- 4:20 - I think about ESG as a true risk metric, and organizations today are already involved in risk metrics, but this is a very important one because it impacts not just their organization and their customers and their direct employees, for example. It affects other organizations, the tax base and communities, the small businesses. We see this domino effect because we live in this networked world.
- 10:38 - If the goal really with these risks is for organizations to be able to improve upon this particular risk, then they have to understand what are the rating agencies using as their metrics? What kind of data are they using? Just to get like some sort of random rating doesn’t necessarily mean that the organization could go back and make those changes.
- 14:17 - I would bet that in the next 10 years, you’re going to have a better definition of that risk landscape so that everybody’s talking the same language and more importantly for organizations to be able to improve upon those risks that they’ve identified, which I think is really tough today when there are so many different lenses and mechanisms by which to measure and disclose this type of risk.
Cristina Dolan is an engineer, entrepreneur, author and speaker. As founder of InsideChains, Cristina works with organizations to digitally transform business models through advanced technology, data, and blockchain ecosystems, offering new business models with greater visibility, richer data and cybersecurity. She is co-author of the book “Transparency in ESG and the Circular Economy: Capturing Opportunities Through Data.” Christina sat down with Joe Kornik, Editor-in-Chief of VISION by Protiviti, to talk about ESG, risk, data, cybersecurity and where she hopes organizations will be with managing ESG risk in 10 years.
Cristina Dolan is an engineer, entrepreneur, author and keynote speaker. As founder of InsideChains, she works with organizations to digitally transform business models through advanced technology, data and blockchain ecosystems with economic layers that offer members greater visibility, richer data, cybersecurity, new business models and dynamic new products. As an engineer, computer scientist, entrepreneur and MIT Media Lab Alumna, she has led digital transformation in fintech, insurtech, media and healthtech while successfully working with incumbents and startups throughout her career.
Joe Kornik: Welcome to the VISION by Protiviti interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, our global content initiative examining the big themes that will impact the C-suite and executive boardrooms worldwide.
Today, we’re exploring the future of ESG and its strategic implications for the next decade and beyond. I’m thrilled to welcome Cristina Dolan, an engineer, entrepreneur, author and speaker. As founder of InsideChains, Cristina works with organizations to digitally transform business models through advanced technology, data, and blockchain ecosystems, offering new business models with greater visibility, richer data and cybersecurity. She has held executive roles at Disney, Hearst, IBM, and Oracle, and is a member of Forbes Technology Council and the Vice Chair of the MIT Enterprise Forum in New York. She is also co-author of the excellent book “Transparency in ESG and the Circular Economy: Capturing Opportunities Through Data.”
Cristina, thank you so much for being here today.
Cristina Dolan: Well, Joe, thank you so much for having me. This is a topic I’m very passionate about.
Joe Kornik: Yes, I’m really excited to have you on the show today because today, we’re going to talk data, metrics, measurement, and I think those things are often missing from the ESG discussion and I love that your book is talking about those.
I’ll start out here. Where have most companies missed the mark in terms of ESG transparency and data?
Cristina Dolan: First thing I want to say that ESG has been totally misunderstood, right? It has been hijacked to mean something like social justice or some political agenda, but in fact what it is, is a really, really important metric. Part of the confusion comes in that there are so many different frameworks and standards, right. So you’ve got SASB, which is the impact of the world on an organization from the lens of an investor, for example. Then you have another like GRI, which is used a lot in Europe. That’s about the organization’s impact on the world with many stakeholders, very different from SASB. For example, then you have the UN Sustainability Goals, and those are about things like poverty and healthcare and education.
With all these different metrics, you can understand why there would be a level of confusion, and we can get into this in a little bit more detail in a minute, but these are very important metrics because as organizations utilize technologies to solve interesting problems, they create these transformations that involve things like society and the workforce that plays a role in bringing these technologies into the marketplace. If you don’t have the data and understand what’s happening, you can see how jarring these transformations can be on society, and so over the course of time, these transformations have taken place a little slower but today they’re happening so quickly that without an understanding of these massive transformations and the impact, it’s really hard for organizations to play a critical role in managing the impacts going forward.
Joe Kornik: Right, and I often think that maybe a lot of companies are thinking of data as the next step, or ESG 2.0 or something, when, really, it’s crucial now, right? It’s crucial in all components of it but particularly as we really start to embark on this ESG journey or make our way down the road. What are some of the strategic business implications of having that transparency in ESG? Your book mentions opportunities through data, so what are some of the opportunities that maybe companies are missing? Are there any metrics for success we should be looking out for?
Cristina Dolan: Well, first of all, I think about ESG as a true risk metric, and organizations today are already involved in risk metrics, but this is a very important one because it impacts not just their organization and their customers and their direct employees, for example. It affects other organizations, the tax base and communities, the small businesses. We see this domino effect because we live in this networked world, so when organizations can plan ahead and understand what these risks are on a global perspective, it allows them to perform more effectively because they understand the risks that they’re going to face and allows them to plan for them in advance.
Joe Kornik: Right. Earlier this year, you wrote a fascinating article, actually, for the World Economic Forum, saying that companies need to start looking at cybersecurity as part of ESG and that cyber is actually the most immediate risk organizations face today. Why do you think that is?
Cristina Dolan: First of all, when you look at all these industrial revolutions that have created these jarring effects and corporate social responsibility that has evolved into what we called ESG over the course of the last 15 years, the third Industrial Revolution created the byproduct of carbon and we hear a lot about that and its impact on the environment. But if you look at where we are today in the fourth and fifth Industrial Revolution, the negative byproduct of these networks’ technologies that utilize IoT devices and data and connect all of our organizations and people and healthcare and supply chains, the negative byproduct that we are dealing with right now is obviously cybersecurity and it’s a problem that’s growing. When you look at some of the statistics, people said it was the largest industry in the world. You’ve got, for example, the FBI had posted some statistics about how much money North Korea was making, it’s like 8% of their GDP. So nation states are involved and obviously with the great returns, I don’t see them stopping anytime soon. It has become a weapon. It has been weaponized in the current war.
Cybersecurity is probably the most immediate financial and material risk that organizations face, and you can take down utility like electric grid, and that will impact society faster than probably any other weapon. You don’t have to send in any military. You don’t have to send in people. You could do it somewhat quietly and the impact will be quite immediate. People can’t fill their cars with gas. They can’t get water. That is an immediate risk. Organizations that get hacked, it’s not even just taking their business down. You look at what happened in one of the healthcare organizations, I think it was in the UK that got hit and they couldn’t even provide accurate prescriptions for patients. It’s not even just that. It’s the fact that when you have a cyber risk, the regulators also will fine you and those fines alone could be financially impactful and cause a company to have to shudder. The risk is huge and it has many different perspectives that have to be managed and understood.
Joe Kornik: Right, and along those same lines, when I think about risk, when I think about data, I’m thinking a natural tie-in there to sort of the reporting and the governance standards around ESG, and I know that that’s, again, the next wave of ESG. Climate has taken center stage. Social has really now become more in the forefront, and I think right behind that is governance and reporting, and there has been a lot of talk about where their standards will go. We’ve got self-reporting. We’ve got people doing it obviously. Companies in different countries are doing it in different ways. How do you think that all plays out? What do you think those standards will go over the next decade or so?
Cristina Dolan: Part of the problem, and I talked about this a little bit in the book with respect to data, is that there are so many different ways to look at this. I had said before SASB is the impact of the world on a company with the lens of an investor, and then you have GRI, which impacts on the world, many stakeholders, and UN sustainability goals are a completely different lens. It’s poverty, healthcare, etcetera, but then below that, you have different datasets. Some look to the past and some look to the future.
There’s a Harvard article that talks about Berkshire Hathaway and how old Charlie Munger is in the management and whether or not they have a succession plan, and then yet another rating agency says, “Well, if you look at the past, they’ve never had a governance issue.” One looks forward, one looks back, and they have completely different views in terms of the sustainability of that organization. The analysis on these different datasets is also different. Some will use AI and satellites, and some will use some old government data to assess what the risk is on a particular company.
Then on top of that, there are weightings, so some metrics might be more important than others. For example, if you compare GRI and SASB when it comes to training of employees, one looks at the spend and the other one looks at the amount. It’s hard to normalize those different viewpoints when they’re so different.
I think what we’re going to have to see is more transparency with respect to what is used in order to create these reports because today, it’s really hard to understand even, for example, some of the rating agencies how they came up with some of the scores they’ve come up with. If the goal really with these risks is for organizations to be able to improve upon this particular risk, then they have to understand what are the rating agencies using as their metrics? What kind of data are they using? Just to get like some sort of random rating doesn’t necessarily mean that the organization could go back and make those changes.
I think we’re going to have to see a bit more transparency with the approaches being used, the different datasets that are being used, and I think we have to think about this a little bit differently. We have to start thinking about this as a metric that allows organizations to improve and reduce the risks.
Joe Kornik: Right, yes. I think there’s a bit of a fear that we’re just going to end up sort of chasing ratings. We’re going to be chasing rankings, and that’s going to be our gold seal of approval or companies are going to be able to say that they’re doing the right things because their rating says they’re doing the right things when they may not be necessarily measuring the right things at all. I think that’s something that I think is pretty interesting.
You’ve laid out some really interesting things for us to think about regarding data, risk, cyber, so what should companies be doing about it? What would you advise business leaders? What steps should they be taking to ready their company for the next decade?
Cristina Dolan: I think what’s really important is really to understand these risks. The cyber risk is very important to understand because if you don’t understand it, how do you measure it? How do you create metrics? How do you set KPIs? How do you define what resources you need to solve those risks? I think that organizations really have to take a step back and understand holistically what are all these risks and then put plans in place to address those risks. When it comes to cybersecurity, it’s not even just measuring the risks. It’s putting together the resources and making plans to actually defend against it because today we live in a world that you can’t just insure against those risks and hope it all works out.
Joe Kornik: Right. The point of VISION by Protiviti really is to bring smart people together and have them give us their vision of the future, have us talk about the business impacts of megatrends. If I could ask you to look out, let’s say, a decade or even more as far out as you’d like to go, tell me what you see in terms of transparency in ESG or just ESG in general.
Cristina Dolan: Well, I think one of the things that’s going to happen is that you’re going to see a little bit more clarity and conversion on all these various lenses—datasets, weightings, analysis tools, and these very opaque weightings that actually come out of a variety of different agencies because I think that one expectation is that companies should be able to respond to that risk and improve upon it. If you don’t understand what’s under the covers, it’s very difficult to do that.
But in order for that to happen, I think you need to have a better understanding across the board of what these metrics mean. Now, of course, you hear a lot of people pushing back on ESG because they don’t understand what it is and they think it’s some political or social justice metric when, in fact, it’s really a far more important metric about how society and organizations are evolving and transforming to solve interesting problems but in doing so, they create other issues, other problems, other risks, and those have to be understood. I would bet that in the next 10 years, you’re going to have a better definition of that risk landscape so that everybody’s talking the same language and more importantly for organizations to be able to improve upon those risks that they’ve identified, which I think is really tough today when there are so many different lenses and mechanisms by which to measure and disclose this type of risk.
Joe Kornik: Right. Well, it will be really interesting to see how it all plays out. That’s for sure. It’s evolving quickly and as you know, ESG is top of mind now for business leaders in corner offices all over the globe. We’ll see how it plays out.
Cristina, thank you so much for doing this. I enjoyed our conversation.
Cristina Dolan: Well, thank you so much, Joe. It was a real pleasure.
Joe Kornik: Thank you for watching the VISION by Protiviti interview. I’m Joe Kornik. We’ll see you next time.