News

The Rise Of Digital Transformation And Its Impact On The Economy

Posted on by info

Digital Transformation in the Pandemic and Post-Pandemic Era

If there were any lingering doubts about the necessity of digital transformation to business longevity, the coronavirus has silenced them. In a contactless world, the vast majority of interactions with customers and employees must take place virtually. With rare exception, operating digitally is the only way to stay in business through mandated shutdowns and restricted activity. It’s go digital, or go dark.
 
This digital mandate isn’t new; it’s simply been brought into sharp focus. Prior to the pandemic, a paradigm shift towards digitization and servitization of the economy was already underway. Current events have accelerated the paradigm, as evidenced by the marked shift in spending towards digital businesses.

And this is just the beginning.
 
The pandemic is a reality check for businesses that have been reluctant to embrace digital transformation and now find themselves woefully unprepared. On top of the stress of potentially health-compromised employees, a sudden and dramatic drop-off in demand and total economic uncertainty, these digital laggards are now scrambling to migrate their operations and workforce to a virtual environment. While fast and furious is the name of the game when it comes to digital innovation, fast and frantic can lead to mistakes.  
 
On the other hand, businesses that had not only developed digital strategies but executed on them prior to the pandemic are now in a position to leapfrog their less nimble competitors. That isn’t to understate the COVID-19-related challenges they now face, irrespective of their current level of digital maturity.  Going digital in and of itself isn’t a panacea to all that ails businesses in the current economic environment. They do, however, have significantly more tools at their disposal to not only weather the storm, but to come out the other side stronger for it.
 
Don’t write off the digital laggards just yet, however. Crisis breeds ingenuity, and good ideas put into practice can propel any business to breakout performance. Organizations that rest on their existing digital laurels can be surpassed by those that invest in adapting their digital capabilities for the post-coronavirus future—a future that looks very different from the world pre-pandemic.

Spotlight: The Digital Advantage

Organizations that embrace digital solutions have greater resiliency in the face of adversity—and a leg up on the competition that will enable them to recover faster and pivot from playing defense to chasing growth.
 

 Efficiency advantage:They harness digital technologies to streamline operations and automate manual processes—resulting in greater speed, less waste and more focus on revenue-generating activities.
   
 Productivity advantage:Their employees were already set up to work remotely, so their focus is on leveraging collaboration technology and tools to maximize workforce productivity and sustain company culture.
   
 Security advantageThey are better prepared for and more resilient to the proliferation of cyber threats in the current environment.
   
 Customer advantage:They mine customer data to monitor for shifts in demand and uncover emerging customer needs.
   
 Agility advantage: They leverage data-driven insight to make decisions faster and act on them faster. They have built-in cultural flexibility to adapt or change course at any point.

New Reliance on Digital Solutions During COVID-19

Under COVID-19, the world has, by necessity, gone into isolation. Social distancing is currently the most effective way to slow the spread of the virus until a vaccine can be found to protect the population. As a result, anything that relies on human-to-human contact–which is to say, most aspects of our lives–must be amended to account for the dangers of the virus.
 
Digitization has stepped in to bridge the gaps left by mandated shutdowns and social distancing measures. Without digital tools and technologies, we would have no way to work, shop, go to school, and more.
 
Let’s take a closer look at how digitization is keeping society–and businesses–afloat during the pandemic:
 

  • Remote Work: Before the pandemic, only 30% of U.S. employees worked remotely 100% of the time, according to Owl Labs. For the other 70%–including the 38% of the total U.S. workforce that only worked on-site—the transition to working remote full-time has been a shock to the system—figuratively, and in some cases, quite literally, when user demand has exceeded system bandwidth. But the silver lining is that with such a high percentage of the working population now remote, digital collaboration is improving in leaps and bounds, both in terms of the sophistication of the tools to facilitate it and workers’ level of comfort with it.
  • Omnichannel Commerce: As many physical business locations are shut down, consumers are turning to online shopping to meet their needs, even those who had historically been reluctant to do so. In particular, grocery delivery services, such as Instacart, have been in high demand. Consumers can choose their groceries, pay online, and leave feedback all on one convenient app. Businesses are blending the physical and the digital to provide for their customers through delivery methods such as curbside pickup and contactless delivery. Physical-digital integration is more important now than ever before.
  • Digital Content Consumption: Homebound consumers are turning to digital content providers to meet their entertainment needs. 51% of internet users worldwide are watching more shows on streaming services due to the coronavirus, according to data from Statista. Netflix alone saw 16 million new signups for its service in the first three months of 2020.  Meanwhile, many film studios have been pushing new releases to streaming services early to captive audiences.
  • Platformification: Institutions and organizations of all types are trying out digital platforms to stay above water during the pandemic. The fitness industry has shifted to holding virtual classes on streaming services, both live and pre-recorded. Almost every school, from elementary schools through graduate programs, have shifted to online courses. Large-scale conferences and events are being held virtually. The NYSE has moved entirely to online trading. While some businesses will revert to their traditional models when the crisis abates, others may opt for a hybrid approach as they recognize the benefits of recurring revenues.
  • Digital Health Solutions: Much of America’s healthcare system has gone digital to alleviate some of the strain imposed by the coronavirus. Telemedicine and remote diagnostics are helping patients get medical advice and diagnoses at home so they don’t need to come in to the doctor’s office or hospital, and 3D printing is being used to expedite the production of critical medical supplies, such as PPE. In the absence of a vaccine or proven treatment, the best preventative medicine is information-sharing. Digital contact tracing has already been used to effectively slow the spread of COVID-19 in East Asia. The technology itself is at least a decade old but has struggled to gain traction in the Western world where views on privacy have been prohibitive. Whether American citizens (and those that govern them) will be willing to trade individual privacy rights for the greater public good remains to be seen, but there may be more leniency around data collection going forward.

 
The pandemic serves as a widespread test case for the effectiveness of these digital solutions, many of which will be permanent fixtures and lead to long-term changes for many businesses.
 

The Case for Digital Transformation in Crisis

The economy is now mired in a downturn, which may outlast the current (and hopefully sole) wave of the pandemic. Some organizations may be inclined to retrench on their digital transformation plans, as part of a broader belt-tightening agenda. A good cost reduction program focuses on trimming the fat without cutting away the essential parts of the business that are necessary to sustaining current levels of business performance. If we view an organization as a living organism, digital transformation powers the backbone, muscle, brain and heart of the organization. Halting digital innovation efforts in crisis will significantly compromise overall business health.
 
Though it may seem counterintuitive, crisis is the ideal time to double down on digital transformation. Rather than putting digital transformation plans on hold, organizations need to go all in.
 
It shouldn’t be prohibitively expensive. Many businesses are understandably reluctant to loosen the purse strings in the current environment of uncertainty. While digital transformation is often viewed as a massive upfront investment in long-term results, it doesn’t need to be. Some of the most successful transformation projects start with low-cost pilots and limited resources that are scaled up once the kinks are worked out and the results are proven. Done in the right way, digital transformation can be self-sustaining, with each incremental improvement paying for the next leg of the journey.
 
You can actually save money. Past recessions show that controlling costs by improving operational efficiency—a task for which digital solutions are perfectly suited—is more effective in sustaining businesses through financial turbulence than traditional cost-cutting measures alone. For example, companies that rely primarily on workforce cuts to manage costs only have an 11% chance of “breakaway performance” coming out of a downturn, whereas companies that focus on operational efficiencies over layoffs are more likely to experience breakaway performance, according to research from Harvard Business Review.
 
The biggest efficiency play is automation. With automation projects, ROI is realized near-instantaneously, offsetting the upfront investment. Robotic process automation allows organizations to automate certain types of work processes to reduce the time spent on costly manual tasks and reallocate resources elsewhere. The economics of automation are simple: the same work is performed faster and with fewer mistakes, while human capital resources can be redeployed to higher-value tasks or to fill critical gaps. More sophisticated machine learning tools can be used to identify and address unforeseen areas of waste.
 
Business reinvention isn’t always a choice. Many businesses are experiencing devastating financial consequences from the pandemic, whether because of supply chain impacts, forced shutdowns, a significant pullback in consumer spending, or all of the above. Consumer discretionary manufacturers and retailers, oil and gas companies, and the service industry are among the sectors that have been struck the most grievous blows. To avoid catastrophic revenue losses, these companies have no choice but to shift focus to their business’s existing digital channels or make a bigger pivot to a digital business model. But again, there is a silver lining: The innovations that are made out of necessity could become lasting pillars of the business that help it to thrive well beyond the pandemic.  

There will be no “return to normal”. The coronavirus is permanently reshaping the way we live and work. Some of the behaviors developed in crisis—including wide-scale digital adoption—will outlast the pandemic, well after restrictions on activity are lifted. To stay competitive, organizations must respond to these behavioral changes and meet emerging customer demands. Savvy organizations will focus now on leveraging advanced analytics to extract insights from their customer data and continue internal and external data integration efforts to develop a more holistic view. Detecting those signals of change early will be crucial to optimizing the customer experience and redefining customer value propositions in line with evolving preferences and needs.
 

COVID-19 Trends Here to Stay

  • Remote Work Arrangements
  • Digitization of Customer Service
  • Shift to e-Commerce
  • Greater Use of Self-Service
  • Contactless Delivery Options
  • Outsourced IT
  • Customers Focusing on Spending Less and Saving More
  • Increased Focus on Safety, Cleanliness and Health
  • Bulk-Buying and Stockpiling
  • Use of Online and On-Demand Platforms

Summary Digital transformation is more necessary during this crisis, not less. But that doesn’t mean it will look the same as it did before the pandemic. Resources—both in terms of talent and money—will likely be constrained. Digital initiatives may need to be reprioritized based on relevance in the current environment. New problems and opportunities may come to light with greater urgency. For some businesses, the forces of disruption may be so great that the long-term strategic vision will need to be overhauled. And any digital transformation roadmap that does not deliver value at every increment will need to be reimagined. The key is continuing to experiment and innovate with digital solutions front and center. With the right approach, businesses can come out of the fray stronger, more agile, and more customer-centric than before.

ESOP Financing Amid COVID-19 Pandemic

Posted on by info

A seller-financed ESOP transaction provides a viable, flexible path to liquidity amid novel coronavirus, or COVID-19, uncertainty and a potential cashflow lending freeze.

As the popularity of using an Employee Stock Ownership Plan (ESOP) as a liquidity and exit strategy has grown, so too has the number of financing sources available for ESOPs. Companies that operate with a reasonable level of debt and demonstrate consistent earnings could reasonably expect to be able to source outside funds to partially or fully finance an ESOP transaction. The most common source of outside funding is commercial banks, although recently, private equity and mezzanine capital providers have shown interest in ESOP companies’ ability to shield cash flow from tax.

ESOP deals most commonly fall under a bank’s cash flow lending arm, meaning there is a collateral shortfall. In a typical cash flow loan, banks underwrite to the company’s historical cash flows, although a company’s projection and growth expectations are also important. However, a bank’s appetite to lend into ESOP deals is not immune to typical market fluctuations. The availability of cash-flow loans (as opposed to asset-based loans with no collateral shortfall) is more susceptible to market downturns, as bank policies can lead to lower leverage multiples, higher interest rates, shorter amortizations, or even a complete loss of interest in funding. Seller-financed ESOP transactions offer an attractive and flexible path to liquidity when cash flow loans from banks are scarce.      
   
While most ESOP transactions involve at least some portion of seller-financing (the selling shareholders take a note back from the company in lieu of third-party debt), many businesses and business owners have discovered the advantages of 100% seller-financed deals. A 100% seller-financed ESOP is typically structured to mirror a transaction that uses outside debt, meaning two separate tranches of debt (some may have more, but two is most common). The first, or senior, tranche of seller debt has features similar to an outside senior note, such as a five to seven-year amortization, interest rates pegged to benchmarks, and some level of excess cash flow sweep. The second, or junior, tranche mirrors traditional subordinated debt terms. This may include interest-only payments while the senior tranche is outstanding, 10 to 15-year amortization, and a higher interest rate. Because the junior tranche is owed a higher rate of return than the senior tranche (for the greater risk undertaken), owners can still elect to take detachable warrants as part of their overall junior subordinated note package if they are willing to reduce their cash pay interest rate. Warrants are often referred to as a “second bite of the apple,” and any increase in their value is taxed at the capital gains rate upon exercise (whereas interest income is taxed at ordinary income rates).

The two-tranche seller finance ESOP transaction can be quite attractive due to its flexibility for both the owners and the company. A former owner may have one tranche of first security payments in a shorter term, while also having a tranche of higher-return payments over a longer term. Companies with multiple selling shareholders can especially take advantage of the two-tranche seller finance deal, as owners do not need to share in both tranches pro-rata. If, for instance, one or two owners are older and wish to receive payments quicker, they can elect to take more of the senior tranche, while younger owners who want to share more in the upside of the business through warrants can take a larger stake of the junior tranche. The flexibility of a seller-financed deal also extends to the Company, as it could elect to forego payments if future cash flow gets tight or make prepayments when cash flow is robust.

Another advantage of a seller-financed deal is that it may offer significant liquidity post-transaction. If a company chooses to structure a seller-financed deal due to a tight credit market and those conditions improve in a year or two, the company and its owners can look to refinance seller notes with an outside lender at any time. Furthermore, the company and its owners can look to refinance whenever they believe the timing is best for them. For instance, if an owner has an unexpected or sudden need for cash, they, along with the company, can look for a lender to refinance them out of a portion of their total remaining seller note balance. This refinance could also occur if the company produces a year or two of strong cash flow and feels it can receive favorable terms from a lender, thereby replacing higher interest rates with lower ones (assuming the former shareholders (who are now the current noteholders) agree to a refinancing).

From a governance and reporting standpoint, a seller-financed deal does not place much burden on the company and its employees. Many times, a senior lender will require an audit to fund a transaction, and this would not be necessary in a seller-financed deal. Senior lenders also include terms like fixed charge and cash flow coverage ratios, placing further burden on the company and its reporting. Many companies, prior to a sale to an ESOP, aren’t used to operating with significant leverage, and the flexibility of a seller-financed transaction can be attractive.

Of course, if market conditions are not favorable for lending, one may wonder how it is favorable to an owner to pursue the sale of a business to an ESOP (or any sale). While valuations are subject to financial market fluctuations, businesses that continue to report strong earnings should expect fair market value consideration in a negotiated transaction and should be able to achieve a positive outcome now while reducing business risk. Evolving market conditions could create changes in legislation (particularly tax legislation), so it may be prudent to start thinking of a partial or full exit now, thus mitigating future legislative and market risks. The mitigation of these market forces, along with tremendous flexibility for both the former owners and company, can be achieved through the seller-financed ESOP transaction.

7 Actionable Steps to Reducing Cyber Vulnerabilities

Posted on by info

Cybersecurity breaches are in the news daily, and as forensic investigation and incident response practitioners, we have seen several common themes among victim companies. Attackers often pass over larger companies with robust cybersecurity measures and instead prey upon small to mid-sized businesses that are softer targets with weaker security postures. These seven steps to reducing your cyberattack surfaces will help to strengthen your defenses.

  1. Raise Cybersecurity Awareness and Hold Employees Accountable

    The weakest link in any cybersecurity program is the human workforce operating within it. Phishing attacks–in which users are tricked or deceived into opening an unsafe email attachment or visiting a fraudulent website–are among the strongest weapons in an attacker’s arsenal because they work against people, not software. Institute a regular cybersecurity awareness program that includes not only instruction but also random testing throughout the year. Repeated failures of such random testing should be considered a notable area for improvement for employee progression. If your company lacks the resources or abilities to perform such training, several outsourced providers have these training and awareness platforms at the ready.
  2. Use Strong Passwords and Password Managers

    An attack known as “credential stuffing” is extremely effective at helping attackers gain access to multiple systems at once by taking valid username and password combinations (called “credentials”) stolen from one computer system or website and trying them against others such as corporate logins, online banking, and more. As people often reuse passwords across platforms to make remembering passwords easier, this also leaves systems—including the computers and accounts they use for work—vulnerable to compromise.

    To combat credential stuffing, an organization’s best defense today is the combination of strong passwords (long passwords with a mix of capital letters, lower case letters, numbers, and symbols) and password managers—secure programs designed to generate strong passwords and store them for easy recall, to make using unique strong passwords on every account and website easy. This also assists with “corporate memory” of shared or administrative passwords, as particular entries can be made accessible to a certain group of users. Password managers such as 1Password, LastPass, and Dashlane also have web browser extensions that make it extremely easy to have a different strong password for each website visited. They often also have the capability to provide for personal and professional password vaults to ensure that users have a common experience to improve the likelihood that they will adhere to using a password manager and not using only “password123.”
  3. Patch and Update Regularly

    Software developers—including those who write operating systems, office platforms, and even security software—are human, and bugs or vulnerabilities can exist in even the most secure computing platforms. As these issues are discovered, software manufacturers will fix and release new versions of these products. It’s critical that you have a regular cadence for updating the operating systems, applications, and security tools that your company depends upon. When responding to incidents, it’s not uncommon for responders to find several “critical” systems to an organization that are running on long outdated and unsupported versions of Windows or Linux servers. Outdated and unsupported operating systems often have several vulnerabilities and wide-open attack surfaces which serve as open doors for attackers.

    Needless to say, always make sure your organization’s antivirus (you do have an organization-wide antivirus in place already, yes?) is regularly updated to receive the freshest definitions and algorithms, but remember, antivirus only helps with malware-based attacks.
  4. Tighten Existing Controls

    In nearly every operating system, network, file system, and application, user accounts have varying degrees of permissions to accomplish tasks or access data. Administrators tend to have the most and standard users tend to have the least. Ensure that each user account, including system accounts used for handling automated tasks, has the amount of authority and permissions necessary to complete the job at hand—but no more. For example, while a company’s CEO might drive the policy and agenda for the entire organization, he or she doesn’t necessarily need access to detailed engineering plans or code repositories; they won’t use that data as a course of normal business, but it expands their attack surface tremendously and increases the potential for a catastrophic breach should their credentials be compromised by clicking on a nefarious link in an email message.
  5. Use Two-Factor Authentication Whenever Possible

    Operating systems, application platforms (such as Microsoft’s Office 365), and many websites provide enhanced security and authentication through “two-factor authentication.” Two-factor authentication often combines something you know (such as a password) with something you have (such as a one-time randomized key) to authorize credentials. At a minimum, two-factor authentication should be a requirement for any Office 365 Administrator account, and it’s no less recommended for standard user accounts as well.

    Two-factor authentication is often accomplished through a program that runs on one’s mobile phone, providing “one time passcodes” that rotate every thirty seconds with a unique number that will provide an additional verification your user credentials. Common two-factor authentication programs include Google Authenticator, Authy, and Microsoft Authenticator, and many password manager programs also can generate authentication passcodes as well.
  6. Have an Incident Response Plan, Even Minimally

    Due to the growth in cyberattacks and cybercrime, organizations are beginning to understand that it isn’t about if they’ll face a data breach, but when. As a result, the difference between catastrophic organizational damage and cyber resiliency can be the manner and speed in which an organization responds to a breach when it happens, along with the programs, procedures, and processes in place beforehand to best position the organization for recovery.

    While a full incident response plan with trained, dedicated staff at the ready is great, this is definitely an area where perfect shouldn’t be the enemy of good. Critical days or even weeks can be lost after a breach while a company looks for an incident response contractor, negotiates contracts (at panic pricing), and waits for the contractor to begin their response in an unfamiliar network belonging to an unfamiliar company. When you don’t have an active incident is the time to contract with an incident response and/or managed security services firm, because you can set fair pricing, reasonable retainers, and the contractor will have time to learn what’s “normal” in your company and network before a crisis happens. Even if your plan is to “call our account rep at our incident response contractor,” that can be enough to stop a security incident from becoming a security breach.
  7. Encrypt Data at Rest and In Transit

    Most desktop and server operating systems can encrypt the contents of their hard drives right out of the box. From a single user’s laptop to the information stored in your corporate-wide databases, encryption should be the standard, not the exception. Before a computing device is provided to an employee, activate the on-board disk encryption to reduce exposure to loss or theft, and ensure that your cloud computing platforms, corporate databases, and email servers are also covered by their encryption capabilities. Emergency decryption keys can be stored within the safety of your password manager for cases when an employee leaves suddenly, but not providing encryption on that employee’s laptop can be a disaster if it’s lost or stolen in an airport café.

    Speaking of travel, when employees are on the road, they should connect to the Internet through a Virtual Private Network (VPN), preferably one provided by and running through the corporate network to maintain control and assure data security. Open Wi-Fi access points may be a boon to travelers, but they’re also a goldmine for data thieves who may listen-in on unencrypted connections. In a pinch, commercial VPN services are also available on an individual basis, and computing enthusiasts can set-up their own using open-source platforms such as AlgoVPN for the price of a cup of coffee.

In summary, while there is no one end-all, be-all to cybersecurity, there are a number of simple, practical steps that organizations can take to dramatically improve their cybersecurity posture. Many of these options are free or come with the software you’ve already purchased. Others, while they do charge a fee, cost significantly less than the amounts associated with a data breach in loss of customer confidence, loss of intellectual property, incident response costs, fines, penalties, legal fees, and more. Cybersecurity should be another risk that needs to be quantified, monitored, and managed by your C-suite and Board, and policies must be drafted and enforced accordingly.