Yves Reding, CEO of EBRC, discusses the crucial importance for companies to develop a deep culture of resilience, and the need to protect against threats that can – and cannot – be anticipated. Following the Covid-19 crisis, the concepts of risk management and (cyber) resilience have become more important than ever: the expert tells us more about his vision and philosophy, and also shares his thoughts on the launch of the Gaia-X initiative.
Covid-19 and the emergence of resilience: a wakeup call
“We are currently learning lessons from the Covid-19 crisis. The world we knew before and the one we are now navigating in are not the same. This pandemic changed the way things are perceived, and even challenged the priorities of entire ecosystems, governments, companies, etc. on political, social and economic levels,” starts Yves Reding. The digital expert notably shares the example of business models that now need to fully integrate the concept of resilience, advocated by EBRC for the last 20 years. “The Coronavirus crisis is not a black swan: it could/should have been predicted. Over the last two decades, companies have had to face several health crises: back in 2003 with the SARS outbreak and later in 2009 when the World Health Organizations declared the H1N1 pandemic. Moreover, pandemics and health crises have become part of the popular culture with many books and movies dealing with such issues. The risk is here and we should all have been aware of it,” declares the CEO of EBRC.
Within EBRC, the concept of resilience is well-known and part of the global strategy of the company. As explained by Yves Reding, the term resilience is mostly used in psychology – when an individual goes through a traumatic event and later recovers – and in the metal industry when for instance rails and bridges need to absorb important thermal shocks. He adds: “it is also commonly used when describing a forest that needs to regenerate. That is what Humans and nature do: the concept should already be integrated by all individuals and companies. Yet, many were not aware of it prior to Covid-19, and some players might even disappear because of their lack of awareness”. In such a context, companies are now transforming their business model into a resilient one, which can adapt and bounce back, getting rid of short-termism and purely financial objectives, to rather investing more into Corporate Social Responsibility, sustainability, people, etc. The CEO highlights: “a resilient business model will allow companies to analyze future trends – demographic changes and hygiene issues, global warming, digitalization, etc. – and therefore anticipate, predict, protect, absorb, manage, recover and even accelerate”.
And when it comes to digital, Yves Reding notices that more progress has been made in the last three months compared to the last three years, with the emergence of the digital pendant of resilience: cyber-resilience.
Beyond traditional resilience: the way towards cyber-resilience
In this respect, digital has proved – if it were even needed – its tremendous use and undeniable advantages. For instance, the entire country of Luxembourg, thanks to its flexibility and its robust IT infrastructure, was able to turn rapidly to homeworking, without having to slow down its activity. “The notions of risk management, resilience and of course, cyber-resilience have become the new standards,” says the CEO, whose teams embraced homeworking from the very first day of the confinement period. He asks: “but what would happen if the network or IT systems were to crash down? What about the increasing number of cyberattacks during the last three months? When perpetrated the right way, they clearly impacted the targeted companies. Therefore, the next step to achieve an overall resilient business model is to invest in cyber-resilience”.
A couple of years ago, the European commission enforced the NIS Directive, which provides legal measures to boost the overall level of cybersecurity in the EU and identifies “operators of essential services”. The name says it all: such services are essentials for governments, health institutions, financial flows, energy, transport, water supply and distribution, digital infrastructure, etc., to keep on running. “Digital then becomes systemic! And the Covid-19 crisis made it clear in the minds of organizations and individuals: our activities were only able to continue thanks to digital. But tomorrow, digital could be harmed and threatened by cyber attackers. As digital becomes the backbone of our society, it must become resilient, and, by definition, cyber resilient,” underlines Yves Reding.
Assisting companies in their fight against cyber threats
Resilient – and cyber-resilient – strategies rely on dedicated and specific resources. “Several programs already exist, but we are still noticing an important gap between what’s available for companies, and how they actually use these tools,” underlines Yves Reding, who notably names multiple ISO certifications – 22301, which concerns business continuity and 27001, which deals with information security management. EBRC has been also participating in exercises created by the European Union Agency for Cybersecurity (ENISA) for years, on how potential cyber attackers could impact Cloud Service Providers (CSP) and Internet Service Providers (ISP), which might very well happen in the near future.
In addition to such standards and regular exercises, the EBRC teams worked on an assessment tool with the mission to facilitate the life of decision-makers. “We developed a solution based on the analysis of the client’s processes and the production of a report highlighting the gap between their processes and the industry’s best practices in terms of resilience and cyber-resilience. It takes about 45 minutes to provide them with their level of maturity and then guide them towards the best protection,” explains the CEO of the 20-year old digital company.
Moreover, in February 2020, just before the confinement period, EBRC surveyed decision-makers and IT professionals in Luxembourg and in France on the topic of Cloud Services and “digital sovereignty”: 55% of respondents labeled it as “a necessity for Europe”, when only less than 10% of companies and individuals see it as useless or impossible to achieve. And lately, a key project was just launched at the EU level to boost Europe’s “digital sovereignty” and aiming at an EU cloud independence.
GAIA-X and the need for Europe to control and master data
Yves Reding welcomes the Gaia-X initiative powered by the ministries of the Economy of both Germany and France, backed by talented researchers and key players of the digital industry: “EBRC has been rooting for the digital sovereignty of Europe for years. We are excited to see that things are now moving at the political level. The European commission, led by Ursula von der Leyden, has communicated its ambitions and we are in the middle of an important change of paradigm,” highlights the CEO who has been in contact with the German and French ecosystems for many years. He continues: “just like with GDPR and NIS, Europe needs to regain possession of its digital ecosystem, by transmitting and using its main values: transparency, openness, interoperability, trust and sovereignty. Europe will then be in the driver’s seat and impose its transparent rules, known by all the players”. Over the years, numerous theoretical projects have been led, but according to the CEO, Gaia-X is a key political statement and will. He adds: “The country members of the EU now speak as one, with the appropriate means and energy. EBRC falls within this ambitious project and so do many European associations”.
With data often described as the “oil of the 21st century”, one of the main objectives of Gaia-X is to keep control of data and services through technological independence. “In the current environment, mastering data is key. For instance, how could a hospital survive without data knowledge and control? How can the car industry build autonomous vehicles if it does not understand and master data?” then asks Yves Reding. Gaia-X revolves around building on data with specific use cases, which will allow the different industries to analyze risks and anticipate, by actually using personal sensitive data that would have been anonymized, under the governance of Europe.
As a conclusion, Yves Reding highlights the tremendous digital silent acceleration that took place in the last three months, while also acknowledging the change of mindset when it comes to risk and resilience. Companies now know that they need to be able to deal with all types of crises, especially with cyber threats, in a world that is more digital than ever. An advocate of an extended approach towards risk through cyber resilience and towards data management and sovereignty, the CEO of EBRC, along with his team, spent the last three months working on innovative projects to mitigate and anticipate such risks, and also welcomes the launch of Gaia X.
“We went through a violent Covid-19 pandemic but we must learn from this crisis: we will change our world and will get stronger. We have to build a more resilient and cyber-resilient world for the next generations, able to face future crises”, concludes the CEO, “moreover, we have to take back control of our strategic resources, digital and data. Time has come to take decisive steps, at all levels, to build our Trusted Digital Europe”.
Interview by Alexandre Keilmann
Publié le 16 juin 2020