Every industry is being impacted by digital transformation, the adoption of digital technology to transform services or businesses through replacing non-digital or manual processes with digital processes or replacing older digital technology with newer digital technology.
When it comes to construction and other related industries, this is what the textbook definition really means…
We see firms pushing their back-office operations into work-from-home stances driven by COVID-19 responses that are accelerating the adoption of Microsoft 365. We witness working dynamics driving the selection of new cloud-based ERP systems such as Acumatica, Netsuite and Microsoft Dynamics to provide the flexibility that older premises-based ERPs offered. The new ERP systems in turn present new opportunities for data analytics to quickly provide enhanced information regarding job performance, subcontractor performance, and a host of other financial intelligence.
At the job site, we’re beginning to see innovative technologies impact the way things are constructed. Kubota built GPS and artificial intelligence into some of their equipment to allow for a lower-skilled operator to manage heavy machinery accurately and safely. (That was done years prior to COVID and was partially driven by Japan’s aging population.) Artificial intelligence, 3D printing, GPS, robotics and the Internet of Things (IOT) are categories of new technologies frequently showing up on job sites that just recently belonged in a bad science fiction movie. This collection of new technologies, or older technologies applied in new ways, represents an incredible opportunity for business growth.
On the other hand, such technologies also present a full array of risks that we call digital risks. The biggest risk to your business is not innovating because of fears of cyber and other risks. The second biggest risk is not considering the digital risks that these new technologies present to your business.
Types of Digital Risks
Here, we refer to the risk of cyberattacks. These types of attacks often have the objective of accessing sensitive information and then using that information for malicious acts. For example, extortion and preventing normal business processes from flowing. For the construction industry, this translates into wire fraud, business email compromise, and ransomware risks.
A workforce risk is any one issue that could pose risk to an organization’s goals. In other words, workforce risks are skill shortages and high employee turnover. With new technology adoption, workforce attitude regarding the adoption of new technologies presents additional risk.
These are risks to changes in architecture, implementation deployment, or management of new digital business operations and IT systems. Cybersecurity risk is certainly part of this conversation. When managed correctly, cloud architectures present a tremendous advantage. However, if poorly managed, they have the potential to create upward cost spirals. At the same time, IT teams implementing cloud as they would premise-based architectures often create unforeseen weaknesses.
This risk refers to any new requirements or rules needed for new technology. When you adopt new technology, your organization is at risk of not complying with regulatory requirements for business operations, data retention and other business practices. Today, most compliance risk is tied to personnel privacy. Not many 2x4s care about their privacy so compliance hasn’t been a big issue for the construction industry, but it is becoming a bigger issue for firms doing business with the defense department or with firms who are obligated by their clients to protect plans, drawings and other sensitive information.
These are risks associated with outsourcing to third-party vendors or service providers. For example, vulnerabilities related to intellectual property, data, operations, finances, customer information, or other sensitive information are third-party risks.
Along with automation, there will be risks such as compatibility problems with other technology, lack of resources, and governance matters, among others.
This refers to the risk of negative events occurring when adopting new technology and the difficulty of minimizing the damage caused. Risks to the availability of business operations after a disruption are also important to consider.
Data Privacy Risk
Data privacy risks are related to the ability to protect personal information, including full names, email addresses, passwords, physical addresses, and even dates of birth. This data can be easily misused by hackers as a way of harming or misusing an individual’s identity.
Managing Digital Risks
Adoption of new technologies should include a discussion of the digital risks they might introduce. Ask yourself, “What risks does this technology introduce to our firm? How do we manage or mitigate them?” These questions are a good starting point as long as the question is being asked of someone who has an accurate understanding of the risks involved.
A more detailed, complete and leading practice approach, such as risk analysis, should be done as new technologies are selected and adopted. Proper risk management will increase the likelihood of successful adoption, reduce the risk of unintended negative outcomes, and provide you with peace of mind.
We can help you work through a proper risk analysis. GBQ Information Technology Services is a team of builders, breakers, operators, and auditors experienced in IT strategy, enterprise risk, cybersecurity, productivity solutions such as data analytics, as well as IT audit and assurance.
For more information or assistance with IT strategy, digital transformation, digital risks, cybersecurity, or other IT matters, please contact Doug Davidson, Director of Information Technology Services.