Cyberattacks have always been around, but recently they've been on the rise, especially when it comes to third-parties. What is the best way to safeguard your company against these risks? Pat Moran gives five practical steps on the best way to manage third-party cyber-security plans.Cyberattacks and data breaches are rarely out of the news, and when they do occur, they have wide-ranging impacts. In response to an ever-evolving cyberthreat landscape, many Irish firms have made significant investments to strengthen their cybersecurity capabilities. I’ve seen clients deploying new technologies, developing new capabilities, and implementing new security processes, all to increase the cyber-resilience of the organisation.However, focusing on what's inside your company is only part of the challenge. Any firm's security posture is only as strong as its weakest link. And very often, the weakest link exists outside your organisation.While it's not a new concept, more and more firms are engaging with third parties to reduce costs, enhance performance or avail of a specific skill set that they don't have. The term 'third party' can be used interchangeably with 'vendor', 'supplier', 'partner' or 'outsourced provider'. Regardless, they mean the same thing: an increased risk of cyberattacks for your organisation.The COVID-19 crisis has only reinforced how dependent most organisations are on an interconnected ecosystem of third parties to run their business. We've seen firms across all sectors struggling to get visibility on the resilience of their supply chain to ensure that the lights can be kept on. Suppliers are facing the same challenges of getting their workforce connected securely, adhering to security policies and maintaining a culture of cybersecurity awareness. All of this is against the backdrop of a heightened threat landscape. Opportunistic cyber-thieves are looking to take advantage of the uncertainty created by the crisis.When you're operating in an interconnected environment with third parties, the attack surface is expanded for cybercriminals to launch an attack.You can outsource almost everything but accountabilityPwC’s Global Economic Crime and Fraud Survey 2020 highlights that one in five respondents identified vendors and suppliers as the source of their most disruptive external fraud.  Half of the respondents lacked a mature third-party risk management programme and 21% had none at all. This highlights the size of the challenge faced by firms. And when a third party has an incident that impacts the security of your customers' data or impacts your ability to deliver a service, your customers don't see the distinction. You can't outsource accountability.To compound the matter further, all of the above is happening in the face of the pressures of reducing costs and improving efficiency, along with increased regulatory expectations.To navigate some of the above challenges, below are some practical steps your organisation can establish to manage the risk of cyberattacks caused by engaging with third parties.1. Establish your operating modelDeveloping your operating model and framework is the foundation of effective third-party risk management. The operating model should outline the governance and reporting requirements over your third parties, how to determine the criticality of each third party, and what technology can be leveraged. For mature or regulated entities, a centralised program likely already exists, but the security team should be active participants. For less mature organisations, the security team might be the driver.2. Identify your inventoryCreating a complete and accurate inventory of your third parties is a prerequisite for effective risk management of your supply chain, including your fourth and fifth parties (also referred to as chain outsourcing).3. Plan before you engageBefore you bring a prospective third party on board, invest time in understanding their security posture. Do they meet your minimum security expectations and standards? If not, do they have other mitigating plans or processes that will give your organisation more comfort?Not all products or services lend themselves to outsourcing, so make sure to develop a robust planning process, where assumptions can be challenged, to ensure that outsourcing or engaging a third party is not outside the risk tolerance of the firm. Security requirements should be baked into contracts and service level agreements.4. Monitor, monitor, and then monitor some moreThe most time- and resource-consuming activity is typically your ongoing monitoring and governance. The security team should be included in weekly or monthly operational meetings for critical third parties, and risk assessments should be performed at least once a year for all your third parties. Tooling and ratings services are now common on the market to support this.5. Exit gracefullyWith all the right intentions and robust processes in place, surprises still happen. Be prepared with a backup plan if services cannot be provided by a third party, or if you need to exit the arrangement with little notice.Pat Moran is a Partner in PwC.

The impact of COVID-19 has left many businesses across the Irish economy vulnerable and uncertain about their future. Tom O’Brien and Hilary Larkin say this may be the ‘calm before the storm’.We are seeing companies who are experiencing a decline in activity levels and have been sustaining themselves through this period by availing of the various supports which have been in place since the onset of the virus, such as the deferral of tax liabilities, bank forbearance measures, wage subsidies and rates freezes.These measures have greatly assisted many companies, but it is what happens when they are ultimately removed that is worrying. Many businesses are accumulating significant liabilities over this period and when these supports are removed and businesses have to stand on their own feet again, there will be capital difficulties and liquidity issues.Looking into examinershipDespite the negative outlook, there are options for those in financial distress. Given the prevailing trading conditions and the nature of the liquidity issues which will face many companies, examinership may be an appropriate restructuring option to consider. There will likely be an increase in the number of examinerships over the coming months and into next year as companies seek to come to terms with the new normal and address pent up liquidity issues. The COVID-19 situation may also have highlighted other areas that can be actioned as part of the examinership process, such as property arrangements that are now onerous or surplus to requirement.There are many advantages to the examinership process such as the company continuing to trade, jobs being maintained and preserved, and creditors faring better than they would if the company were placed into liquidation. It is, in many cases, a positive outcome for everyone concerned.Examinership is not only an option for larger companies. Companies that meet the definition of a small company are capable of availing of examinership through the Circuit Court. This process has not been availed of as widely as was expected when it was first introduced – maybe due to lack of awareness or perhaps a perceived stigma around the process – but, given the economic forecast, smaller companies will be more likely to avail of it going forward. LiquidationWhile many eligible companies will go down the examinership route and emerge ‘at the far side’ completely restructured and with appropriate working capital and funding to sustain themselves into the future, there will inevitably be others that are not viable and may have to look at liquidation. Examinership is not suitable for all businesses as some will be beyond saving. In these circumstances, it is important that directors and business owners move in a timely manner to protect all stakeholders – employees, creditors, banks, and the directors themselves.From a governance perspective, directors must be able to demonstrate that they have acted responsibly, showing that they have properly assessed the options open to them including taking independent legal and financial advice, formally recording meetings of directors and management and being careful not to expose creditors to further losses in the period preceding the liquidation. Obviously, great care should be taken with any payments from the business to ensure that issues of preferment do not arise.This is all very important as in the final analysis, the liquidator is required to review the conduct of the directors over the period leading up to the liquidation and report to the ODCE on this. Directors should be able to demonstrate that their conduct was responsible and appropriate in the circumstances.Stay positiveDespite all the negativity surrounding financial distress, it is also important to be positive and take the right steps. Banks have been very supportive and are willing to try and assist customers to restructure and get through this period. Companies should be encouraged to seek independent and competent advice as soon as possible. Don’t bury your head in the sand – talk to your bank in a proactive manner, and don’t leave things until you are really under pressure.Tom O’Brien is a Partner and Head of Advisory Services in Mazars.Hilary Larkin is a Partner in Financial Advisory in Mazars.

We all know a financial storm is headed our way, but how do we cope when it does hit us? Graham Reid gives us twelve steps that can be taken to navigate the perils of post-COVID economic recovery.After the storm comes rebuilding. And there’s a lot to do. COVID-19 has profoundly affected the norms of business across every industry and geography. From new ways of going to work (or not), long-lasting shifts in customer psychology and behaviour, and radically transformed operational networks and business portfolios, the world in the second half of 2020 is very different from the start of the year, for better as well as for worse.The only thing that’s certain about the recovery is that there’s still a huge amount of uncertainty about what form and how long it will take, with different countries – even different regions within countries – continuing to be impacted in different ways, and no certain cure for COVID-19 yet in sight. What should the working world expect from the pandemic recovery period? How is it best achieved? Outlined below are steps organisations and individuals need to take, not just to get back up and running, but also to become stronger and more resilient in the process.1. Reimagine and transformThe world is slowly adapting to the impact and waking from the nightmare of COVID-19. But getting back up and running requires more than just business as usual. It’s a two-geared process, a balancing act between transitioning safely into a new working world and taking steps to engage in the transformation of working conditions and practices that COVID-19 has unleashed. 2. Address client anxietyThe behaviour and decisions of consumers are what keep the business world ticking. But COVID-19 has dealt a massive – and potentially permanent – blow to the way they interact with businesses. As just one example, 44% of global consumers indicated they would be more likely to do grocery shopping online as a result of the pandemic. Firms looking to survive will understand this and will adapt accordingly. 3. Rethink the workplaceSome businesses have been able to opt to continue remote working practices for the foreseeable future, but for many others, a swift return to work is vital to remain financially viable. To do this safely for their staff and customers, organisations need to prioritise cooperation, communication and accountability, and supplement with cutting-edge technologies and working processes, including crowdsourcing, risk apps and collaboration platforms. 4. Maximize your people’s potentialConcern for the wellbeing of your workforce isn’t just about a duty of care – it's a business imperative. Led by an integrated Human Resources response, rebuilding will mean effectively engaging with the workforce, understanding and reacting to employee expectations of the care provided by employers and the ability to match workforce capability to financial and risk considerations. 5. Identify legal issuesEven if the worst of the crisis may seem to be over, with interim regulatory measures still in place in much of the world, the full aftermath is yet to hit. As the world moves on from the peak of the crisis, from cancelled contracts to employee class actions, COVID-19 is likely to leave a range of legal turmoil in its wake. Modelling potential outcomes, identifying potential risks, and capturing relevant data is critical for businesses looking to weather an anticipated storm of litigation. 6. Learn lessons from those a few weeks aheadWhen re-opening, it can be instructive to look at what has happened during reopening elsewhere – both in other industries and markets. China was the first country affected, and at the beginning of May, it became one of the first to re-open. Here we can look at key lessons from its experience, from assessing supply chains to preparing for future virus spikes. 7. Adapt operations, increase resilienceEven before COVID-19, business was facing pressure to act more responsibly, and the crisis will only accelerate that. As we look to an uncertain recovery, likely to be more saw-toothed than smooth, the pandemic presents us with a chance as much as a challenge. With such a significant economic and social impact, radical changes in how we operate are not just possible, but necessary. This is a chance to segue from a growth economy to a value-based one, prioritising long-term value and resilience and the needs of multiple stakeholders over short-term growth. Flexibility has always been a business advantage, but it will now be critical to survival. 8. Forecast more effectivelyMaking smart financial decisions post-COVID-19 is critical and, in such a radically changed world, only companies with effective forecasting and scenario planning strategies can do so with any confidence. However, in a webcast survey by EY, only 9.2% of respondents were very confident in these areas. 9. Adapt to shifting expectationsFor good or ill, what consumers expect of companies is changing. As we move from crisis to whatever comes next, businesses need to be ready to adapt to changing customer attitudes and needs: reshaping their portfolios for new business realities, creating new and responsive digital customer journeys, and taking the right steps to ensure transparency moving forwards. 10. Identify the right divestmentsIn the wake of the 2008 financial crisis, firms proactive about reviewing and strategically divesting their portfolio outperformed their peers. The same may well prove true of the COVID-19 aftermath. 11. Encourage inward investment in your regionCOVID-19 hit Foreign Direct Investment (FDI) hard. While 23% of investors surveyed indicated an intention to delay investment plans entirely, 51% expected minor delays in FDI plans. 12. Stabilise the economyReassuring and supporting individual customers in the immediate crisis is one thing, and something all businesses can work toward. But banks will have a particularly important role to play in the longer-term, post-crisis stabilisation of the global economy. Businesses will need to build close relationships with their banks to manage the inevitable risks of an uncertain environment and secure ongoing access to the capital that will be essential for their long-term recovery and growth.Graham Reid is Head of Markets in EY Ireland.

Innovation requires investment. But what are the best areas to invest in? Matthew J. Moberg details five growing platforms that companies should think of as investment opportunities. Innovation can be found in any part of the economy and people seek to invest wherever innovation occurs, regardless of sector classification, market capitalisation or geographical location.There have been significant breakthroughs in many sectors. To organise the change occurring in the economy, here are five major evolving platforms of growth. Global e-commerceGlobal e-commerce is an arena of tremendous opportunity. Estimated global sales were only 14% penetrated by e-commerce pre-COVID-19. Today, with the new reality of COVID-19, we have seen estimates of between 22–25% penetration.Even in the United States, so-called “highly” penetrated industries, like travel, books, office supplies and media are, on average, only 41% penetrated. There are many more industries—like groceries and global transportation—that are only modestly penetrated by e-commerce.Other opportunities include business-to-business (B2B) procurement and software that enables brick-and-mortar companies to have an online presence. The common perception may be that global e-commerce is at a late stage in the innovation cycle. In my view, there is so much further to go.Genetics breakthroughsThe sequencing – or decoding – of the gene is one of the greatest accomplishments of our era. The gene was discovered in 1953 but first sequenced during the Human Genome Project in 2003 at a cost of US$2.7 billion. The cost of gene sequencing has fallen rapidly in recent years. We believe the industry is on the cusp of creating meaningful diagnostics and therapeutics and, as a result, wealth creation. These opportunities may go beyond human gene therapeutics, to agricultural and even artificial intelligence applications.Intelligent machinesArtificial intelligence or machine learning is permeating every layer of product development. From using simulation tools to advanced graphics to designing products and getting immediate feedback as to points of weakness in a structure, or real-time intelligence on wear and tear that can feed back into new designs – smart machines are involved.If the last 30 years were spent organising data with mainframes, personal computers and mobile phones, the next 30 years could be set up to take that data and change our lives in the physical world. There could be opportunities in companies that intelligently design, manufacture, transport and maintain physical machines, in addition to investing, of course, in the machines themselves. New financeAccess to capital is one of the fundamental differences between developed and developing countries – the grease that allows efficient transfer of value. I believe there are three vectors that drive access to capital.The first is the concept of what constitutes money. In the past, people bartered for goods and services, which can be very inefficient. We have moved from barter to precious metals – backed by their own innate scarcity – to fiat currency backed by the full faith and credit of a government. Today, we are talking about currencies backed by algorithms.Similarly, the other two vectors, efficient pricing and methods of exchange, have also significantly evolved. In the past, the better barterer determined the price of your goods and services; then it was a loan officer at a bank with all their intrinsic biases.Today, we are increasingly using data to appropriately price risk, allowing us to allocate capital in more efficient ways. Methods of exchange are also evolving with the trends in e-commerce, allowing mobile payments and digital wallets to gain traction.Exponential dataUnderlying virtually all our investment themes is the constant of data. Without data, none of these platforms can be successful. But data isn’t virtual—there is a physical component to data that is often ignored. We need to clean the collected data, then store and deliver the same data. That requires massive amounts of data centres, fibre-optic cable, and cell towers, among other supporting infrastructure. To use data for something like artificial intelligence, computing power and memory are crucial. Graphics processing units, central processing units and field-programmable gate arrays represent some of the many components necessary to process that data more efficiently.The creation, cleaning, storage and delivery of data will lead to new applications like augmented and virtual reality, artificial intelligence and machine learning, software as a service, and the sharing economy. There are many investment opportunities in companies that play critical roles all along this value chain. Some have postulated data is becoming the oil or gold of the new economy. Matthew J. Moberg is Vice President Portfolio Manager at Franklin Templeton. This article is the sole opinion of the author.A version of this article was first published in The FM Report.

Innovation is high on the government’s agenda. But how can companies invest in R&D given the current economic conditions? Establishing an innovative culture in your organisation is the key to success, says Barrie Dowsett.When it comes to innovative research and development, it is easy to picture a lab – one in which a large technology company is working on something amazing, like a robotic arm. You’re likely to think of pharmaceuticals as well, especially given that Ireland is renowned for its thriving medicine industry.But, actually, innovation is happening all around us.Research and development (R&D) is simply about seeking a scientific or technological advancement or overcoming a challenge that could not easily be solved by a professional in the field. From developing new products, services, or processes from scratch, to improving those which already exist, R&D is likely to occur in your business more often than you think.The state of R&D in IrelandThere has been a significant rise in the amount of investment in R&D from Irish businesses in recent years and that has coupled nicely with the fact that innovation is high on the government’s agenda.Recent data released by the Central Statistics Office show that the total expenditure on innovation projects in Ireland totalled almost €5.5 billion in 2018, an increase of 18.2% just two years prior. The main reason behind this leap is the 39.4% increase in expenditure for in-house R&D, totalling €3 billion in 2018 up from €2.2 billion in 2016.This information from CSO goes deeper too and shows that in 2018 the acquisition of machinery, software, and equipment represented 20.7% of the total spend at €1.1 billion. Embracing an innovative cultureAll businesses will approach R&D differently. Some have an innovative culture in place from the start. Others, however, take time to instil it. There are other variants to consider as well, like company structure, size, and ability to claim.Take size as an example. Businesses looking to create brand new products and services tend to be larger, more established, and better able to meet the demands of extensive market research and production. However, small- and medium-sized enterprises are more likely to work on improving existing products rather than creating new ones, as a development from scratch can be prohibitively expensive. Some companies will be able to set up their own R&D department, while others will outsource their efforts to gain the skills and knowledge required. Furthermore, with the effects of COVID-19 being acutely felt across the Irish economy, many companies simply feel unable to give R&D priority at the moment, with statistics showing that 85% of Irish businesses have scaled their operations back or even shut their doors entirely.R&D and the Irish economyHaving a well-defined and funded R&D strategy isn’t just about showing off amazing products, it’s also about staying ahead of the game. Marketplaces are becoming more competitive and companies are in direct competition with each other to offer something bigger and better to retain their customer base. Although investing in R&D often requires some generous financial outlay, the rewards can also be significant.Another big benefit of investment in R&D lies in the ability to claim R&D tax credits, with the government recognising the benefits it brings to the wider economy through job creation and growth. The incentive is lucrative too, covering up to 25% of R&D expenditure over and above the standard rate of 12.5%, meaning Irish companies can obtain as much as 37.5% of R&D costs back, either as a corporation tax reduction or as a cash lump sum. Creating or developing products and services, both for commercial purposes and within a company, can lead to great pay-offs. But innovation can’t happen without some element of risk, and for many companies meeting the costs involved can be daunting.However, there is a range of national and EU schemes available to help mitigate the costs in addition to R&D tax credits, like Enterprise Ireland funding supports, Horizon 2020, EUREKA Eurostars, and more. Whatever size and sector the company is in, a well-executed and funded R&D strategy is essential to survive and thrive.Barrie Dowsett is the CEO and owner of Myriad Associates.

Burnout has been creeping into our workplaces and greatly affecting our lives, even before COVID. Noel O’Callaghan outlines how you can identify burnout and manage your work-related stress.Increasingly, we are hearing about how workplace stress is on the rise, especially where work and life both feel uncertain and unpredictable. In a new survey from the Department of Work and Employment Studies at the Kemmy Business School, 60% of employees in Ireland are feeling more stressed since the onset of COVID-19. As we become so ingrained in the day-to-day routine while meeting the needs of employers or customers, we can miss the alarm bells warning that what was a somewhat natural and manageable stress is now morphing into burnout, something considerably more serious. Work culture seeks to identify and label what they call ‘high achievers’ but, unfortunately, delivering more and more with less and less is often the only criteria needed to earn the distinction. Day to day, month-end to month-end, quarter-end to quarter-end, the relentless pace of work makes it seem impossible for someone to put their hand up and say, “Stop. I need to rest”. If you combine this with a personality that is wholly-committed to doing a good job, has a fear of failure, or is unsupported either at work or at home, then you have a recipe for disaster when it comes to excessive stress or burnout.Signs of burnoutWhat are the tell-tale signs of burnout? Burnout can lead to physical and mental exhaustion, a feeling of detachment, or a feeling of never being good enough no matter how much you deliver. Are you:terrified of going to work every day?always tired?disinterested in participating in hobbies outside of work?getting little enjoyment in anything and no motivation to seek it?feeling stuck, with little or no light at the end of the tunnel?(Sometimes these can also be accompanied by unusual physical aches and pains.)These are just a few of the more common red flags, but it can be different for everyone. The great news is that burnout is treatable. Taking breaks, knowing your limits, and watching out for situations or people that elevate the stress can help. However, there are also huge benefits gained from working on your relationship with work. I-It and I-ThouMartin Buber, a theorist and 19th-century Austrian philosopher, suggested that humans have two approaches to the way we interact with people, things and nature. One is an ‘I-It’ approach where we objectify whatever we are dealing with and seek to get as much out of it for ourselves as possible and the other is an ‘I-Thou’ approach, where we turn to the subject as a partner and seek to relate more to it for the mutual benefit of both parties. There is a recurring theme that I see is in relation to how people interact with their career and the workplace. A pattern emerges over years whereby one relates to their career, work or co-workers from an I-It standpoint, viewing it as a means to an end, which can cause the relationship with work to become so unhealthy that people become ill. Having a more constructive relationship can alleviate the symptoms of stress and burnout and instil a sense of nourishment into the workday. We should aim to shift the relationship from I-It to an I-Thou and think of work as something to be engaged in, enjoyed or experienced.  Noel O’Callaghan FCA is a qualified psychotherapist. If you would like to discuss how any of the topics mentioned above are impacting your mental health, please contact the CA support team at CASupport@charteredaccountants.ie.