The days of prevention are over: Boards should refocus on recovery and resilience, says Halcyon CISO

Joe Kornik: Welcome to the VISION by Protiviti interview. I'm Joe Kornik, Editor-in-Chief of VISION by Protiviti, a global content resource examining big themes that will impact the C-suite and executive boardrooms worldwide. Today, I'm joined by Tony Spinelli who spent his entire 30-plus-year career devoted to pioneering and advancing technology, digital transformation, and cybersecurity capabilities across the globe. Currently, he is Vice President and Field CISO at cybersecurity and technology firm Halcyon, as well as a current board member for Blue Cross Blue Shield Association and PPAC Private Bank, where he additionally serves on the Risk Committee and the Compensation Committee. Previously, Tony has been a CISO for Capital One, Tyco International, Equifax, and First Data. Tony, thank you so much for joining me today.

Tony Spinelli: Joe, it's great to be here with you. I'm excited to talk about all the things we've got lined up for Cybersecurity Awareness Month.

Joe Kornik: Right. We are recording this in Cybersecurity Awareness Month but obviously it's something that we focus on year-round and Tony, I know you certainly are. You serve on multiple boards and have been a CISO several times over. So, I know you've seen plenty of change, but it feels to me like the pace of that change has certainly accelerated. Tony, I'd be curious to hear your thoughts about whether or not you think CISOs have done a good job keeping boards informed about the rapidly evolving threat landscape and have boards been responsive enough to those new risk factors that have emerged recently?

Tony Spinelli: Yes, Joe, I think we're probably still in the early innings of informing boards and keeping boards informed. Having been a board member, I guess, over eight years now for multiple organizations and a CISO for more than 25 years at four organizations, I think we still have ways to go on keeping boards properly informed and boards really thinking strategically about cybersecurity. I think too many times what we get as board members, as we're informed about, whether it's a monthly or quarterly meeting, is what we're doing well in cyber. I think we've really got to flip the model: have a heavy dose of what's not going well and what we're concerned about. Because as board members, that's where we can really provide not only oversight but some help, right? Do you need funding? Is it a personnel issue? Do we need to think differently about the strategy that we're applying for cybersecurity? So, seeing hundreds and hundreds of decks at this point where you get information about cyber, I think you're getting 95% to 99% of what's going well and about 1% to 2% of what we're really bad at. I think that's where we as board members have to help leadership say, “Look, we know you're working hard. We know you're trying to do all the right things for cyber. Please never shy away from telling us what we're not good at and what we need more help with.” 

That's why I think we're a little bit in the early innings around that. I think some of it comes down to, in many cases, knowledge gaps. I think in some cases we're thinking about cybersecurity in terms of strategy, that everything needs to be secure. I can tell you, the definition of security in a secure system really doesn't exist. The way you need to think about cybersecurity, especially as a board member and certainly as a leader in cybersecurity that's on the strategic side, is to start thinking much more deeply about defensible systems. When you think about secure versus defensible—and we like to say, “Look, everything's secure and it's going to be great. We're very hopeful that it stays that way.”—that's just very unrealistic. If you can think about your cybersecurity systems in terms of them being defensible, I think you really have a shot, right? Because you're thinking much more about resilience. You're thinking much more about recovery. 

When you think about security, it's an old focus of cyber before 2010 where we used to think “Look, we're just going to prevent everything.” As we've seen, Joe, we have to be right millions of times a day to stay secure where the bad guys have to be right just once. So, I think as a board member to start thinking and critiquing and reviewing cybersecurity around the line of thinking about defensible, which means “What happens when the bad thing happens? What happens when a bad actor gets into our environment?” Because it will happen. The days of prevention are over as we've seen with the many headlines that are playing us today, especially from ransomware and the likes. It's really, really important that board members start wearing that defensible hat rather than secure and prevention because, really, as we're seeing today the best companies in cyber are the ones that can respond quickly, react quickly, and make sure that their systems are very, very resilient.

Joe Kornik: Right. Tony as both a CISO and board member where do you see the biggest knowledge gaps between CISOs and board members and how do we close them at this point?

Tony Spinelli: I think one of the big knowledge gaps is, we're seeing a tremendous amount of supply chain disruption, that's been plaguing us for probably more than four or five years now and has seemed to be hitting a crescendo in terms of those supply chain disruptions around ransomware. What's really intriguing about how this is coming about is we're seeing a lot of global manufacturers, fintechs, healthcare having their supply chains disrupted, if not their business operations disrupted. From a mismatch with regard to the cyber strategy and what they actually need to have in place, I think many times when we're informed about our cyber program a lot of it focuses on technology. And what bad actors are doing today is they're really exploiting the human threat vector to then move to the technical threat vector. What I mean by that is one of the biggest knowledge gaps is that these bad actors are really focused on human threat right now. That's very hard to get at because when you think of human threats, they're doing things like social engineering, phishing emails. But beyond that, some of the more nefarious knowledge gaps and challenges have been around impersonation of the help desk, where they're impersonating your help desk, calling your employees and getting information about their credentials, their passwords. If they can't get that, they're cracking those passwords. There's about a 46% efficacy rating right now that bad actors have for cracking passwords, 46% is incredibly high. Then we hear a lot in board meetings around “Well, we're going to start focus on zero trust” or “We're going to implement zero trust,” which a lot of times means how are we thinking about MFA and two-factor authentication and those things that go along with zero trust. Well, bad actors are exploiting individuals there with MFA fatigue, where they get the credential, they use the MFA and repeatedly send those messages to your phone. Eventually what an employee does to get it to go away, is they'll just click on it, right? Then you're in. Then therein is when the technical lateral movement and the ability to really start creating havoc in your environment. In many cases, what the bad actors will do is they'll turn off your endpoint protection, they'll turn off your technical controls and really provide them with a platform to either data exfil or provide a method where they can extort funds from you through ransomware and encrypting your information. That's what the number one threat vector is today, is exposing user IDs, passwords, you're really thinking about bad actors using valid credentials. That's what I think so challenging for board members and cyber practitioners today is that 98% of these attacks are being completed with valid credentials, right? Think about that. Is there a cybersecurity tool today on a piece of technology that stops valid credentials from working? No. That's really what we're up against, right?

Joe Kornik: You've given us a lot to think about in terms of risk factors. When we talk about risk factors, I think we probably have to start with AI, which obviously many companies are beginning to leverage in their core business functions. What do you see as AI's impact?

Tony Spinelli: I think AI is going to be a big challenge, and for board members is really critical to, I think, think along really four dimensions when we think about this as it pertains to cybersecurity. I think one of the most important things you could do is make sure that the leadership of the firm has a really great understanding of AI policy and practice. The way you can do that is by using the NIST AI risk management framework. It's a holistic framework that'll help you be really thoughtful about what the right policies, practices and procedures are and give you a box to make sure that you're really, really well controlled. 

Number two, I think—and this is probably the biggest one that I would focus on, and I personally have focused on with the boards that I've been on—and that's around a data governance program. I think as all companies today have a factor—with being a technology company—that you've had massive data sprawl wherever you've been. While you want to be well controlled and well managed, AI really requires a different level of data governance. You have to have really strong data modeling. You have to have really strong understanding of the uses of that data. I would really make sure that as a board member you ask to be walked through what the data governance program is, not just for AI, but what the data governance program is for the firm as a whole. 

I then think number three, as you go to the next step, as you're thinking about AI and the use cases come up, is you should have a really strong methodology for thinking about use cases and how those use cases are formed. When you get to that point, where you're thinking about specific use cases, as a board leader you want to ask about the risk assessment process, right? Is how do you have a risk assessment process built around AI use cases? Because that's going to be absolutely critical. So, if you're using large data models, you're using a lot of customer information, a lot of proprietary information, a ton of PII information, and you're going to do some very articulate and challenging things with AI with that data, it's paramount that each one of these use cases has its own risk assessment. As a board member you can go back and say, “Well, look. I looked at the use case and the risk assessment with it.” It doesn't have to be a 75-page document. It could be a two- or three-page deck that just says, “For each one of these main use cases we've done a risk assessment and here's what it looks like.” 

I think fourth, you can never take your eye off the ball of third parties. right? You don't have full control of your third parties but in many cases your third parties are either providing you data or you're providing data to them that's going to be part of that AI model in some way. So, it's going to be really, really important that you think about the risks of third parties. That's, Joe, what I would say are the four key aspects for board members to think about.

Joe Kornik: Tony, I'm curious how worried you are about the lack of AI knowledge and capabilities from both the C-suite perspective and the board perspective. Is there enough AI capability out there right now to meet the demands that the future will bring?

Tony Spinelli: No, there's really not. Joe, I think that's the one thing that's different about cyber and maybe even sometimes this risk management view of technology that boards and practitioners really need to think about is that you're going to really need more cyber talent as AI becomes a larger part of your organization, especially if you’re a cyber organization in IT and perhaps you're using less developers or less other types of technology associates. You really want to invest more in your cyber program to make sure around, like we talked about data governance, and having that talent to really understand how AI can be used to protect your enterprise and then guard against AI from an offensive perspective. I think you're going to need more talent in cyber that's much more focused on recovery and response and reaction.

Joe Kornik: Tony, you touched on something there that I think is really important and that's geopolitical developments this year have raised awareness regarding resiliency challenges and keeping core functions up and running in the wake of an attack. We've seen quite a few attacks recently specifically around supply chains. How can business leaders prepare for that? How can they be sure that they can stay resilient amid all the uncertainty right now?

Tony Spinelli: I think you need to really have a test-and-learn mentality and test the resilience and the recovery capability doing both tabletop exercises and tabletop exercises plus, where you're really testing from an attack and penetration perspective your ability to recover from a significant ransomware event or an attack on your supply chain. I think it's absolutely paramount. As you think about the global developments and the global nature of this, you've got massive, organized crime groups, and I do mean massive, thousand people plus in some cases, Scattered Spider, Akira, Medusa, Chilin. All of these are focused on business disruption and supply chains. The reason is pretty obvious. There's billions of dollars that they're extracting from those areas. And you can look at it today. There's a large global manufacturer of trucks and cars that's had challenges for weeks now due to an attack, $60 million a day, a thousand cars a week not being produced. If you think about that from a ransomware perspective and if it's a Scattered Spider or a Chilin or one of those larger organized crime groups, you know if you can disrupt a global manufacturer of that size and scale, you're not only affecting them but the pressure campaign you can bring to bear to get billions of dollars is massive because manufacturers of that size have supply chains of 30,000 companies. They are supporting each one of them to create a car or a truck for example, right? So, if you've got 30,000 vendors that are all supplying something to that large manufacturing company, it could be any manufacturer of that size and scale, the pressure campaign that one of these organized crime groups can bring to bear is just daunting to think about, right? Because if those 30,000 vendors cannot pay their employees, cannot produce capability, you're talking about affecting the economy of small countries as this happens.

Joe Kornik: Thanks Tony. I really enjoyed our conversation.

Tony Spinelli: Oh, thanks Joe.

Joe Kornik: And thank you for watching the VISION by Protiviti interview. I'm Joe Kornik. We'll see you next time.

Morgan Stanley's Rachel Wilson talks cyber strategies in new AI-enabled threat landscape

Joe Kornik: Welcome to the VISION by Protiviti interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, a global content resource examining big themes that will impact the C-suite and executive boardrooms worldwide. Today, we’re joined by Rachel Wilson, head of cybersecurity for Wealth Management at Morgan Stanley, where she’s responsible for securing all sensitive client data from theft, loss or compromise, as well as for the resilience and continuity of core business processes in times of turbulence. Prior to her nearly nine years at Morgan Stanley, Rachel spent 15 years at the NSA, where she held several executive-level leadership positions. Rachel will sit down today with my Protiviti colleague, Managing Director Sameer Ansari, Global Security and Privacy Lead. Sameer, I’ll turn it over to you to begin.

Sameer Ansari: Thanks, Joe. Rachel, thank you so much for joining us today.

Rachel Wilson: Sameer, I’m so happy to be here. Thank you so much for having me.

Ansari: Rachel, you’ve been in your current role for over eight years now and have spent 15 years at the NSA, so you clearly have a lot of experience and have seen a lot of things. We’d be interested in your perspective in terms of how you see the focus on cybersecurity and resiliency. How has it evolved over the past several years? Not only in your current position and the private sector, but overall, what have you seen companies do to strengthen and really look at the response and recovery capabilities?

Wilson: Sameer, I would bin the evolution over the last five years in the following three ways. One, certainly in the cybersecurity space, banks, financial services firms, and large companies have always been focused on the threat posed by nation-states. So, five years ago, I was very focused on North Korea, Iran, and what we were seeing from Russia. All of that is still going on, but the change in focus around cybersecurity has been all about the increase in what we would call cyber criminal syndicate activity.

If five years ago the vast majority of malicious traffic on the internet was nation-states, now 70% of the malicious traffic we see is actually financially motivated and criminal in nature. So, that has required us to change our tactics, our focus, really to be working on extending that perimeter of protection, which for folks like us would typically have been on our firms, our employees, our network systems and applications. Now we’re focused on extending that perimeter of protection to our clients, our customers, really thinking about that broader ecosystem.

When you think about resilience, I’m so glad we’re talking about this today because resilience, the level of emphasis there from our board of directors, our shareholders, our stakeholders, and from our regulators, has increased dramatically. So, this view that a cyber incident that causes a business disruption, that creates a business continuity issue, the view now is that that is not an if, rather that is a when, which is why your point around response and recovery is so crucial. Firms need to invest in all of that preventative technology in detection, but the focus around response and recovery, I’ve never seen it quite as amplified as it is now.

Ansari: That’s a great perspective. Piggybacking on that, obviously, given some of the recent geopolitical events, and obviously, you’ve mentioned the shift from the nation-state aspect to more of those that are there for financial gain. It has obviously increased awareness amongst business leaders and boards in terms of understanding cybersecurity and the resiliency challenges. How can business leaders better understand and fulfill their roles in addressing these challenges, especially when it comes to a crisis and they’re in the middle of a situation or a cybersecurity event?

Wilson: Well, Sameer, that’s exactly it. The last thing we want is leadership and boards trying to figure out their cyber response playbook in the throes of their bad cyber day. So, we see a lot of emphasis now on tabletop exercises, on actually training like you’re going to fight and doing that all the way up to your board and C-suite level. So, increasingly, this idea that while cybersecurity as a tactical exercise is the domain of technologists like us and is the focus of our chief information security officers, it’s this broader recognition, exactly to your point, that business leaders need to be deeply engaged here.

The questions that I ask the companies that I support are, “Does your CFO understand their role in a cyber attack? Has your general counsel thought about whether you are a company, an entity, or an institution that would pay a ransom if you found yourselves in the midst of a ransomware attack?” Those big existential questions are not questions for your technology teams. They are questions that we really want to see having been practiced, having been rehearsed, so that again, when that if, not if, but rather when a cyber attack occurs, leadership understands those roles and you’re not having to learn in public in the midst of those exercises.

Ansari: Yes, that makes a lot of sense. Also, shifting a little bit or maybe an adjacent topic there is, obviously, I think, while executives understand their role in terms of protecting their enterprise, obviously, the continued reliance upon third parties and their overall supply chain of their organizations. I would love to hear—because the conversations we’ve been having with our clients are really around how they are handling third-party risk management—I’d be curious to see what you’re seeing there, as companies, I think, sometimes think of it more as a check-the-box activity. How can organizations really think about this as managing their risk?

Wilson: Well, Sameer, it’s crucial, and I sadly agree with you that all too often, historically, companies have viewed their third-party risk program as a box-checking exercise, right? We’re going to go through the motions. We’re going to do that due diligence, but are we really thinking about material risk reduction? Of course, we’ve got to think about this along two vectors, right? There is the fact that many, many companies, mine included, entrust our vendors, our third parties, with huge volumes of customer, client, and frankly, employee data.

When you think about the degree to which customers and clients that all of us have, very appropriately, and for all the right reasons, outsourced many of our critical functions to third parties, if that outsourcing comes with a whole bunch of employee or customer data, are we really confident that those third parties are meeting our cybersecurity data protection, even fraud prevention standards, Sameer? So, I would argue that companies need to go well beyond that box-checking exercise.

Then, when you add the resilience components, think about those vendors, those third parties in your environment that we would consider air-and-water services, that your business cannot function without. Have we really thought about the opportunities for resilience enhancements there? Do we have true disaster recovery planning? Do we have contingency and exit plans for those vendors that maybe provide that crucial service and for which there really is no alternative?

Again, I think about those air-and-water vendors in that way, but the point you made in your question that I think is particularly crucial is the question around streamlining. The answer to improved vendor due diligence is not an infinite process. If your vendor onboarding process now consists of a thousand questions and takes a year for you to execute in the modern era, companies are not going to be successful if those are the timelines they’re looking at for onboarding a new critical vendor.

That’s the challenge, right? That’s the juxtaposition, Sameer, of how do we recognize that our vendors present potentially tremendous risk, but at the same time, streamline those risk management processes, those onboarding processes, so that our businesses can truly be agile and dynamic. I will tell you, personally, I don’t see many companies that have cracked the code on this, and it’s a question that I think we are all adding and asking of our advisors, our supporters, our consultants. We’re not there, and I don’t think I’ve seen any case where someone is really getting that balance right today.

Ansari: Yes, it really is a balancing act in terms of managing the risk and being thorough, and also balancing, obviously, the impact of third parties. I don’t think I’d be able to get through this entire conversation without turning to the next topic of the day, which is clearly around AI. So, we would love to hear your perspective on AI’s impact on security. What are some of the biggest opportunities and threats posed by AI in the cybersecurity domain, and how do you balance innovation with risk?

Wilson: Sameer, I feel like balance is our big theme today, and you’re totally right that that’s the example and really the exemplary post that we have to talk about here. What we talk to our board of directors about is this idea that the proliferation of artificial intelligence, and I would argue, combined with the democratization of very advanced nation-state-level cyber capabilities, has essentially lowered the barrier to entry to being a reasonably sophisticated cyber actor.

Sameer, we know from our history that five years ago, if you wanted to be a capable hacker, you needed an advanced degree in a technical field, you needed access to covert infrastructure, you needed a nation-state toolkit, and you needed training. There was a pretty significant learning curve to becoming a reasonable, scalable hacker. Today’s environment, we see the opposite, right? A little bit of ChatGPT, a little bit of Gemini, throw in some YouTube videos on how to use those capabilities, and these layman hackers are off to the races, quite capable in a matter of weeks.

Then, when you add AI to the overall cybersecurity landscape, what we’ve seen is that it has been a real catalyst and a real amplifier. So, now cyber attacks are at a scope, a scale, a velocity that I don’t think those of us who’ve been in this space for a long time could have imagined even three years ago. Now that’s what we’re seeing at scale. So, AI lowering that barrier to entry, increasing that scope, scale and velocity, these are attacks both on us as firms and on the customers and clients we support.

This, of course, gets to your balance. I’m increasingly of the view that the only way we defeat all of these AI-enabled threats is by leveraging more AI in our environment. So, one of the metrics that we’re increasingly holding ourselves accountable to is the idea of what percentage of the cyber attacks, attempted cyber attacks that we see at our perimeter, as loose a term as that might be, are we successfully detecting and preventing through solely automated means.

So, whether you want to call that AI or machine learning, whether you want to call that pure process automation, I’d argue that a strong cybersecurity program today is detecting and preventing 99.9% of their incoming cyber attacks all through automated means. Many vendors are getting better and better in this space, but you’re right that it’s a balance.

Then, when you add that third component, obviously, I have to give my employees AI tools in their toolkit. That’s the only way we’re going to continue to be competitive in this environment. Morgan Stanley has really leaned into artificial intelligence as an enabler for our workforce, but enabling those capabilities comes with risk in its own right, whether you’re thinking about data quality, privacy rights, all of these downstream impacts of leveraging AI in our environments. Folks like me in the governance and risk management space have got to look at all of those components to balance that innovation with risk mitigation.

Ansari: Yes, I think balance is going to be the continued theme through this discussion, because the next thing I wanted to discuss with you was really around, obviously, you mentioned AI three years ago wasn’t really as much of a topic. A lot of our attention from a cybersecurity profession perspective was around things like quantum computing, which I know Morgan Stanley is getting quite involved with as well. We’d love to get your perspective on that balance for CISOs and cybersecurity professionals in terms of balancing your basic blocking and tackling and focusing on that versus keeping your eyes forward-looking in terms of new technologies that are coming with things like quantum computing and obviously AI.

Wilson: Well, Sameer, that’s exactly it. I think your thematic here around balance is what I’m hearing from the entire ecosystem, the entire community right now. This is exactly it, right? We cannot lose sight of that basic hygiene, that blocking and tackling. I mean, even some of the vulnerabilities that we’ve seen disclosed in the last few weeks, all things that you and I have been talking about.

If we’re not responding appropriately to these critical vulnerabilities in our environment with that basic blocking and tackling, that patching cadence, that employee training, all of that table-stakes, brass-tacks stuff that we were raised on as cybersecurity professionals, I hear all too often cyber teams getting distracted by the sexy stuff. Of course, I love to geek out on the sexy stuff too, but if we’re not doing those basic things right, if we don’t have identity correctly managed, if we’re not thinking about those core table stakes controls in our environment, we’re going to miss the boat.

Now, all of that said, I think when you look at the environment around post-quantum readiness, we are absolutely in a call-to-action state. So, at Morgan Stanley, this is going to mean, for the next two years, really getting our arms around an inventory of all of our cryptographic algorithms. What I hear CISO saying is that the first step is really understanding the size and shape of your risk when it comes to post-quantum readiness, once we’ve got that inventory—and of course, Sameer, that’s at all levels, right? Our hardware, our networks, our applications, and even how we interact with customers and clients—getting our arms around that inventory so that we can really get to the hard work of upgrading those algorithms, that’s a long-term project. I know this really speaks to that balance, but I am really encouraging CISOs that we work with, don’t delay on at least getting your arms around the size and shape of your post-quantum problem, while, of course, to your point, not losing sight of that basic cyber hygiene.

Ansari: Yes. I think we’re also seeing increased conversations, obviously, with regulators as well, Rachel. So, I’d love to get your perspective on: regulators always focus on data and security, and the loss of data, but now they’re focusing a lot more on resiliency and the business continuity side of things. How do you think about business leaders’ ability to demonstrate their ability to really look at overall resilience in a way that is not just from a compliance perspective, but also adds value?

Wilson: Yes. Well, Sameer, to your point, I think this is an area where the Europeans are way ahead of us. Just a few weeks ago, we were at a regulatory conference in Europe, with regulators from all around the world, and they were asking exactly this question. So, you bring together all of these ideas, data security, cybersecurity, what does it mean to be preparing? We’re having to help our regulators understand how to regulate us when it comes to asking questions about the implications of quantum computing. Then the focus on resilience, and again, especially from the Europeans, is higher than we’ve ever seen it before.

The focus, and I think this is very appropriate, Sameer, is going beyond having a written business continuity plan and really getting to a place where you are testing those plans and assessing them for viability. That’s what I’m hearing from regulators. Don’t just give me a piece of paper that says what you would do in the event of a significant third-party outage, in the event of a significant business continuity issue, whether that’s geopolitical in nature, weather in nature, all kinds of manner of things. Show me that you’ve really exercised your game plan and that your teams understand how they would react to that, whether that’s transference, whether that’s fallbacks, or whether that’s manual processes. They want to see that you’ve actually walked the walk, not just written the white paper.

Ansari: Yes, makes a lot of sense. Last question for you, Rachel. This would be a good looking-ahead question. As we think about 2026, what do you see as the most critical areas for investment in cybersecurity? How do organizations start to prepare for that next wave of advances in technology, things that we’re not aware of today? Like three years ago, as you mentioned, we weren’t maybe even thinking about the impact of AI. So, how should business leaders and cybersecurity professionals be thinking about what the future holds?

Wilson: Well, so much of this for me, Sameer—and in this case, I’m putting on a little bit of my fraud prevention hat as well—I think it will be thinking about a world in which we all cannot be confident that the person we’re talking to on the phone, over Zoom, through a video conferencing platform is really the person we think we’re talking to. This undermines all kinds of things that I think are really existential to humanity, right?

If I can’t be confident that the customer I’m talking to, the client I’m talking to, the vendor, the third party, the interview candidate, that any of these people are really who they appear to be, that is going to be a fundamental change to how all of us do business, how we do business internally, how we do business with our vendors, and how we do business with our customers. So, I think we’re going to see a lot of investment around, really, identity-proofing all of our various channels. Whether that’s calls to the call center, whether that’s how we conduct interviews remotely over various platforms. All of that. When you look at the risks and threats in the environment, a lot of that is going to have to change.

Then you add to that these next-generation technology enhancements. So, quantum computing is an example, but many more things. When we think about wanting to leverage AI to improve the efficiency and effectiveness of our workforce, recognizing what risks and threats that potentially poses. This is certainly a time for investment. I would also say, Sameer, that this is also a crucial time for partnership. Even companies, large companies, Fortune 50, Fortune 100 companies, none of us can be doing this by ourselves. So, that reliance on third parties, I think, is only going to increase, both to support innovation and to have us responsive to all of these emerging threats.

Ansari: Rachel, this has been really a great conversation. Your perspective, obviously, from your experience at the NSA and clearly from the financial services experience, has really been beneficial. Thank you for your time today. I really enjoyed our discussion.

Wilson: Sameer, this was wonderful, and I look forward to more. Thank you so much for having me today. This was great.

Ansari: Thanks. Joe, I’ll turn it back to you.

Kornik: Thanks, Sameer, and thanks, Rachel. Thank you for watching the VISION by Protiviti interview. On behalf of Sameer and Rachel, I’m Joe Kornik. We’ll see you next time. 

ACT Group CFO: Finance partnering with sales and marketing creates strategic advantage

Joe Kornik: Welcome to the VISION by Protiviti interview. I'm Joe Kornik, Editor-in Chief of VISION by Protiviti, a global content resource examining big themes that will impact the C- suite and executive boardrooms worldwide. Today, we're exploring the future of customer experience, and I'm happy to be joined by Michael Vigario, Chief Financial Officer for North America at ACT Group in New York. He is also a board member of Green Project Technologies. Today, Mike will sit down with my Protiviti colleague, Heather Hall, Director, Digital Customer Experience and Digital Transformation Strategy, to discuss sales strategy and customer experience through the lens of the CFO. Heather, I’ll turn it over to you to begin. 

Heather Hall: Thanks, Joe, so Mike, thanks for being a willing victim in this. People are probably wondering what you and I are doing talking when you're a CFO, and we're talking about sales strategies. So, you and I have had a number of conversations over the years about the role of finance with sales, and the role that plays in acceleration. And as I thought about it, I wanted to pull the curtain back on the conversations that we’ve had out in the public. So, to set the stage, I want to talk a little bit about the role that you've played with your sales organization and how sales can collaborate with finance on go-to-market strategies. 

Mike Vigario: Yep, awesome. Thanks, Heather… and I’m a willing victim. So, all good there. Yeah, I think finance has become more and more working shoulder to shoulder with sales, which I think has been really my experience over the past eight years and even before that. It's a way for finance to show that their data-driven strategies and all the access to information that finance has can turn into actionable insights. So I think finance has, just in general, moved beyond just reporting the past and now helping to shape the future and the whole strategy of the organization. So bringing the data lens to some of those questions that you mentioned there, you know, which segments are the best potential, how pricing impacts margin and win rates… we want to win, but not at all costs, as there are bad deals, right? 

And so you may want to have a loss leader here and there, but overall, in general, that doesn't make sense. That's not sustainable business. And then how do you allocate territories for maximum impact? Does it make sense that a salesperson cover Florida and Minnesota? Probably not. Setting things up just in a smart way, so we can also be cost effective, and making sure the go-to-market strategy is built on opportunity, of course, but then sustainable business. And then, most importantly, I think we always need to remember to be able to change based on the data. So, as we take in more data, maybe it makes sense to make some changes, to make some updates. And so, I think that's important, to be able to be agile and change things when necessary. 

Hall: And it's interesting you bring that up because that's a substantial pivot from what historically has been maybe more of a lagging point of view. I think of sales historically being the one pushing and driving, whereas finance would be more “well, this is how you perform. This is the margin we’ve got,” right, as opposed to taking that proactive lens? So with that shift, how can you partner with sales to bring that level of discipline, you know, the introduction of data? And thinking about the classic things like pipeline health, the forecast accuracy. You know, you started to talk about deal prioritization, too. It's a very different role. How did you introduce that in the world?

Vigario: Yes. And kudos also to the sales team that I've been working at the table to take in some of this data and be open, which is really important. If the sales team is not open to it, then you can't really go very far. But the sales teams that I've been working with have been open to it, and so they're open to looking at pipeline data, and they understand the importance of forecasting with pipeline data, because, you know, we ultimately, we are basically PE-backed, and so having insight into our numbers and forecasts and being able to predict what's going to happen, not only talk about what did happen, is really important to us as a company and to our equity disciplines, as well. So, I think the whole organization really sees that this is important, but it all starts with data. 

So trying to get the sales team to actually put data in the easiest way possible—so removing friction through apps, through plugins, through all these different ways, so that our CRM system does actually contain the information that we need it to contain, and so it does actually have predictive ability from our conversion rates, our time to conversion, all these different types of things, and that helps us validate forecast accuracy, but also have a forecast, just in general, right? So, I think some of these things are really important. 

And then, to your point about deals, I mean, there are more and less profitable deals. And when we're looking at the customer cost of acquisition, I think that's an important metric for us to understand where we're getting profitable deals from. And maybe it's logo driven and not necessarily deal profitability driven, and so that logo can help us get more logos. And, you know, there's that whole thing, but I think for the most part, we want to prioritize having deals that do make us a healthy margin in order to be a sustainable business.

Hall: I find the role that you play at ACT really interesting because you're so integral into the entire selling process, from the point that you're concepting where to go next, as well as how people are getting onboarded through the commodities purchasing process, the whole thing; you're an integral part of the puzzle. How do you get there? And I'll strike it from two lenses: How did you, Mike, get there? How'd you build that trust in that relationship, but extending that to your peers… how should they think about becoming more integrated in with sales and with marketing too?

Vigario: Yeah, so I think it's not always easy to sell the sales people on the value finance is bringing because, I think traditionally, finance sends the invoices and collects the money. You go do your thing, and that's kind of it. But I think what we've tried to do is show that we can enable deals by, you know, if I look at the trading side of the business, enabling deals through cash usage, enabling deals through knowing what our stock levels are and exactly what type of stock we're holding so that we can go to the market and sell that, and maybe it's sell it for a particular period of time, or, you know, being able to optimize what inventory we do have.

And if I look at the SAS piece of ACT’s business, we also look at what our pricing should be. I look at competitor pricing and see when we should get discounts, when we shouldn't, and how we can continue that moving. And look at also our historical business. So historically, we've traded with 1,000 companies, and now this year, only 750 have come up so far. Why? Or the amounts we've traded with, or volumes, or the regions we've traded in, and try to get more out of those particular spots. And on the SAS side, what industries are we working with the most, and so what industries need help on this, on this carbon accounting journey that they're on? 

So we’re thinking about how we can do this with customer behavior and with the sales cycle in general, and looking at where we are now versus where we expected to be in our budget, and how can we bridge that gap? What assumptions were in the budget that were underlying, that were helping us get these numbers in the first place? And so where are we compared to that? And I think working with sales has been really powerful for me, also just in understanding how salespeople think and how I can show that I'm providing value and actually prove that point out, rather than just say “You have to listen to me,” because that doesn't really work very well. I may work once or twice, but that's about it. So, it's really partnering and showing the sales team that you do have valuable data for them. It takes a little bit of time, of course, but I think it becomes powerful in the future.

Hall: Flipping the question, and I think back to my time in industry. I wanted to stay out of finance’s office. That usually meant I was having to deal with the PO or something had gone sideways. Right? What can someone in sales or marketing do to improve their relationship with finance, collaborate, better establish those channels of communication?

Vigario: I think for us in finance, you know, we've talked a lot about data so far already, and  transparency and data is so important for finance. To pull a fast one over on finance is not really going to work, because ultimately, the buck stops here… literally. And so I think it's really important to just be transparent and collaborative, you know, sharing or even jointly constructing some pipeline data, or maybe it's the underlying CRM system has to be designed jointly. Or, you know, if we're talking about marketing campaigns and tagging customers and tagging leads, then jointly create things like that, and that helps everyone, right? Because, from finance, I can see more top of the funnel, and from marketing, we can then measure what actually works versus what doesn't work, and we can hopefully ratchet up what does work and increase our conversion rates. 

And so I think designing things like that together, focus on on what metrics, what KPIs, we actually want to monitor not only shows marketing what's successful, but shows sales what's successful, and ultimately, shows finance and our executive board what success really looks like. And the predictive ability of those KPIs—so not only your current customer base, but also what's in your pipeline and what your time to convert is, so that we can then look three, six, nine, months into the future and have some expectations of where we're going to land. 

Hall: How do you think about that balance of finance with go-to-market investment? So you guys are growing green project, and there's a lot of things going on there from a carbon accounting perspective. How do you balance that aspiration of, I think, that I can grab that next great piece with other priorities in the business, because there's a lot of other things that are going on. What's that model look like for you? 

Vigario: I think for us, it's all about ROI. So what we've done for the past 15 years, 16 years, was build the business on mostly riskless trading platform. And so that kicks off a good amount of cash. And so what can we do with that cash? How can we reinvest it into the business in order to grow the business and allow access to our core products to more and more and more customers in an efficient way? 

And so that was the Green Project play, which we worked on about two-and-a-half years ago. I was acquiring Green Project technologies in order to now go a little bit further up upstream and be able to meet our customers before they necessarily have a CSO or they necessarily have a built out sustainability function, and so helping them measure their carbon footprint, whether that be on Scope 1, Scope 2, or, which is a bit more difficult, Scope 3. And so that's really what we’re focused on, is how can we go further up the chain and be able to offer these same clients, which we already deal with, differentiated product, but also clients that we haven't even touched yet.

Hall: So let me hit you with a parting thought. Let's say that I plunked a CFO down in front of you, and I said, “Mike, I want you to look at this peer of yours and tell them what you think the most important evolution is  and how finance is going to support go-to-market strategy, with the intent of helping the CFO have the same type of impact on your on their business? What would you say?

Vigario: Yeah, I think the most important evolution has been that finance is becoming a strategic partner. And I think without that, I don't know that finance would be as exciting for me personally even. And so, it's really been an exciting evolution that I've gotten to see a good amount of, and just evolving to that strategic partner, the days of just backward-looking financials and the variance analysis and saying, “Oh, we predicted we were going to do 10, and we did six,” is hopefully kind of done. I think with AI, which we didn't really talk much about, but I think with AI, a lot of that is going to be done for you, and you're going to be looking deeper and deeper, more detailed into it and more into the future. Because ultimately, insights rule. It's no longer about just looking back and having clean financial statements, that's par for the course; it's now adding that second layer of value. 

So, I think finance now helps to underpin and drive growth initiatives, both with a view of profitability and sustainability from a business perspective. And so that's what I think has been the biggest evolution, at least for me, and has been the most exciting part, honestly. Looking at measurable KPIs, looking at predictable KPIs, we've just really moved on from looking in the past—although having clean financials and looking in the past and reporting what happened is still incredibly important—but moving to predicting the performance and really underpinning how we get there. And so, that's what I would say the biggest evolution has been. 

Hall: Awesome. Thank you for carving out the time. As always, it's great to catch up! Joe,I'm going to hand it back to you. 

Kornik: Thanks, Heather and thanks, Mike! And thank you for watching the VISION by Protviti Interview. On behalf of Heather and Mike. I'm Joe Kornik. We'll see you next time.

Security expert Tom Vartanian: Amid all the chaos, boards need to refocus on cyber and AI

Joe Kornik: Welcome to the VISION by Protiviti. Interview. I'm Joe Kornik, Editor-in-Chief of VISION by Protiviti, where we focus on issues that will impact the C-suite and executive boardrooms worldwide. Today, I'm joined by Tom Vartanian, Executive Director of the Financial Technology and Cybersecurity Center. Tom's nearly 50-year career as an attorney, author, regulatory expert, CEO chairman and expert witness on financial regulation and technology makes him uniquely qualified to advise business leaders on economic uncertainty, geopolitical risk and ongoing cyber threats and AI, among the many challenges facing business leaders today. Tom, thanks so much for joining me. 

Tom Vartanian: Thanks, Joe. It's pleasure to be back.

Kornik: Thanks for coming back. Tom. So, where do we start? How about current events: economic uncertainty, tariffs, trade wars, so much facing business leaders and boards these days. What's your advice for managing through all the chaos? 

Vartanian: Yeah, that's a terrific question. I'll answer it, both as a lawyer who's advised boards and management on how to avoid liability, because that's obviously a baseline that everybody's concerned about, and then also as a business strategist, after 50 years of advising companies in doing what they're doing and staying out of trouble, but in also creating financial strategies that work. First thing, I think you have to try to figure out is what kind of economic environment we're in. I mean, there's a U-shaped one, there's a V-shaped one, or there's a straight-line economic distress period much as the depression represented. And so I think the first thing you have to ask yourself is, what's the nature of the chaos? And I think right now, I think you define the chaos as at least involving tariffs, changes in economic policy and changes in the federal bureaucracy, and those, I think, are roiling the markets in ways that we understand they did not anticipate—because if the markets did anticipate this, they wouldn't be moving the way they're moving. And so I think there's an enormous amount of uncertainty. 

I think one of the problems I see in running a business these days is the 180-degree swings we get when you go from Republican to Democrat and Democrat to Republican. That makes it almost impossible to run a business. You know, you can't tack left for four years and then tack right for four years. And that's a problem, I think, of the highest degree here. But it's not a pass for directors to say that policies are changing so quickly we don't know how to manage the company. It's not a pass for CEOs and executives to say, gee, it's hard to manage the company. That's just life. You got to be able to manage the company. So when I talk to management and boards of directors, what I've always emphasized is, to be able to sort of balance a number of things at the same time, or juggle more than three balls. And what that means is, you have to have a defensive strategy. The defensive strategy has to be, how do we make sure, if we get these unanticipated financial consequences, that we don't fail, that we don't have a tremendous downturn in our business, that we're not surprised by the fact that we have to move manufacturing from one country to another? You ought to have plans that at least defend against any of the possible, reasonable and worst-case scenarios happening. And if you haven't been doing that, it's a little late now, frankly. 

But what I always tell management and boards of directors is to have both a defensive and offensive strategy. The offensive strategy here is, obviously, in times like this, there's opportunities. There's always opportunities when the markets are forced downward so rapidly and in such a volatile fashion. There'll be opportunities and investments, in real estate, in mergers and acquisitions, and if you're if you're one of the companies that that's ready to take care of those, take advantage of those opportunities, you're going to be in as good a shape, I think, as you can possibly be. But again, there's a defensive strategy you have to articulate, and there's an offensive strategy.

Kornik: You know, companies, Tom, have relied on traditional risk management in times of distress. But this feels different. What messaging should the C-suite be communicating up to the board right now? 

Vartanian: Yeah, I don't know what traditional risk management is anymore. Things have changed so dramatically, and to the extent that you have not been able to anticipate what's going on, I think it really, really taxes your risk management. But it seems to me, what the C-suite wants to be communicating to the board is, we are on top of this, as much as we can possibly be, we are on top of this. We may have missed A, B and C, but with the rest, we're on top of it. And here's how we're on top of it, and here's what we're doing. And that means responding to the velocity of political swings, the velocity of economic swings, the velocity of technological swings, which I think we'll get to in a little bit, the velocity to globalism versus isolationism, and what that means in terms of what's happening throughout the world. But again, I think it's up to management to tell the board, communicate to the board, “We've identified the risks, we have accounted for those risks, or we are accounting for those risks in the following ways, and we've identified the opportunities, and here's where, how we're going to take advantage of those opportunities.” 

Kornik: How about the boards themselves? Where should the board be focused, and what steps should they be taking right now?

Vartanian: What I always tell boards of directors is, it's your job to ask the right questions. And in my mind, the right questions fall into three different categories these days. First, economic; second, cybersecurity; and thirdly, artificial intelligence. I think those are the three most pressing issues that boards of directors are going to have to confront. And the problem with some of this is, I think boards of directors are pretty familiar with the economy issues, the financial issues, these things. They know the glossary of terms, and they know accounting principles are important. I'm not so sure they're as up-to-date on cybersecurity and artificial intelligence. And I think those are the risks that can sneak up on companies and boards of directors, particularly given the fact now that the government seems to be pulling back in terms of what the Trump administration is doing on people, processes, overseeing cybersecurity and what's going on in the cyber world.

Kornik: Tom, you mentioned cyber and AI, so let's go there. That's where you spend the majority of your time these days. Amazing, right? How we've sort of stuck a pin in those two issues in 2025 with everything else going on, but they're still as important as ever, right? 

Vartanian: You know, after helping companies for 50 years, or at least now the last 30, get into get into cyberspace, do business online and offer new technological products—you know, I spent another three or four years researching my book, The Unhackable Internet—and putting together my experience with what I was researching and learning about, cybersecurity, artificial intelligence algorithms, large language models and the whole thing, I really began to scare myself in terms of what I saw in practice, which was a pretty understated approach to cybersecurity by most companies, and where that could lead in terms of cyber-attacks, intellectual theft and the like. And so I really believe that we are at a tipping point here in cyberspace. Because, look, if the Trump administration pulls back on some of those areas, I know what the watch words are, because the government has written about this for the last 20 years, and that is, let technology be technology, so we will be number one in the world. The problem with that is, there needs to be a balance. Because while there are enormous benefits to technology in everything from healthcare to traffic control, enormous benefits that will that will make the quality of life so much better for people, there are enormous detriments. 

I mean, if you just look at something like cryptocurrency, it is now financing the largest scale of crimes across the globe that we have ever seen, and the most heinous sorts of crimes, frankly. And so there's got to be a balance between the good and the bad. And I think that's the role the government has to play. The government can't really control cyberspace, because it doesn't belong to governments, right? If you look at 95% of cyberspace, it belongs to corporations and individuals. So those individuals have to be smart, those corporations have to be smart, and they can't sit there saying, gee, if the government lets this happen, it must be okay, because that's not the answer. If the government lets this happen, someone must be protecting me. They're not. If the government's letting this happen, this is safe. It's not safe. 

And so we started in 1969 with an internet that was handed off by ARPANET to four universities to help them trade information and research, and that is the internet that we've built everything on since 1969. It wasn't secure in 1969, and it isn't secure today. And what I typically say in the number of my speeches is, if we wanted to build a way for our adversaries to take maximum advantage of us, we would build the internet we have. You know, why are we swimming in the same cyber waters with Russia, North Korea, Iran, China? I mean, that just doesn't make any sense to me. And so that's a fundamental problem that's only getting larger, because experts will tell us that we're building invulnerabilities twice as fast as we're building the solutions. 

So where did all that lead? It leads with governments coming together to encourage businesses and individuals to look at cyberspace differently. There needs to be real authentication, there needs to be real forms of government, and there needs to be real enforcement. Until we get that, I think we're all in peril in terms of what we're doing online and who's looking at it and who's got access to it, and that's only getting worse now. Well, the benefits are getting better and the risks are getting worse because of artificial intelligence. 

That's another area where businesses, individuals and the government can't say, let's let it go on there by itself and do what it's going to do so we don't, we don't inhibit its growth. Because at some point AI, particularly when AI is coding AI—I mean, we're now talking about all the coding for AI, and everything software being done by AI. Look, at some point with the emergent capabilities and the generative capabilities that AI has, and to the extent it begins to think for itself, it's going to do what its programmers do in those situations. It's going to take care of itself, right? It's going to look at its own best interests. And we get to that point, and I think we've crossed the line we can't go back on.

So from the point of view of corporations looking at this, I would say you have to evaluate these two things from the risk point of view, not just the profit potential you get from these things, and understand that unless we put in some controls now at the corporate level and at the government level, we may lose control of artificial intelligence at some point. And that's not me saying that. That's the experts in the world.

Kornik: Well, thank you Tom. I appreciate the conversation, and thanks for the time today, as always, incredibly insightful. 

Vartanian: Thank you, Joe. 

Kornik: Thanks, Tom, and thank you for watching the VISION by Protiviti interview. On behalf of Tom Vartanian, I'm Joe Kornik. We'll see you next time you.

Microsoft GM of Global Advertising: AI-driven personalization will fundamentally reshape CX

Joe Kornik: Welcome to the VISION by Protiviti interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, our global content resource examining big themes that will impact the C-suite and executive boardrooms worldwide. Today, we’re exploring the customer experience and we’re thrilled to have Carol Phillips Hutchinson, general manager of global advertising at Microsoft, where she leads a creative team that develops and articulates the overall advertising strategy worldwide. Today, she’ll be speaking with my Protiviti colleague, Greg Hunter, director, digital media, media, experience, and creative. Greg, I’ll turn it over to you to begin.

Greg Hunter: Thanks so much, Joe. And Carol, thank you for joining us today for this discussion. 

Carol P. Hutchinson: Oh, I’m happy to be here. I appreciate you asking me for it. 

Hunter: Of course, it’s fun to be talking with you, you know, for as long as we’ve worked together and partnered together. So this is super fun for me as well. So we’re talking about customer experience and obviously, you know, you’ve been at Microsoft for over 30 years now, which is crazy to see how time flies, right? 

Hutchinson: Yes, that’s for sure. 

Hunter: I’m just curious, how have you seen over time customer expectations have changed, you know, when you consider the customer experience of your customers at Microsoft?

Hutchinson: Well, you know, if you look at kind of the evolution of our—even our products, marketing aside, you know, we used to ship our products in a box and you’d go to the store, you’d bring home a box, you’d upload, ton of floppiness. I’m really aging myself. Then you would have that kind of one-way experience with Microsoft providing you with whatever tools you’re using and you would have that experience within and you might wait a handful of months for an update or a patch or what have you. And we’ve gotten to the point that we have this kind of, we have this relationship back and forth with our customers. We’re not just presenting products and our marketing for them to consume, but we really are having much more of an interactive sort of relationship with them. From product perspective, this enables us to build stronger products to meet our customer needs. From a marketing perspective, it’s incredible. It gives us so much more fidelity in terms of what we know about our customers and what sort of relationship we can have with them when we think about how we want to connect with them from a brand perspective or a product perspective. 

Hunter: Interesting, do you think part of that, those expectations, how they’ve changed, also reflect your ability to do hyper-personalization for those experiences just with the real-time data and just how they’ve experienced the brand and all you know about them? 

Hutchinson: Yes, yes. I mean, we have this level of understanding of our customers that we’ve never had before. We really have an incredible level of depth of who they are. We’re not just reaching them on a very broad basis, but we know if they’re using our products in the office context, or if they’re using it in the personal context, or if they are a healthcare information worker. We have such an incredible understanding based on our ability to touch and understand where our customers are at that we can also have a much more relevant message to them from a marketing perspective. 

Hunter: It’s exciting to see that transformation happening at such a feverish pace and your ability to really develop those relationships, but it also creates this challenge with those changing expectations. So, as I think about the customer experience, it’s increasingly complicated because you’ve got your brands, platforms, channels, technologies, you name it, the proliferation right now of how AI is evolving almost daily in some ways. How do you approach that pace of change being so great with your ability to meet those customers’ needs and keeping up with the adoption of these technologies just to further that relationship? 

Hutchinson: Yes, I mean, I think we probably all feel like we are not doing enough and not keeping up enough. Although, when I kind of zoom out and I talk with colleagues across other industries and so forth, I’m like, oh gosh, we really, we are pretty front-footed on all this stuff. But we really look to lean into AI and other technologies to really help us move faster and scale. We have the ability to reach customers in so many different touch points and so many different life stages across so many different platforms, enables us to really get focused on where they’re at and meeting them where they’re at with messages that are relevant to them. But with that comes, as you talked about, an inherent complexity. You have all of these channels you’re leaning into. You have all of these different customers within the channels. You have different product sets within that you want to communicate with. So how do you really keep up with all of that? We’ve really needed—we’ve really leaned into not only kind of internal tools, but external tools and partners to really help us meet kind of the breadth and depth that is necessary in today’s media to be relevant and really connect with our customers. 

Hunter: That’s great. I think, thinking back about a recent conversation that we had, you had mentioned something about inspiring, or these customer use cases being inspired by users. Can you talk a little bit about what you mean by that and how that comes to life with creating a customer experience? 

Hutchinson: Yes, I mean, again, as you had noted at the beginning, I’ve been around for a while. So in the prehistoric days when I started doing this sort of work, we had good thoughts and we had good ideas for how customers would be using our products. And we do user studies and what have you. But we now are able to take a look at our user logs and really get a sense for how these products are being used and how, and it’s these sorts of actual use cases that people are using our products for that really inspire the work we do. We’re hitting these customers, they’re downloading the products and using again, and when we can continue to kind of educate and give them reasons to come back and utilize the product again and again, that’s a win across the board. That’s educating our customers on different things they could do with our products that they may not have known. Also it helps from a business perspective and a product perspective of getting richer usage. And so we find our ability to really connect marketing with product now has increased substantially and it’s kind of a virtual feedback loop to really help us develop better products for our customer needs.

Hunter: So we talked a little bit about personalization. AI clearly has come up in the conversation, but taking the two of those together, I’m curious, how is AI-driven personalization transforming that customer journey? 

Hutchinson: Yes, I think AI driven personalization is fundamentally reshaping the industry. I mean, it’s shifting it from a more generic and linear approach to a much more dynamic and predictive and tailored approach. So whether it’s surfacing the right product or guiding the workflow, it enables us to meet customers in relevant moments and enables us to really scale that engagement as well. But with this sort of power also comes responsibility. So we know that privacy has always been paramount to us, as has trustworthy computing. So that is something that is a part of our DNA. As data is the foundation of AI, our priority is to also ensure that our customer’s data is protected and compliant throughout all of our touch points. So that’s something that is top of mind. We have really, really smart guardrails throughout the process to ensure that we are using everything appropriately. Trust is paramount to what we do. It always has been. It’s not worth compromising that for how we bring customers. 

Hunter: It’s hard to build a relationship with a customer you don’t have trust to begin with. It’s pretty much impossible. So let’s switch gears for a second because I know this is near and dear to your heart in particular is about brand. How do you balance both brand marketing and advertising with product and thinking about the users and conversions? I guess, really focusing on that upper funnel of awareness to the lower funnel of conversion. How do you balance the two? 

Hutchinson: I mean, balancing brand and product isn’t just a marketing challenge. It’s a strategic imperative, right? So we don’t think of brand and performance efforts as separate. They’re really part of that connected user journey. So if we’re doing our product advertising right, we’re also lifting that brand. So that is something that we always keep in mind with the work that we’re creating. But to your point, there’s been, especially in the past couple of years, a definite favor to kind of that performance level and being able to see immediate ROI on everything that you’re bringing to market. We’re no different than I think most any other companies. We love to see that. We love to be able to see those immediate results. But I think the key is this marketing funnel all has to work together. So in order for that to work as efficiently as possible and that performance layer to work as efficiently as possible, it is much more effective when you do have all of the funnels working together, including the upper funnel to kind of build a broader, to speak to a broader set of customers and then ideally pull them through the funnel. But it’s always, it is balancing act.

Hunter: Absolutely. I would imagine too, that it requires advocates at the senior executive level that believe in brand to also fund these activities. 

Hutchinson: Yes, that’s right. That’s right. I mean, I think across any organization, having that leadership that does believe in marketing and does believe in the value of brand building is really paramount to the success of, I think, any marketing team to ensure that, not just the kind of short-term results are in mind, but as we look ahead and look to build for the future of the brand and our future customers that we look past that as well. So again, I think if you can get all of it working simultaneously together, that’s really the sweet spot. 

Hunter: Well, when you figure that out, will you let me know? 

Hutchinson: Yes, you bet, you bet.

Hunter: Working in concert together like that. 

Hutchinson: It will be my next business idea. 

Hunter: Right. [Laughter] So the last question for you before I let you go. So given all that we’ve discussed and you just mentioned, thinking about the future, what should business leaders, and as you think about your leadership team and stuff, what should we expect over the next two years? 

Hutchinson: As I look ahead, I think that personalization and customization of messages are going to be more and more rich and we are going to be able to touch customers in ways we have never done before. I think ensuring that you foundationally are set up well and as you know, the better organized you are and foundationally secure you are, you can use that foundation to really build your AI solutions and your marketing against, that is critical to have that sort of really relevant set of content and assets. It’s challenging to build and learn and build and learn from that. So I think thinking strategically about not just what you need to accomplish this quarter, but what you hope to accomplish five quarters down the road is really critical to that thinking to ensure that you’re prepared for tomorrow.

Hunter: Absolutely. Well, this has been a great discussion. I so appreciate your time.

Hutchinson: Likewise, Greg, as always. Appreciate it and you, and it’s been so incredible to partner with you over the years. So I look forward to more ahead.

Hunter: Thank you so much. 

Hutchinson: You bet. 

Hunter: With that, Joe, I’m going to turn it back to you to take over from here.

Joe Kornik: Thanks, Greg. And thanks, Carol. Thank you for watching the VISION by Protiviti interview. On behalf of Carol and Greg, I’m Joe Kornik, we’ll see you next time.

Samsung Chief Design Officer Mauro Porcini: Human-centric design ignites user experiences

Joe Kornik: Welcome to the VISION by Protiviti interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, our global content resource examining big themes that will impact the C-Suite and executive boardrooms worldwide. Today, we’re exploring the future of customer experience, and we’re thrilled to be joined by Mauro Porcini, President and Chief Design Officer at Samsung, where he oversees a global team of 1,500 designers. Mauro hosts the “In Your Shoes with Mauro Porcini” podcast and has been a presenter and judge on the TV show “New York by Design” and “America by Design” airing on CBS and Amazon Prime. His most recent book is “The Human side of Innovation: The Power of People in Love with People,” published in 2022. Prior to joining Samsung, Mauro was Chief Design Officer at PepsiCo and 3M. Today, Mauro will be speaking with my Protiviti colleague, Managing Director Alex Weishaupl. Alex, I’ll turn it over to you to begin.

Alex Weishaupl: Thanks, Joe and hi, Mauro. Thank you so much for being here today.

Mauro Porcini: It’s really a pleasure. Thanks for having me.

Weishaupl: Absolutely. So, one of the things that digital, in particular, I think, has done over the last decade or two has really, absolutely proliferated the number of touchpoints and surfaces people interact with regularly. So, I’m going to start with a softball question. As people interact with brands across an increasing number of touchpoints, how are you seeing the role of brand identity, user experience, and ultimately, product innovation evolving or maybe more specifically, what is the role that you’re seeing that design plays in that emerging future?

Porcini: Well, very interesting question in this specific moment in time. It’s more important than ever. The role of design today is more important than ever for a variety of different reasons. First of all, the way we build brands today is so different than just 10, 20 years ago. You mentioned it earlier. We’re moving from a world where brands were communicating top down, one direction, with specific messages to people that were passively receiving this information, to a world where instead there is a dialogue. So, these brands are moving from being actors of the conversation most of the time to becoming just topic of the conversation happening amongst people. Because of this, they’re also moving from the ability to buy the right to talk to people, to the need of earning the right to be talked about. So, from buying, the more money you have the more presence you can buy in the media, to earning. Eventually, you don’t even need huge amounts of money, big budgets to be relevant in the conversation amongst people. You need meaningful content.

So, this is changing the way you interact with people and therefore, first of all, the way you build experiences — and design has a very, very important role in this — needs to change. It’s becoming more and more relevant. For instance, you go to a store. In the past, you were just going there for a financial transaction, to acquire, to buy a product, a brand, a service. Today, you can build those brands in those stores. People, if they are excited about what happened, their experience, their living, they can take out their cell phones, take a picture, take a video, share it with the rest of the world, become your ambassadors. It’s user-generated content. In a world where communication moves at the speed of light in social media, you need to be very impactful in delivering the message, and we study in semantic that the message itself is not enough to define the meaning of your communication or what you’re trying to say with your products and your brand. There is another element that is called “the code” in semantic that is the visual element that is super important. So, you’re scrolling your images and the different brands and products and services in your digital platforms. If you have the right aesthetic, if you have the right identity, the right visual language, you’re going to grab the attention of these people, you’re going to be impactful, you’re going to be meaningful. If you don’t, even if you have the right message, the right proposition, the right service, you’re going to be neglected by people. 

Then last but not least, you need to keep innovating. The world is moving at the speed of light, so you need to keep creating something meaningful for these people. And so the only, the strongest competitive advantage you can build for your company — I say the only because it should be the primary competitive advantage — is human centricity: care, love for people. I call these innovators the real innovators, people in love with people. That’s the driver. Everything else follows that kind drive and is not something you create through a project. It’s something you need to drive through the entire culture of the organization. 

Design is a community that embodies that idea of caring for people, love for people. This is what they teach in school, to care for people. In business school they teach you to grow a business, a brand. You can be an amazing business leader if you are able to grow the business and the brand. In design school, they teach you to care, and then they tell you, “By the way, you also need to make money for your company.” So, you need to understand other variables, the three lenses of design thinking, the business world, the technology manufacturing world on top of the first world that is the world of people. Today, we need that kind of culture in these companies. It’s design culture, but it’s a culture of human centricity that needs to be spread to every single function, vertically from the CEO to the entry-level employee, and transversely, across every capability of the company.

Weishaupl: It’s funny, I recently returned to your book, “The Human Side of Innovation,” and that notion of people in love with people or that — I’d say my read of the theme was almost impactful innovation really comes from people who care deeply, who design with human needs at the forefront. How do you get or help an organization’s culture and values align better with a brand’s external customer promise, and as part of that, maybe specifically, what kind of challenges have you seen where there’s a disconnect between the two, where that obsession just isn’t fully there?

Porcini: Look, I think it depends on the industry. In some industries, this is pretty obvious. This alignment is there to see. As an example, in the fashion industry, you see the employees of fashion, luxury brands embodying exactly what the consumers, the customers are looking for. You see that also in sport. If you work in Nike, in Adidas, even in products that are not related, belonging to the apparel world, like in PepsiCo, the Gatorade brand, that is brand really focus on the world of sport and that kind of customer. In those worlds, the people who work in those companies reflect the values, the behaviors, even the look and feel of those customers and consumers.

In many other industries, they don’t, and they don’t need to, but they need something very important, and this is true for both industries: they need to care. They need to care for real. Once again, we call it “human centricity,” “people in love with people.” What does it mean? Look at the customers in front of you as you will look at your daughter or son, your children, your parents, your friends, people you care about. If you do that, the first thing you try to do is to put yourself in their shoes. We call it “empathy,” right? I mean, from the Greek “empathos,” you put yourself inside the pathos, the soul of these people. So, it starts with this care and that ability to really understand deeply what drives these individuals. So, you need to build that kind of culture inside the organization. 

Now, what are the biggest challenges? Often, companies talk about human centricity. Sometimes they use the word “consumer centricity” as an example, and they confuse these two approaches with what consumer insights function does. So, they start to collect a lot of data. Now we live in the world of data. We have really the ability to dissect the customer base with the capillarity, with the precision, with the focus that we never had before. That’s great. That’s great. But a lot of people think that consumer centricity, human centricity is just knowledge, insights, data about the people we serve, and that’s the problem. It’s not. It’s the beginning. You need that, but then you need to care. You may have a lot of information about your customers, but you’re like, “You know what? I don’t care. Our brand is so strong. It’s very profitable. We are the leader in the market,” and this is the biggest mistake you do often. When you are successful, you are paralyzed by the success, and you stop caring, observing and caring. And that observation and care push you to innovate even when you are successful, especially when you are successful because you have eventually more resources to do it with and you have less pressure. So, you need to care. 

Now, even that is not enough. You may understand what you need to do. You may care about this, but then as a leader in the organization, you may eventually not have the courage to act on it because innovating, changing, especially if things are working well, is risky. So, you need also that. This is what you must be intuitive about. Then finally, well, let’s say you have it all. You have the courage, you act, and then you screw up. You need two things. First, try not to screw up, so you need knowledge, skills. You need leaders with specific kind of skills that make the difference. Then the third thing is, if you do screw up — and you will screw up sooner or later — I mean, this is statistically certain, we will make mistakes in the future. I learned that in design school, in the study of ergonomics where when you design the cockpit of a plane, of a train, they take into account that there will be a human mistake for sure. There is no doubt. It’s going to happen sooner or later, so you have a series of backup systems to manage all of this. So, companies should understand that if you invest in change, transformation, innovation, you’re going to screw it up in multiple instances, and therefore you need a culture that protects the ability to make mistakes, that doesn’t crucify the people making these mistakes. They learn out of those mistakes. So, all of these create the right culture that is really human centric and is really in sync with the values of the customers and the consumers that we serve every day.

Weishaupl: I love this idea of failing of really figuring out how to fail gracefully, both at the organization and at the individual level because you’re absolutely right, that risk is going to have failure. It’s almost a given after a certain point in time, but how you recover, again, both as an organization and as a set of individuals who work together is absolutely massive.

Porcini: Now you learn out of it. I mean, failure has been celebrated by many platforms. I remember multiple articles in our business review just to mention one of many. Everybody understands by now that you need to fail here and there to succeed. I come from a science company. Many years ago, I used to work at 3M. Scientists know very well that to arrive to one innovation, one patent, they need to do thousands of experiments. What scientists call “experiments,” the business world calls “failures.” You need a company with the right culture, the right financial algorithm, the right organization to embrace experimentation. By the way, if we start to call them “experiments” instead of “failures” and we manage them in the right way internally, but also externally, when we face customers, shareholders, the media, then we’ll be able to build the culture that foster innovation in a much more powerful and effective way.

Weishaupl: That’s fantastic advice. I do want to shift to one area that you started to bring up around data. I guess one thing I’m curious about is, as data, and AI, and automation, and personalization and ever more kind of data-driven capabilities become more embedded, both in business operations and in customer interactions, how do you balance efficiency and scale that those technologies can provide with, to your point, that ongoing need for empathy and for human connection? How do you get those working together and not in tension? 

Porcini: Well, first of all, you used the keyword that is the most important one is “balance,” right? Let’s start remembering that these are just tools, so the key priority is that these tools are designed to serve us as humans, and they need to be used by humans. Whoever designs those tools, is in charge of those tools, needs to keep that in mind all the time — human centricity, how to frame those tools that are becoming more powerful than ever today, true purpose, true high-tech, true care for the people that they serve, how we design everything, to make sure that they stay at the service of the humans. 

I will divide, especially talking about AI and new technologies, the world in front of us in the coming decades in two phases. One is the transition phase, and the other one is where we land really, these technologies in full maturity. In transition, the role of humans in managing them is huge, is huge because you need critical thinking, you need the ability to interpret information, to build a prompt, to manage all these technologies in ways that are meaningful and relevant to all of us, to companies, to the customers, to the people out there in general. So, this balance is key. What we need to understand, though, in any profession that we have is that our roles will evolve. The way I’m designing today is going to be different than in 10 years. I remember, I studied in the ‘90s design and computers, softwares were arriving. A lot of people were like, “Oh, my God. I’m going to lose my job.” Well, you do lose your job if you don’t upgrade your skills. Typographers that were using the ink or people that were making mockups in a certain way, yes, that job is gone, but you doing that job, you can learn the new tools, and you can be as relevant as ever. 

So, the first thing is, embrace new technologies. As soon as AI started to show up or new technologies in general, instead of rejecting them, I pushed my entire organization to be the pioneers of the use of AI. Now, it’s not easy. We love to stay in our comfort zone. Newness, innovation, different things scare us, so a lot of people won’t do it. So, if you’re the CEO of a company, make sure that you build that kind of culture, make sure you find the right leaders that embody that idea of experimenting with new things so that the entire organization can follow. 

Now, this is true until AI will reach a level — AI robotics, a series of technologies — where they will be able to replace completely humans in their jobs. If they’re able to replace humans in society, that’s another issue that we don’t want to talk about today probably. Now, we shouldn’t be scared about this. It’s a dream. I mean, we invented tools in the prehistoric times because we needed them to be more efficient, more effective to protect ourselves and serve our needs in the best possible way. Imagine a future where we have machines that do our jobs. That’s amazing. Now, the innovation project, though, becomes a different one. We need to start today thinking, what is going to be the society of the future? If we’re going to lose many, many, many jobs around the world and people will be free to invest their time in something even more meaningful to them, something that drives their happiness — at the end of my book, I talked about three dimensions that drive happiness. One is investing in yourself, who you are, your identity. For sure, your job is important. What can you do beyond your job to define yourself so if you lose your job, you don’t lose yourself? Second is, investing in people close to you, your family, your loved ones, your close community, including, by the way, work, your close colleagues. Freeing up time, you will have more time for your family, for your friends, for all of this. Then the third dimension is doing something bigger than you, something that you can use to defeat death, to become immortal. Again, if you don’t have to work from morning to night every day, you will free up time for that. So, for our society, that’s great. We’re going to see the indexes of happiness in society rising. Actually, where countries where the highest level of business effectiveness, countries with that high level of business effectiveness, with index of happiness very, very low. So, AI can do the most human thing of all, giving us back part of the happiness that we lost over time. But to do that, the innovation project is to understand what is going to be the society of the future when there will be less jobs. And this is an innovation project for governments, also for companies, and then for any individual that wants to have a voice, a perspective, a point of view and share it with the world. We talk about social media a lot today. We have a platform. Anybody has a platform. So let’s start to think collectively how to redesign a society where machines will be at our service, and they will drive happiness.

Weishaupl: I look forward very much to that future. I guess to bring this full circle, one last question for you. If you could give one piece of advice to a business leader, what would you tell them to prioritize or cultivate in their teams to have the best chance of staying relevant and successful and ultimately innovative in the marketplace of 2025 and beyond?

Porcini: Well, first of all would be, focus on your teams. I mean, you mentioned it. That’s the frame of your question, but many business leaders don’t. I mean, yes, people, they have HR, they have values, they have leadership attributes, but they focus on other things. I think that the most important thing to focus on is people. Now, people are — not just the technical and their skills, but the soft skills today are more important than ever. In a world where it’s so difficult to be competitive, where you need extreme efficiency and effectiveness, you need to really understand in-depth what are the characteristics of these individuals so that you can nurture them in the best possible way. 

In my book, I talked about 24 different characteristics. We don’t have the time today to go through all of them, but I will mention a few. Some are more obvious in the world of entrepreneurship and innovation. For instance, the ability to dream. We’re all born with that ability. As kids, we dream, we fantasize, and then society tells us at a certain point that dreaming is not okay, it’s childish actually, but you keep dreaming. You go to school, you get out of school, you go to these companies, and you think that you can change the company, you can change the brand, you can change the industry until sooner or later a manager or multiple managers come to you and tell you, “Stop, stop. That’s so naïve. Actually, it’s even arrogant. Why do you think you can change anything? Nobody was able to do it before?” So, we start to think that dreaming is wrong, that is childish and naïve. Very few people maintain and preserve that ability to dream. They are the real innovators. 

Now, dreaming is not enough. You need to dream, but you need in parallel to be able to execute, to make things happen, and you need to do it fast. So, these three dimensions, dreaming, acting and doing it fast by prototyping, failing, learning, prototyping again is not common in organizations for a variety of different reasons that I’m sure the people listening to us today are very familiar with. Again, when you talk about innovation, entrepreneurship, these are values that are pretty much obvious. 

There are others that people don’t talk too much about — kindness, optimism, curiosity. These three in particular are being really, really important in my professional journey, the curiosity that pushes to learn, to see any interaction as a potential opportunity to grow. Curious people love to read, to travel, to interact with people, to interact especially with strangers, actually, to interact especially with people that are different from them. Curious people love diversity by definition because they know that in diverse people, in people different from them, because they have different political views, different colors of skin, different religious view, in that difference, there is the precious gift of knowledge. There is a perspective that is different than yours. My perspective, combined with your perspective is going to generate a third, original, innovative, new perspective that didn’t exist before, and that’s the real value. 

Curiosity, optimism. If you try to change a company, a brand, society, the world, you’re going to face roadblocks, difficulties all the time. You need people that have the kind of optimism inside, but then you can also amplify that. When you are in a very difficult moment, look back, and enjoy, and celebrate, and appreciate the progress, everything you came from, even the mistakes because you learn so much out of that. That will give you also the awareness that that difficult moment you are in actually a month is going to be a moment of growth. You’re going to learn out of it, and you’re going to project yourself towards the future. 

Now, the second thing you need to do, you need to have the dream because that dream will give you the excitement to go on and the resilience to overcome all kinds of roadblocks. Finally, kindness. We are told often the opposite. Kindness is a weakness, and you need to be tough and mean, a little bit of a jerk to succeed. That’s so wrong. Eventually, it worked better 10, 20 years ago, but in today’s society where you need to be hyper efficient, where competition is extreme, you need every part of the organization to really work in total sync, in full effectiveness, to build the company of the future and the solution for your customers of the future. Kind people drive trust. Often, we talk about trust in companies, but trust comes from people who really care. They are nice to each other. They are kind to each other. They love each other. So, kindness is the foundation of trust and is, at the end of the day, foundation of a new form of productivity. 

When we talk about productivity in these companies, we talk about laying off people, cutting resources, A&M and variety of different investments. We rarely talk about investing in productivity by amplifying the level of kindness and trust in the organization. For me and our design organization over the years across multiple companies, this has been really, really an incredible driver of growth and efficiency.

Weishaupl: Mauro, thank you so much. I could talk for hours but thank you so much for your time today. This has been really, really enlightening for me, and I hope our viewers enjoyed this conversation as well. I’m going to hand it back to you, Joe.

Kornik: Thanks, Alex and Mauro, and thank you for watching the VISION by Protiviti interview. On behalf of Alex and Mauro, I’m Joe Kornik. We’ll see you next time.

Global market trends and consumer expectations with the Economist’s Barsali Bhattacharyya

Joe Kornik: Welcome to the VISION by Protiviti Interview. I’m Joe Kornik, Editor-in-Chief of VISION by Protiviti, our global content resource examining big themes that will impact the C-suite and executive boardrooms worldwide. Today, we’re exploring the customer experience. I’m thrilled to be joined by Barsali Bhattacharyya, Deputy Director for The Economist Intelligence Unit and Global Lead for the Consumer and Retail Sectors. Barsali is one of the Economist’s leading voices on geopolitical and macroeconomic trends, and how they will impact consumers and businesses. Today, she’ll be speaking with my colleagued Bryan Comite, Managing Director and Leader of Customer Experience Strategy for Protiviti Digital. Bryan, I’ll turn it over to you to begin.

Bryan Comite: Thanks very much, Joe. Barsali, thank you so much for joining us today.

Barsali Bhattacharyya: Thank you very much for having me. I’m glad to be here.

Comite: I’m very much looking forward to the conversation. Maybe we’ll start with a first question about, based on the current economic situation, how are things looking for consumers in 2025?

Bhattacharyya: Thank you. That’s a really good question. I’m going to answer that by taking a step back and going back to 2024. At The Economist Intelligence Unit, at The EIU, we have a practice where every year, in the second half of the year, we analyze the outlook for the coming year for countries and industries that we cover. So last year, in 2024, when we conducted this exercise, our 2025 forecast for retail sales and consumer spending appeared broadly positive. The US had experienced quite a strong growth in 2024 and we anticipated some of that momentum to continue into 2025. 

On the other hand, in Europe, we expected a recovery after a slow 2024. In fact, China was the only region where the outlook for 2025 seems somewhat sluggish. Now, we did, however, at the time identify a potential change of administration in the US as a key risk for this outlook. About six–seven months later, I think those risks have materialized with US President Trump announcing some sweeping policy changes, which primarily marked by tariffs against key US trading partners, and that has led to create a certain level of uncertainty while we wait and watch about how things are going to unfold.

Comite: So, if you think about that then, looking beyond the US, how will other markets be affected by these events?

Bhattacharyya: Given the state of uncertainties, one way of thinking about which other economies are going to be affected and to what extent, is looking at which other countries that are quite export-dependent and, in particular, which have high level of trade dependency with the US, so who export a lot to the US, because they will obviously be quite affected by the tariffs. Again, I think Asia stands out in that regard. It’s been, over the past couple of years with some slowdown in the western market, Asia has broadly, for many global consumer companies, been a standout market which has offered a lot of opportunities. There’s a whole bunch of reasons there, emerging middle class, and most notably a lot of economic growth over the past few years in Asia, which has, interestingly, mostly been driven by growth in the manufacturing sector. So, if you look at countries like China, Vietnam, even actually Japan, which are quite sizable manufacturing sectors, so these are some of the countries that are going to be affected. 

Looking across the rest of Asia, India, of course, stands out as another economy where there’s already been a lot of momentum about increasing consumer base, a lot of middle-income consumers who are looking to spend, looking to have a better lifestyle, looking to travel. Lots of opportunities there. Again, so far in comparison to many of its Asian peers, India is slightly better positioned with the trade war. It’s one of the countries that might benefit from the China Plus One strategy that a lot of businesses already have in place. Those would be some of the markets to look forward to.

The Middle East as a region is also — you know, countries like Saudi Arabia and the UAE which are big and rapidly developing consumer markets — I think those also offer a lot of opportunities. With Europe, again, the picture is going to be quite mixed, where a lot of tourism-dependent economies might be doing better than export-dependent economies like Germany.

Comite: Thank you so much for that detail and perspective. It’s very interesting to see how the regions are responding and reacting and what some of those outlooks look like. I’d love to shift gears a little bit with you. With that in context, what are the kinds of experiences that consumers are most valuing right now?

Bhattacharyya: There’s going to be a lot of caution among consumers, but we think there will be people looking to treat themselves. The consumers are going to look for opportunities to treat themselves from time to time. I think those are the kinds of opportunities businesses probably need to look for and make the most of. Again, the basics — if you think at what consumers are going to be spending on — the basics are probably going to be fine. They have to spend on essentials, but they are going to be looking for more value. I think that’s probably something for businesses to keep in mind that, sure, prices are probably going to go up for some products, but how do they stand apart from other competitors? There’s going to be probably price wars among businesses as they try to retain their consumer bases. How can they position themselves differently from their competitors and make sure that consumers see value in them?

Comite: Barsali, do you also see, based on the connection back to the conversation around the macroeconomic drivers, that there will be regional differences or trends in the behaviors of the consumers that you’re seeing based on your research?

Bhattacharyya: Yes. I think that’s right. Again, looking at what’s happening around the world, we are probably heading towards a situation where goods might be priced very differently across markets. Companies are probably going to adopt different pricing strategies. That means that the economic impacts to consumers are going to different. The price raises, inflation trends that they see are going to be quite different. I think there’s also going to be factors to watch around tourism where we are going to see a lot of spending. Again, there would be variations in regional trends that we see. For example, we have already seen a slowdown — we are starting to see a slowdown in incoming — in tourist arrivals to the US in response to geopolitical events. Since the pandemic, we have seen an increase in tourist arrivals in the Middle East, in countries like UAE. Again, those kinds of trends are going to continue.

Comite: Absolutely, Barsali. Super helpful to think about all of these interconnected drivers that are impacting the customer experiences. I’d love to get your perspective on the role of emerging technologies. Artificial intelligence or AI in these emerging technologies and the pace of change. How do you see that impacting the customer experience over the next two to three years?

Bhattacharyya: Right. That’s a very important question, and I think especially relevant for the consumer and retail sector, because these companies have been quite at the forefront of using new technologies. For quite a while, we have seen consumer and retail businesses using AI and ML technologies at the backend, in their supply chains, and ensuring that they have more efficient supply chains. They have been using it to manage the inventories, for generating consumer analytics and insights. There’s a lot of use in the back office. So for consumer analysis, for predictive analytics. Online shopping, obviously, has been using it for predictive analysis for quite some time. 

I think what’s really interesting is that, with the rise of generative AI technologies over the past few years, a lot of the use cases probably shifted away from the back office towards more consumer=facing experiences and more consumer-facing use cases. So, I think that probably the biggest use case of generative AI is in marketing and advertising. So, very much what consumers are seeing, what they are reading and viewing to make their purchasing decisions. 

One other use case that really stands out is personalization. Again, lots of opportunities there for businesses, especially digital retail businesses, when they are trying to offer more curated, a more personalized, a better, more convenient customer experience. I think there are a couple of really emerging use cases that we are seeing where companies are, if you look across industry surveys, companies say that they are beginning to invest a lot in customer analysis and segmentation and in digital assistance and profilers. I think those are two areas where there’s a lot of trial, a lot of initial implementation that’s happening across retail and consumer businesses.

Comite: Let’s look out a little further. Let’s think about 2030. Any bold predictions about where the evolution of expectations around customer experience are going? Any ideas about where this is headed?

Bhattacharyya: I think given the uncertainties we are living amidst, it’s quite difficult to be thinking even one year ahead. If you think about what consumers would expect, there are probably two things. One is probably a little less surprising than the other. So, the less surprising thing is that if businesses are using so many new technologies, and we know one of the concerns around AI technologies has been around data privacy and accuracy and hallucinations, I think consumers would expect a lot more progress at those ends. They would expect businesses to be really transparent about what’s happening with their data, how they’re using their data. They would also expect a certain level of accuracy in how businesses are using these technologies. So, if I have a shopping assistant suggesting me what kind of TV I should be buying, I would expect that to be absolutely accurate data. I would expect that to be something I can trust and I don’t have to double check that. Again, transparency and accuracy would be something that consumers are going to be expecting. 

I think one surprising thing might be the human element, right? While we are using a lot — businesses might be using a lot of technologies, it’s probably going to be important to make sure that there is a level of human overview on things. So, if a lot of my shopping experience is done by – through automated processes, through bots and virtual assistants, if something goes wrong as a consumer, I might be expecting a quick redress. It might be that businesses that manage to correctly use a merged human overview with the use of new — adoption of new technologies are standout as the winners. If something goes wrong, the ability — the ease with, and the speed at which, a consumer is able to find a solution, or maybe speak to a human at the company end might become quite important.

Comite: Barsali, thank you so much for taking the time to share your experience, your expertise looking at the markets, both in the US, globally, and thinking about the future of customer experience. I just want to say thank you again for all of those insights.

Bhattacharyya: Thanks, Bryan. It has been a pleasure talking to you.

Comite: Joe, I’m going to turn it back to you.

Kornik: Thanks, Bryan. Thanks, Barsali. Thank you for watching the VISION by Protiviti interview. On behalf of Bryan and Barsali, I’m Joe Kornik. We’ll see you next time.