KPMG review shows bank profit plateau for 2023
Banking sector review challenges New Zealand directors to add value to their organisations.
IMHO: New crimes that directors need to monitor – it’s not just AI
OPINION: Cybercrime and fraud can present existential risks to lots of companies and they appear on lots of risk registers. You’re much less likely to see a risk register include crimes enabled by advances in additive manufacturing (3D‑printing), biotech, or renewable electricity and energy storage.
But in his 2021 book Exponential, Azeem Azhar argues that, along with AI, those three sectors will emerge to be the leading disruptive technologies in the 2030s.
Those new sectors are already growing exponentially, but so far they’re largely below the radar. Expect to see “sudden developments” in those sectors break into the headlines and the public eye in the next few years, similar to Chat GPT and other Generative AI in the last 12 months. These new developments will be loaded with equal parts promise and risk.
I spoke about risk recently at the New Zealand Risk and Resilience Summit, and discussions there confirmed for me that as directors we need to be more conscious of scanning widely for risks – way beyond just AI for example. And we need to be refreshing our scans often to keep pace with regular disruption.
New technologies, new “crime harvests”
By definition, new technologies are under-regulated. Entrepreneurs move fast to establish facts on the ground so that regulators have no choice but to follow along – for example, ridesharing stepping around taxi regulations.
Sadly, criminals are among those early movers, and one sign that new technologies (or mash-ups of existing ones) are maturing are criminal use cases. As Mariam Elgabry and colleagues wrote in 2020 in the biomedical journal Systematic Reviews, criminals benefit from the time lags between innovation and regulation:
“When new technologies are developed, it is common for their crime and security implications to be overlooked or given inadequate attention, which can lead to a ‘crime harvest’.”
Riding on new disruptive technologies, criminals can surge ahead of regulators in different ways. It may be that new harm-causing behaviours enabled by new tech are not strictly illegal under existing laws. Or it may be that a new technology makes an illegal activity harder to detect and relevant laws harder to enforce.
Either way, when regulators are being challenged the threats to companies and organisations are greater, and directors need to work hard to keep themselves, and their sense of risk, up to date. As Ann Sherry, ex-CEO of Westpac NZ, warned when speaking on cybersecurity at the IoD conference in May: “Hackers are better organised than we are.”
Additive manufacturing
When the blueprint for a functional plastic gun was posted on the Internet in 2013, it was downloaded 100,000 times. A decade on, and this technology has well and truly arrived. For example, the Herald recently reported on an Auckland gangster 3D-printing gun parts.
The focus of Customs authorities needs to shift now from intercepting contraband to intercepting plans and materials. The technological challenges include deliberate obstacles to detection – for example, a software tool named the “Disarming Corruptor” allows 3D-printing files to avoid detection through scrambling and then unscrambling them.
More prosaic risks of interest to directors include the 3D printing of keys and access cards, and even faces, as well as the usual fake watches and other products.
Risks in the energy sector: From neighbours pilfering power, to network attacks
The energy sector is witnessing textbook disruption – and hence new crimes. In the US, people have been prosecuted for stealing electricity when they plugged their EVs into other people’s electrical outlets without asking. But more ominous is the risk of chargers being used for hacking, or even attacking the grid.
Another ominous risk is the abuse of trading regimes in the energy sector. In 2021 Claudio Deiana and Andrea Geraci published a paper, “Are wind turbines a mafia windfall? The unintended consequences of green incentives”. They highlighted:
“The risks of criminal infiltration of the green energy sector, especially when incentive schemes are insufficiently competitive and overly generous.”
We need to talk about biotech risks
I believe biotech isn’t talked about enough in Aotearoa New Zealand. It’s the epitome of adding value to our dominant primary sector by applying the best of our science and innovation sectors. We need to ensure our regulatory regime is fit for purpose to enable exponential growth of the kind seen in our aerospace sector.
But we need to be mindful of risks, including the malicious intent of criminals.
We’ve seen genome sequencing race ahead, and Azeem Azhar, the Exponential author, talks about “synthetic biology”, which brings together AI, biology, electrical engineering, and biophysics to create new biological components and systems. Azhar says synthetic biology is driving exponential breakthroughs in agriculture, pharma, materials, and healthcare.
That’s great, but what was not so great was when Chinese scientist He Jiankui created the first gene-edited babies. This was universally condemned, with scientists warning of possible unintended side-effects.
The Chinese government struggled with how to prosecute He given the lack of relevant law, and he was eventually jailed for “illegal medical practice”. China later tightened up its laws in this area.
As npr reported in 2019 when He Jiankui was sentenced:
“Research carried out since He's stunning announcement has suggested that the genetic changes he made could cause more harm than good to the babies’ health. A study … found that the changes … could make people more vulnerable to viruses such as West Nile and influenza.”
There are potentially horrific uses of biotech too, such as blackmail via threats of introducing animal or human viruses, or threats to use gene-editing tools like CRISPR to incapacitate individuals or groups.
The risk of poor risk management
It’s easy for Bboards and risk committees to become seduced by documented risk appetites, spreadsheets with RAG lights, heatmaps, and the like. But to me, those tools are often a sign that risk isn’t in fact being taken seriously and that the organisation may be vulnerable.
One key vulnerability is when your risk scanner isn’t broad enough to encompass new emerging threats such as the technologies I’ve been discussing. As well as scanning widely, we need to scan often, and adjust our sense of time to the rapid rate at which new technologically enabled threats are emerging.
I wrote more extensively about innovation leading to new crimes in April in the NZ Herald Outlaws recharged: All the ways modern criminals can steal your money - NZ Herald
About the author
Kevin Jenkins CMInstD is a founder of MartinJenkins and has over 30 years’ experience as an advisor to business, not-for-profits and government. He works with boards and executives to help them clarify their strategic direction and make the best choices to achieve their purpose and goals. He also leads MartinJenkins' data science team.
The views expressed in this article do not reflect the position of the IoD unless explicitly stated.
Contribute your perspectives and expertise on an area of governance to the IoD membership and governance community. Contact us mail@iod.org.nz
Related content
