establish associated mitigation/contingency plans.

Some industry best practices such as ISO/IEC 27036:2013 and the NIST Cybersecurity Framework have been updated to include information security for supplier relationships, highlighting the importance of SCRM in corporate security. In terms of cyber security, this involves:

  • Defining cyber security requirements and measures that apply to suppliers based on their risk category
  • Enforcing these requirements via formal agreements (e.g., contracts) to ensure suppliers enter a binding commitment
  • Verifying and validating communication and access from and to suppliers
  • Ensuring effective implementation of cyber security requirements
  • Managing and supervising the above activities periodically

To optimally engage with and manage suppliers, the entire supplier life cycle should be organized into these three phases:

  1. Before and during the contracting phase – Screening suppliers before onboarding is essential for organizations to assess financial, operational, and reputational aspects. Procurement heads need to carry out background checks to ensure suppliers’ compliance status and performance viability. An exhaustive contract with legally binding responsibilities related to cyber security for both the organization and its suppliers should be created. This contract should define fundamental and high-level security requirements and privacy-based controls for supplier relationships at every point in the life cycle
  2. During the ongoing relationship – Once suppliers are onboarded, organizations must track all assets suppliers can gain entry to in a central repository. Customers should categorize suppliers into different risk classes based on how critical the information is to further define appropriate cybersecurity controls. These controls should be continuously evaluated to ensure adherence
  3. After the termination of the relationship – Offboarding a supplier requires disabling its logical and physical access, removing access to any data, and destructing it to ensure the supplier doesn’t hold any sensitive data. This phase also requires ensuring no severity incidents are pending and facilitating proper handoff between suppliers

Prevalence of risk management processes in the supplier life cycle

How common is it for organizations to have established risk management processes in each of the third-party life cycle steps? Our polling results show while most organizations have these safeguards in the first stage, fewer use them in later phases, as illustrated below:

Picture1 2

Exhibit 2: Everest Group’s Webinar Quick Poll (Could Your Business Partners Be Offering More Risk than Support?)

The supply chain for almost any organizational procurement activity can be the target of cyberattacks, either by going after the supply chain or the supplier’s/organization’s systems, once they are integrated.

More complex and sophisticated attacks are often left undiagnosed or unreported, making them potentially more disastrous for enterprises. At different points in the supplier management life cycle, stakeholders across organizations will have the primary responsibility for establishing and maintaining effective supplier cyber security controls.

Vigorous governance is required to ensure relevant stakeholders are responsible at the right time to guarantee optimal and best efforts are made to combat any cyber threats. To complement this governance, a strong collaborative culture across different departments is needed to drive continuous improvement.

Learn how to create an effective program for your organization in our executive brief on Cybersecurity Risk Management in the Supplier Life Cycle, part of our supplier management toolkit.

Please reach out to [email protected] to gain further insights on supplier cyber risk management or Contact Us.

Discover even more about cybersecurity in our current environment in our webinar, Cybersecurity: What You Need to Know to Find the Right Partner and Price.

4Cs to Successfully Attain Business Agility in GBS Organizations | Blog

Business agility has emerged among leading Global Business Services trends as a key driver for growth, innovation, and business excellence. Attaining business agility requires new ways of thinking and working. To learn more about the 4Cs (commitment, collaboration, competence, and construct) that can help GBS organizations rapidly respond to market changes and emerging opportunities, read on.

Looking at the latest Global Business Services trends, business agility is a key lever driving cost optimization, improved operational efficiency, accelerated digital transformation, higher revenue impact, improved customer experience, and other positive business impacts. Mature GBS organizations are increasingly reaping the benefits of agility, often reacting, and adapting to changes and challenging situations faster than ever before.

But business agility doesn’t prioritize speed over quality. Being agile doesn’t deteriorate quality, limit documentation, or micromanage. Business agility is an organization’s ability to rapidly adapt to the market and environmental changes productively and efficiently. Organizations who think lean and embrace agility or possess a Lean-Agile mindset are proving they can overcome challenges and seize emerging opportunities quicker than their competitors.

4Cs to successfully attain business agility in GBS organizations

Through our research with mature GBS organizations, Everest Group has identified 4Cs to attain business agility success as shown below:

Picture1 1

Exhibit 1: Everest Group

GBS organizations need to possess the following characteristics to reach business agility:

  • Commitment
    • Change the mindset and increase risk tolerance (over 50% of companies believe resistance to change impedes their progress towards achieving complete agility)
    • Evolve the organizational culture to scale the agile model
  • Competence
    • Focus on talent management by taking an empathy-based approach to leadership and hiring team players
    • Invest in roles for the future and nurture specialist talent
  • Collaboration
    • Leverage internal social tools to drive transparent collaboration across the organization
  • Construct
  • Ensure autonomy and evolve the operating model to avoid getting stuck in existing models and being unable to innovate and realize the true potential of agility
  • Establish open communication channels and/or build a bottom-up communication channel

A shift to agile work

With enterprise expectations evolving and GBS organizations becoming strategic business partners driving higher value and impact, adopting agile work methods has become an urgent need.

Traditional work ways have visibly shifted to an agile mindset. Let’s look at how the 4Cs translate to the new agile approaches as illustrated below:

Graph 2

Exhibit 2: Everest Group

Business agility – the path forward for GBS centers

With enterprises viewing GBS as the hubs for innovation, digital transformation, and change, integrating agile working methods will help GBS centers deliver value-based outcomes productively and efficiently. This also will enable different GBS centers to operate as a cohesive network, benefiting from each other’s best practices. In today’s rapidly changing times, business agility is the path forward for GBS organizations.

To learn about how GBS centers are implementing agility across their operations, read our report 4Cs of Success to Attain Business Agility in GBS Organizations. Please reach out to Aditi Bansal ([email protected]) and/or Meghna Thomas ([email protected]) to share your experiences or discuss Global Business Services trends.

To find out if your GBS is organization evolving to create superior value, take our GBS Evolution Personas Framework assessment.

Technology Service Providers’ Conundrum: Cloud Good for Growth, Not for Their Leadership | Blog

Leaders of cloud development at technology service providers are often seen as stars, leaving executives in charge of traditional segments feeling left out and unnoticed. The C-Suite needs to recognize the important contributions business units and their leaders play to the company’s overall growth and future success. Read on to learn the actions “non-cloud” business leaders should take to be sure they get the company investment, attention, and rewards they deserve. 

What describes the current cloud landscape for business at technology service providers

In our market observations, one aspect has become very common. Leaders at technology service providers who are driving cloud business development for their firms are witnessing much stronger professional growth in the organization than others.

Businesses always value and reward people who are part of fast-growing markets. Given that cloud business for technology service providers is growing two to five times more than overall company growth, it is the cynosure of discussions, investments, and leadership promotions. However, it is also creating challenges for C-level executives in terms of managing the morale of other “non-cloud” leaders.

As a result, we see some segments are now led by “lesser title” executives than in the past. Even if senior leaders run these businesses, they do not get the needed attention and investments from the C-suite. These units quickly become the cash cows that need to drive other high-growth business, such as cloud, which are subtle indications from top management around companies’ priorities.

What are non-cloud leaders doing?

Leaders driving traditional segments are partnering with cloud leaders to drive business. However, they also realize they need to play “second fiddle” in this partnership. Though the cloud business probably needs these segments more than vice versa, the cloud business becomes the fulcrum around which the partnership revolves.

This is forcing technology service providers to rethink the organizational structure of these segments. Some of them are or will embed these segments into different units instead of running them as standalone practices. Many leaders who were part of transformational offerings (e.g., modernization, platforms) have changed their roles now to align with cloud business units.

However, this is not enough, and the non-cloud leaders know it.

What should C-level leaders do?

Top management focuses on the overall growth of the firm. Cloud will continue to receive significant focus and investments from the C-suite because of the benefits of cloud technology to the business. However, the C-suite is failing to realize that the cloud business cannot be seen as an antagonist and other leaders should not feel excluded.

Although C-level executives have aligned non-cloud leaders’ incentives, growth, and influence areas based on capabilities, focus, and aspirations, they must design better models to engage them. They need to understand that cloud business development relies on the success of these other units that bring 50-80% of their top line.

While the cloud business at technology service providers acts as a “nodal agency,” it is unable to influence capability building across the organization. The key reason is because non-cloud leaders are unwilling to collaborate beyond the bare minimum because they see their personal growth being stifled even if they make the cloud business succeed.

We believe technology service providers who can solve this complex organizational structure problem will accelerate their overall business and cloud growth faster than their peers. As newer concepts of Metaverse, Digital Twins, Artificial Intelligence (AI), and composable businesses accelerate and large spend areas such as supply chain, networks, employee engagement, sustainability, and customer experience get disrupted by cloud, it will become even more important.

However, cloud will not be front and center before the strategy but an enabler for overall business outcome. Therefore, C-level leaders need to nurture their leadership outside of the immediate cloud business to prepare their organization for future success. Failing to do so may result in near-term growth for cloud business development but bring long-term challenges for the overall organization.

What should non-cloud leaders do?

  • Stake claim to the high table: Have the courage to speak up about the importance of your service line. Educate top management about how underinvestment in your business impacts the overall firm. Continue to collaborate with cloud leaders but build deep relationships where you are an equal partner instead of being in the back seat
  • Make your portfolio exciting: Leaders should make their management style and offering portfolio enticing. Unfortunately, most confuse their run the business innovation as exciting, which it is not. They should focus on revamping their offering portfolio, drive positive messages across team members about the impact they are creating, and create internal events for people to feel connected and motivated
  • Invest beyond run the business: Many leaders have almost given up on the hope of growth investing in their business. Some of it is a result of top management’s lack of interest, but in large part is due to the internalization the non-cloud leaders have of this apathy. These leaders need to build a stronger case for investments in their segments, link it to overall firm performance, and provide detailed insights into how their business is adding to cloud momentum
  • Quit: If the leaders continue to get short shrift in their organization, they should proactively look at opportunities outside their company. Smaller and niche companies are always seeking a growth-centric C-suite and will be happy to engage with them. In these companies, executives can create their charters and show the value add they can bring

What is your take on cloud business development at technology service providers? Please reach out to us at [email protected], [email protected], or contact us.

With the rapid pace of change and push toward digital adoption, enterprises need to identify the right vendors, determine the right price, and keep up with evolving operating models. Learn more in our webinar, Cybersecurity: What You Need to Know to Find the Right Partner and Price.

Request a briefing with our experts to discuss the 2022 key issues presented in our 12 days of insights.

Request a briefing with our experts to discuss our 2022 key issues

How can we engage?

Please let us know how we can help you on your journey.

Contact Us

  • Please review our Privacy Notice and check the box below to consent to the use of Personal Data that you provide.