Cyber Security for Boards

 

Big problems just keep getting bigger.

In 2003, hackers succeeded in reaching their targets 74% of the time with a 20% detection rate by those being hacked.

In 2015, detection increased to 25%, but hackers were now successful 95% of the time.

What is the current thinking with respect to the obligations and best practices of a corporate board of directors in the face of this reality? This issues was discussed by an expert panel, headed by the Chief Technology Officer for Cyber Security in the Department of Homeland Security, at an October 18th breakfast meeting of the New England Chapter of the National Association of Corporate Directors. Major takeways:

Consistent with the role of boards as supervisors and not direct implementers, boards should monitor management instituting robust protection measures. Aside from having a plan for remediation and crisis control, the board should be fully involved with monitoring cyber security as part of a company-wide enterprise risk management program.

Boards should obtain outside consultative help and analysis; boards should be trained in cyber security or, at a minimum, one board member should have expertise in the space.

It may not be wise for the CIO, with responsibility for running the networks, to also have primary responsibility for security. Increasingly, companies are designating cyber security officers. It was suggested that this be a report directly to the CEO and not to the CIO.

Boards often use commercial portals for intra-board communication. These portals are safer than the open use of the internet, but they should not be treated as fully secure. Some companies are providing secure, dedicated I-Pads to board members, the only function of such device being to communicate with the board portal.

The internet of things is making life more complex. Since everything is connected, and there are no standards for manufacture or testing of devices, and since manufacturers therefore are “all over the place” (according to Homeland Security), there is a need to standardize all that is interconnected so that it can be policed and defended.

Speaking of Homeland Security, right now they are deeply focused on protecting the election functions of the various States so that the presidential election cannot be compromised.

One question from the floor raised the issue as to whether block-chain technology might be promising in terms of increasing internet security. The answer: block-chain is a promising technology, currently being studied, but it is complex and we are a long way from being able to harden our systems using it.

For boards, there are two things to keep in mind: the first is to be sufficiently acquainted with the technology of cyber security as to be able monitor; the second is to document the board’s robust process, so as to be safe from criticism (and lawsuits) when the seemingly inevitable occurs: you will be hacked.

Continuing New Healthcare Models

 

By now, everyone is generally aware that the model for healthcare delivery in the United States is moving away from “pay-for-service” and will focus in the long run on so-called “value-based care.” Dr. David Feygin of Becton Dickinson (a major international supplier of medical devices and biological research) sees this change as “abrupt” and, perhaps more interestingly, the basis for greatly enhanced revenues.

Addressing an investment forum at the September 16th Boston meeting of Sky Ventures Group, Dr. Feygin generally outlined the hallmarks of value-based care: a focus on the patient and not the provider; payments to providers based upon the general wellness of the population being served rather than the number of procedures being performed.

His definition of “abrupt,” he noted, should be taken within the context of healthcare: he was talking about a seven to ten year window. But the process has already started, and healthcare providers are now reorganizing to meet the challenge; restructuring through mergers or organizational transformation. The mindset that needs to be addressed is the inherent tension between pay-for-service (fill the beds and perform services) against the standard of general wellness (how can we keep patients out of the beds and healthy). He observed that the Medicare model has been redesigned to reward overall positive clinical experience, with an Alternative Payment Program that will provide revenue boosts for favorable clinical performance which avoids providing service, devices or medications.

While change is often said to be good, we all know that it is not always good; however, based upon Dr. Feygin’s projections, the net revenue for healthcare providers can increase fivefold, over pay-for-service, for those healthcare providers who can “figure it out.”

Greater Boston Commercial Space

Everyone know that office and RD space in greater Boston is facing a “tight” market.

There are well over 2,000,000 square feet of office and RD space within the 495 band, according to Tom Hynes (CEO of Colliers International, presenting at the Thursday morning ACG breakfast). Boston itself contains about 30% of that space, and Boston A buildings draw an average of $58/sq. ft.; Cambridge A space, with only a 3% vacancy rate, draws an average of $64/sq. ft.

Real estate is affected by a variety of economic factors external to Boston, including but not limited to the attractiveness of investing in our buildings for foreign government funds and investors from China, Japan, Canada, Norway, Qatar and Australia. But the principal local drivers for the real estate market are our innovation and life science economy, and the growth of Boston-based hospitals. The largest general draw seems to be MIT (not Harvard); MIT was the institution cited by GE in its relocation to Boston.

Current construction plans are generally known, spear-headed by the $1,000,000,000 Wynn Casino but including redevelopment of garages at Winthrop Square, Harbor Towers and Bullfinch Crossing, as well as proposals for One Dalton Street, Back Bay Station and South Station.

One problem is to provide affordable housing; the City itself, having peaked in population at 801,000 in 1950, fell to about 562,000 in 1980 but now has recovered to 667,000. Can housing (and our shaky transportation infrastructure) effectively support this continuing influx? The economics of constructing affordable residential housing in Boston are daunting.

Asked about the difference between the “bid” and “ask” for class A high-rise space in Boston, Hynes thought that there was very little spread and not nearly the kind of spread that obtained in the past. [I do however note that, per a recent meeting with the senior leasing folks at Cushman and Wakefield, selective opportunities for modest front-end free rent and enhanced build-out allowances in certain sectors of the market were still available.]

Finally, Hynes noted the real risk presented by climate change, citing the flooding in other cities where recent storms hit head-on and with back-up generators and other support facilities often housed in basements. Real estate expansion in Boston needs to think long and hard about climate change in our law-lying coastal city.

It’s All About Big Numbers

 

My prior post reflected a discussion of economic trends among CEOs at the September 13th program conducted by the National Association of Corporate Directors/New England Chapter. One major theme, demanding its own separate treatment, had to do with the importance of big data.

Simply put, the CEOs of all three diverse companies (an international financial service firm, a regional utility firm and an online consumer goods vendor) agreed strongly on one thing: companies which win will make the most effective use of big data to drive efficiency in operations and marketing.

This is why average age of employees at Wayfair is 28 or 29 years. The same, interestingly, is true at State Street. In Wayfair, they hire tech-smart people even if they don’t have business training. At State Street, there is a major program to digitize and analyze all information coming in and out. According to CEO Hooley, this program had its source with Alibaba, the Chinese online retailer with 400,000,000 customers which realized it was collecting incredible data about its customers, and set up banking and financial services businesses because they could not ignore the value of that data.

At National Grid, CEO Reed noted that while the firm has many people who dig trenches and erect poles, they also have a substantial investment in data concerning energy usages which informs reducing costs and reducing customer usage. “We even have data on what poles will fall over in our next storm.” She also observed that social media is changing the manner in which the utility communicates with customers.

All seemed to agree that Hooley’s assessment of the future of State Street also applied to their own companies: “We will be in the business of data analytics.”

The World Economy

 

“The world is in a pretty bad place,” intoned State Street CEO Joseph L. Hooley at a September 13th panel held in Boston under the auspices of the National Association of Corporate Directors/New England Chapter. He, Marcy Reed (President of National Grid in Massachusetts) and Niraj Shah (CEO of Wayfair) discussed our economy, and their major business problems, as we move out of the summer doldrums.

Hooley noted that Japan is in a decades-long recession, the UK is growing at only 1%, the BRICs are in trouble or have slowed growth ( except for India which is “too small to matter”), and that central banks have run out of tools to provide economic stimulus. He sees this as the fifth year in a row of below-average world business growth; the United States remains steady but is impacted negatively by global developments.

It should be noted that State Street garners more than half its income from non-US operations. Reed runs a utility centered in New England and New York, and is enjoying the relatively robust United States economy, where utility bills are getting paid (defaults are at half the rate suffered during the 2008 recession). Her problems have to do with an aging blue collar work force and a lack of sufficiently trained younger employees (the Grid used to hire high school graduates but now there are “computers on top of poles”).

Wayfair is an online vendor of relatively mundane products. Although most of their products are discretionary purchases, Shah noted that his company has benefited from the explosion of online sales (Wayfair’s business grew even during the recession years). Additionally, during times of financial pressure consumers become more “value-conscious.”

There is clearly a hiring crunch in the United States. Hooley noted that we have college graduates who need jobs, and businesses which need workers, but the grads can’t fit into those jobs; a failure in training. Shah says much of the training in his company is done onsite, they just try to hire smart people. Reed, interestingly, noted that they used to assign senior workers to train younger workers but now (with an average worker age at Grid of 49 years) she assigns the younger employees to train the older ones in “new economy” skillsets.

Finally, there was discussion of how to hire and nurture millennials, who are “wired differently” with shorter attention spans, a desire to change jobs; and their “paper is already on the street” by reason of social media. 78% of millennials report that they enjoy some version of flex time. They also care about the community and the environment. In order to attract and retain millennials, companies are attempting to adjust to these differences.

Red Sox and Enemas

This is a long and unpleasant post. You may choose not read this post which, by the way, has nothing to do with the law.

I sit at my desk staring at my ticket stub from last night’s Red Sox-Yankees baseball thing (I refuse to call it a game, which implies structure, competition and competency). It reminds me that it cost $132. Double that for my wife, add $40 for parking, add 5 beers and 3 franks and one bag of nuts and guess what: my investment for the evening was: $377.

Here is how the evening went:

1. We used napkins to wipe the water from the rainshower from our seats. Mostly successful; I do not mind sitting as if in a wet diaper, I have had past experience in that capacity.

2. The Sox loaded the bases three times in the first five innings, twice with none out, and mustered two runs against a Yankee pitching staff that was decimated (I think they used eight pitchers; their starter lasted one inning).

3. Our pitcher (recently acquired, a NL all-star; you will note I do not mention his name, as I do not acknowledge roster additions until they either get a hit or win a ballgame), who earns more than you and me (combined), did last 5 1/3 innings (I make that about $20,000 per pitch) but at least he left with a 2-1 lead.

4. There followed an evening that made me think David Price was pitching because the bullpen lost the game, painfully, although the starter actually left with a lead. The Yankees, officially in rebuilding mode and having traded their two best players (pitcher Andrew Miller and hitter Carlos Beltran), proceeded to get five runs and then three runs in consecutive innings. They ended up with about 15 hits which means we left pitchers on the mound while being killed but, then again, no successor had success so why worry? Among highlights were a homer, walk and a couple of hits allowed by Ozawa (who by every August can no longer get my grandmother out, which should not be hard as she died decades ago) and three (count them) wild pitches by the same bum in the same inning, two of which scored runs (can you believe we left in a pitcher after two wild pitches? Some strange fascination about lightening never striking three times in the same place?).

After the pinch hitter for our third baseman struck out and Betts left the game due to muscle problems, at least we could stay around for the eighth and ninth because after all, the heavy hitting Red Sox surely could make up a five run deficit with six outs to play with.

Well, six outs there were, with nothing separating them.

And in all events we could stick around to see Ortiz bat. Girardi (Yankee manager for the uninitiated) pitched around Ortiz (three walks in four at bats, two intentional) but at least they pitched to Big Papi with none on in the ninth and a five run lead and Betances(Yankee relief pitcher for the uninitiated) throwing at 99 miles an hour.

5. So Big Papi promptly fouls a pitch off some part of his body, goes to the ground like a dying cartoon character (I would say, think of Kung Fu Panda but we already had one of THOSE nonfunctional things), and is damned near carried off the field between two straining minions. Of course, his replacement at the plate (some guy named Bruce Bentz or Mooky Bentz or Bruce Wayne, who can keep track??) promptly struck out.

6. It should be noted that the sainted Hanley Ramirez is in free-fall; zero for five, hitting under .270, soon he will not be hitting his weight. Of course you will walk Ortiz every time; you can count on the next out already.

7. Oh yes, there were two Yankee hitters who were roundly booed, in pure “Yankees suck” Fenway style. These moments were the highlights, of course. Se we roundly booed a man (Jake) who was a former Boston favorite who hit over .300 for our club for a total of four years before WE traded him through no fault of his own; and then the imperfect but impressive A-Rod. I stood up and clapped because A-Rod is a turkey but in Fenway they play baseball, not cater to discussions of PEDs, infidelity and ego, and A-Rod could play baseball as well as anyone who ever put on the uniform. There they are, the Sox faithful, booing a man who has hit almost exactly the same number of homeruns as hit by Ortiz, Pedroia and Betts TOGETHER.

In fairness, you should have no sympathy for me as I should know better. My record for in-person viewing Red Sox home games is that the Sox have won seven in the last two decades and have lost 1,331. No really, you could look it up. They should pay me not to come. Then again, this game lasted only a mere four and half hours (all Yankee games take forever; this one with something like 16 pitchers, took longer than forever).

So last night at Fenway was akin to a high colonic– administered with hydrochloric acid. The only difference being: if you took the enema, you would not have to wake up the next morning and remember the experience.

No Mass law on Noncomps

August 1 means the Massachusetts General Court has adjourned and, notwithstanding debate and passage of bills in both Houses, the legislature prior to its adjournment failed to pass ANY law affecting the enforcement of noncompetition clauses.  The two chambers failed to merge their bills which is not too surprising as there were several significant differences; however, the failure likely also reflects the division within the Massachusetts business community, with larger enterprises supporting stronger non-comp enforcement.  I would not be surprised to see this issue come up next session but, meanwhile, it is business (and lack of predictability) as usual here in the Commonwealth.

Corporate Governance in the WSJ

Take a look at the last page of the WSJ section A today: a list of six principles of corporate governance as recommended by  twelve corporate heavy hitters: Buffett, Immelt, Dimon, Larry Fink of Black Rock, etc.  Although I confess to not being quite sure why this group would buy a full page to extol good governance, their suggestions are not very controversial and all are commonly endorsed by governance attorneys, board advisers and indeed by the National Association of Corporate Directors:

Independent boards should meet regularly including without CEOs present; diverse boards are better; boards need a strong leader independent of management; there is no mandatory requirement to provide earnings guidance; alternate financial reporting should not obscure GAAP reporting; shareholders need “constructive engagement” with management and perhaps the board to permit them to vote properly (of course, access is articulated in terms of institutional investors).

In all events, it is hard to quarrel with the list, which really is a very basic list of some fundamental good governance practices.  It is a corporate analog to the suggestion that “everything I needed to know I learned in kindergarten.”  More later?  We shall see.

Mass Noncomp Law–status report

The below interim report is from my Boston labor law partner Bronwyn Roberts:

The Massachusetts noncompete and trade secret bill passed the House today 150-0.  To become law, the bill still needs to pass the Senate and be signed by Governor Baker.  (So not ripe for a client alert – in my opinion).

Here are some highlights (lowlights as the case may be):

Noncompete entered into at the commencement of employment must be provided the earlier of a formal offer of employment or 10 business days before commencement of employment.

Noncompetes must expressly state that the employee has a right to consult with counsel prior to signing.

There is a 1 year limit to noncompetes unless there is a breach of fiduciary duty or employee theft in which case the duration cannot exceed 2 years.

Noncompetes must be supported by “Garden leave” or “other mutually agreed consideration” specified in the agreement.  “Garden leave” is payment during the restricted period of at least 50% of the employee’s annualized base salary within the 2 years preceding termination.  There is no definition of “other mutually agreed consideration.”

Noncompetes are unenforceable as to nonexempt workers under the FLSA, student interns, employees terminated without cause (not defined) or laid off, employees under age 18.

Partnering in Healthcare, Healthcare IT investments

There are 36 Blue Cross/Blue Shield groups in the country, some covering multiple States, but the Massachusetts group has decided to go it alone. As part of this independent effort, Blue Cross/Blue Shield has established a wholly-owned subsidiary, Zaffre Investments, that invests in healthcare funds and also makes direct equity investments. Additionally, Zaffre also incubates a few companies at Zaffre’s own facilities.

Who should look to Zaffre for potential funding? Zaffre has a long term view of things: it asks, can this technology assist in the efficient delivery of healthcare over time? This sometimes creates some “interesting discussions” when Zaffre makes an investment along with professional investors (venture capital or private equity) with a shorter time frame to exit, according to Vice President for Investments Steve Fox, speaking at the June 24 Boston meeting of Sky Ventures (a platform for the presentation of emerging life sciences and healthcare companies).

Generally, Zaffre does not invest in device companies, nor in drugs and pharmaceuticals. They are looking for service and IT companies that support a service model focused on outcomes. They have an interest in consumer-driven health including health wellness, telemed, caregiving; and, in big data analytics.

Beyond that, Zaffre is all over the place, but to good effect. They will invest anywhere between $50,000 and (as part of a syndicate) $20,000,000. They do not seek control. They are stage-agnostic; they will do seed, early rounds, growth rounds, mature companies. They will lead or follow. Their geography is the United States. They do seek a board seat. They promise networking opportunities “through the front door” by direct access.

According to Fox, Massachusetts Blue Cross/Blue Shield, as a one-State non-profit, needed to diversify its revenue stream. Hence, a broad platform for investment.