finance
monthly
Personal Finance. Money. Investing.
Contribute
Newsletter
Corporate

Here Finance Monthly hears from James Dudbridge, Associate Director at tax credit specialists ForrestBrown, who explains how to  appropriately navigate a HMRC enquiry.

Research and development (R&D) tax credits are a government incentive designed to reward UK companies for investing in innovation. They’re a valuable source of cash for businesses and support significant growth. HMRC itself found that for every £1 of tax foregone, up to £2.35 of additional R&D is stimulated. In recent years, HMRC has focused its efforts on increasing awareness of the incentives and it has seen success, with the volume of claims being made booming. Around 50,000 claims were made for the 2017-18 tax year alone – a 31% increase on the prior year.

But this success has prompted greater scrutiny of the submissions being made. Firstly, because HMRC has a duty to ensure taxpayers’ money is being used efficiently. Secondly, because HMRC recently uncovered a high-profile instance of fraudulent activity, said to be worth as much as £300m to the public purse.

This greater scrutiny takes the form of enquiries. Put simply, this is when a taxpayer gets a letter from HMRC asking for further information relating to their R&D tax credit claim. It may be worded as a “compliance check”, but in reality, it’s an investigation, and should be treated with the gravity it deserves.

While HMRC doesn’t release data about the volume of enquiries it undertakes, estimates suggest it’s about 5-10% of all claims submitted[i]. That’s potentially as many as 5,000 investigations a year. These can be prompted by any number of factors. It could be that there’s a simple, honest mistake spotted by an HMRC inspector. It could be that HMRC requires more information surrounding specific parts of the claim. Or it could relate to a wider tax position. Sometimes it can be as simple as HMRC deciding it wants to study a specific sector, or technology, in greater detail.

With more enquiries being launched than ever before, it’s important to be prepared. While the vast majority take place before any money is handed over, there are some cases where enquiries are opened after the R&D tax credit has been paid. When that happens, not only may you have to hand back cash that may already have been spent or allocated, but interest may also be charged. In all cases there is also the possibility of penalties applying if any part of the original claim is found to be incorrect.

Not only may you have to hand back cash that may already have been spent or allocated, but interest may also be charged.

But it’s not just the financial impact. If an enquiry isn’t handled effectively, an enquiry can seriously impact your relationship with the tax authority. This can make all subsequent tax issues harder to deal with. Furthermore, an enquiry can take anything from a few months up to several years to resolve. That’s time and resource being spent trying to fix the issue – with multiple people involved from around your business. It can be a massive drain. Not to mention the stress and frustration it might cause.

Avoiding an enquiry

All this begs the question: how can you avoid being the subject of these types of investigation? In some cases, you can’t. You might just be picked at random. But it is possible to reduce the likelihood, and, crucially, increase your chances of a successful resolution if it happens.

Firstly, be prepared. Just because you’ve received a benefit in the past, it doesn’t mean it will be seamless next time – even if you follow the exact same process. The same level of scrutiny should be given each and every year when making a claim – and if it transpires previous documents weren’t quite right, action needs to be taken. Simply updating documentation from your prior year isn’t enough – what HMRC expects in support of claims has changed – and so your paperwork needs to too.

Secondly, it’s vital that those preparing the paperwork are crystal clear on the criteria. Worryingly, some aren’t. Once we outline to them exactly what can go into a submission, they realise they’ve been getting it wrong. In most cases, it’s not intentional. It’s just a lack of understanding about the parameters of the relief. Claims prepared by non-experts quite often don’t properly consider the boundaries of R&D projects – something that HMRC has asked for in recent guidance.

There’s also a need to have a strong understanding of the underlying science or technology, which can be a challenge where a finance team prepares a submission. HMRC will want to see this presented in a particular way. There are then strict categories of costs involved which can be included in the claim.

Top tips for handling an enquiry

If an enquiry happens, you need to act swiftly and judiciously. Once the HMRC letter arrives, be open, be honest, be transparent and be collaborative. It’s important to begin building a positive relationship with your HMRC inspector immediately. Your first response will set the tone for the rest of the process.

At first, there may just be generic questions to answer. Don’t let this fool you. You need to think carefully about the claim you’ve submitted. Try to get ahead of any possible risk areas. Within reason, HMRC will be open to you defending parts of your claim that they may have challenged.

Don’t keep the enquiry away from people within the business. Getting the right information together for HMRC will usually involve a number of different stakeholders in the business, such as the legal team, the finance department and the technical experts. They can all help guide the process and provide insight and expertise to ensure the best possible outcome.

It’s always worth bringing in specialist external support with a strong pedigree in dealing with enquiries. They can help guide you through choppy waters and provide expert advice on all aspects of the enquiry. When engaging with an enquiry support service, the first step is full disclosure. Don’t hold anything back and give them access to your experts for interview.

The next step is to revisit all the costs that made up the R&D tax credit claim and review them again in full. Once this is completed, you will have a strategy in place designed to resolve the enquiry with the best possible outcome for your business. This will often involve formal written responses, as well as preparation of key personnel for any call or meeting required with HMRC.

[ymal]

A silver lining

An enquiry can be a positive learning process. Having been the subject of an enquiry, those involved will be armed with the knowledge they need to ensure subsequent claims are robust and cover all of the areas that HMRC expect to see for that business. This is invaluable – and has a real monetary benefit. It can be the difference between a useful lump sum of capital and a failed claim with significant operational costs.

Although enquiries aren’t necessarily positive experiences, we should welcome their existence. HMRC is enforcing best-practice and it’s reassuring to know that public finances are being protected from potentially fraudulent activity.

If you haven’t made an R&D tax credit claim before and are considering it for the first time, it’s important not to be put off. That said, given HMRC’s focus on quality, it’s worth choosing an adviser with care. Look for a multidisciplinary team who hold professional credentials across accounting, tax and law. Seek evidence of supervision by the Chartered Institute of Taxation. Be assured they adhere to HMRC’s agent strategy.

This will ensure that your claim is not only fully maximised, but also protected from risk. Meaning that when you receive your benefit, you can do with it what the government intended: invest it back into your business to spark your next big push or fund the start of something remarkable.

[i] Estimate made by ForrestBrown

This is according to a recent study by KnowYourMoney.co.uk. Meanwhile, separate data shows that, in total, there are just over 11 million mortgages across the country, with the combined value of the mortgage market coming in at £1.3 trillion. Here John Ellmore, Director at KnowYourMoney.co.uk¸ discusses further the correlation between a lack of financial planning and subsequent mortgage troubles.

It’s a huge market, and for most people a mortgage will be the largest single debt they take on in their life. It is vital, therefore, that consumers are thorough and diligent in both finding the right mortgage product and making mortgage repayments.

Navigating the mortgage market

Returning to the aforementioned research by KnowYourMoney.co.uk, not only did the survey uncover the types of debt people have, but it also offered insight into the ways Britons are managing their finances. And there were some concerning findings.

Most notably, two thirds (67%) of those in debt have no savings stored away to enable them to pay off debt if required, with men (73%) more likely than women (62%) to lack a financial safety net. Furthermore, nearly three in ten (29%) said they do not feel in control of their debt and have no plans of how they will pay it off.

In light of these figures, it is perhaps less surprising to note that 24% of people in debt said they lose sleep because of it.

When it comes to mortgages, planning and preparation are key. Indeed, with so many mortgages available – 4,214 new products were introduced into the residential mortgage market between 2016 and 2018 alone – choosing the most appropriate option can be challenging.

Importantly, this challenge starts with an individual understanding his or her personal finances.

Debt-to-income ratios

Essential within this planning phase is to know one’s debt-to-income (DTI) ratio. In short, this offers an indication of how much debt a person has in relation to their earnings – it is calculated by dividing total recurring monthly debt by gross monthly income.

But many people are in the dark about DTI ratios; 44% of UK adults do not know what their debt-to-income ratio is, with 39% admitting to not understanding the term.

This needs to be addressed. Without understanding exactly how much debt one can responsibly handle, securing the right mortgage is extremely difficult.

Of course, a mortgage provider will undertake its own due diligence in ensuring a borrower’s income is sufficient for the terms of a particular mortgage. However, in truth, the lender will never be able to match the borrower’s granular insight into their finances.

Avoiding bad debt

Ultimately, despite the negative connotations that still surround the word, debt is an extremely valuable financial instrument. It enables people to pursue life goals otherwise out-of-reach. But we must recognise there are good debts and bad debts.

Good debts are both manageable and will provide value to the individual – mortgages are a prime example of this, assuming the amount borrowed can be repaid. Bad debts are those that cannot realistically be repaid or provide no value – taking on debt to pay-off other debt is a common example of this.

Mortgages, by and large, are good debts, but only when the monthly repayments can be made without being overly restrictive to a person’s financial situation. The first step is for consumers to ensure they know what their DTI ratio is – a task that takes just a few moments thanks to online DTI calculators.

Failure to do so could cause problems down the line. Illustrating this point, it is estimated around 88,000 mortgages in the UK are in arrears of 2.5% or more, while there are 52 mortgage possession claims made every day.

To avoid falling into this situation, borrowers must be sure they only take on good debt. Moreover, whenever possible they should set aside savings to help make repayments in case of cash flow issues or interest rate changes in the future.

Thorough preparation and careful management are at the heart of any successful financial strategy, and when it comes to mortgages these are essential in ensuring people navigate the market safely and only accrue debts in a safe, responsible manner.

For a newbie, the wealth management industry is a lot to take in; but that should not stop you from dabbling in investments and asset management. All you need is a wealth management firm that you can count on to put together a sound financial plan for you!

Take note of these important factors when looking for a wealth management firm:

Expertise and Experience

It’s no secret that the world of investment and financial management is a complicated one. That said, you’ll need a firm with the expertise to handle complexities and deliver the sophistication that unique situations require.

Don't fall too quickly for advisors who claim they've handled plenty of clients like yourself. Keep in mind that people's financial circumstances are rarely alike, and this is probably just a tactic to lure you in. Instead, why don’t you ask the financial advisors about specific clients with financial situations quite similar to yours? How were they able to help them grow and manage their money?

A good and reliable wealth management firm should have advisors who can make you understand their insights and ideas even if you're new to the whole thing.

Continuit

Here, consistency is key. In 10 or 20 years, you'll want to retire and enjoy the fruit of your hard work and investments. However, you definitely do not want your wealth management firm to do the same!

One important thing to consider when selecting asset and investment management firms is longevity. But the number of years in business alone won't suffice -- it is crucial to go for those with a dependable succession plan in place. Think of it as an assurance that they can continue taking care of your wealth management needs well into the foreseeable future.

Access to Resources

For your investment to grow, choose a firm that has access to a wide variety of products, services, and financial management options. While it’s true that most firms offer flexibility in terms of investment opportunities, some may have limited access to certain investment vehicles due to the size of the assets that they manage.

Thus, large scale investment firms may be more capable of leveraging their assets to address certain issues, negotiate fees, and formulate more sophisticated solutions to your investment needs.

Performance and Reputation

In the end, it all boils down to one thing – results. This is, perhaps, the most crucial box you'll have to tick. Before making your final decision, find out as much as you can and assess if the firm you’re about to choose has consistently delivered commendable results over time.

Spare some time and energy for research and get to know the firm a little beyond the surface level. You can ask your friends and colleagues for opinion or consult the internet for reviews and recommendations. Remember: your money and the future of your finances are at stake here.

Lastly, look for wealth managers you can work closely and comfortably with – someone you won’t hesitate to approach for inquiries or when you want things to be handled differently.

More often than not, people choose a wealth management firm on the basis of price. But you know what? Cheaper isn’t always better. What you need to look for is value.

Brexit is edging closer every day, and equally everyday risk and opportunity float in a volatile sea of decisions for every business. Below Luke Davis, CEO and Founder of IW Capital, talks Finance Monthly through the complexities of alternative finance post-Brexit.

With a new tax year now underway, the first two weeks of April have also brought the revelation that investment spending in the UK grew more than in any G7 country in the lead up to 2018. Following outstandingly favourable conditions for British business in 2017, the first quarter of 2018 has held form for the new tax year. With the first round of Brexit terms agreed, and the passing of the Finance Act earlier last month, investor reactions to the events of 2018 steadily come under a time-sensitive microscope.

The government crack-down on asset-backed EIS opportunities and the significant expansion of new-age sectors such as med-tech, biotech and fintech has also significantly increased the focus on investor portfolio decisions for the 2018/2019 tax year. In a recent report from Mayfair-based private equity firm IW Capital, the high net-worth facing data found that one in five UK investors were turning away from traditional stocks and shares and instead choosing to invest in to new-age tech sectors such as energy tech and med-tech. Equally significant, the doubling of the EIS investment cap for knowledge-intensive companies, and the launch of a government consultation into a knowledge-intensive fund ensures these sentiments are duly supported by the infrastructure that supports the alternative finance arena.

The research further unveils that a post-Brexit climate in the investment arena is far from a bleak one, as over seven million investors say SMEs are more attractive as a result of increased trade prospects on the back of Brexit. Furthermore, over a quarter of investors say that they feel more encouraged to invest in SMEs after the formalization of Brexit has run its course.

This data comes amidst a more cautious outlook from the UK’s SME business leaders who previously predicted that smaller business would suffer a slow-down in the post-Brexit business climate. Seventy-five percent of small business owners said that they faced rising business costs, while the Federation of Small Businesses Quarterly Confidence Index also reported negative figures for the second time in five years.

Investors, on the other hand, have maintained a firm and optimistic perspective on both pre-and post-Brexit investment agendas in relation to the UK private sector. While the disparity between investors’ positive outlook and SME leaders’ scepticism reflects the UK market’s preparation process for Brexit, the discord also presents an opportunity for leaders on both sides of the investment spectrum to develop a symbiotic relationship.

Supported by one in five investors believing that Brexit will lead to higher quality and more frequent deal flow, and almost a third predicting that Brexit will improve SME productivity, the UK’s upcoming exit is an opportunity to drive new trading opportunities that could mean more SMEs seeing beyond Europe and proactively engaging more with the rest of the world. Moreover, many retail investors are keen to allocate funds in high-growth UK companies, and now have a much stronger chance of doing so due to the ongoing disintermediation of the alternative finance industry.

In order to leverage the growth in opportunities investors—particularly those in the alternative investment space—must transfer their optimism to SME business leaders. Government regulations on EIS investments, and other fiscal adjustments made in the Chancellor’s 2017 Autumn Budget, further provide a pre-and post- Brexit roadmap that can bring investors and business owners closer together. With this infrastructure in place, closing the disparity in Brexit perspective hinges on transmitting not only resources, but confidence. While many see Brexit as a challenge to both business leaders and investors, it is much more likely to provide opportunity instead.

The need for financial institutions to be prepared against cyberattacks is doubly pressing this year, following a raft of new regulations. These have shifted the mandate from one of annual compliance exercises to an ongoing assurance that IT systems are prepared and secure.

Hiscox recently published its Cyber Readiness Report, surveying how prepared major institutions are to face cyber-attacks. Last year the report found many businesses underprepared for cybersecurity threats.

A variety of products offer security for financial services companies’ critical applications. But the growing complexity of banks’ systems means that the approach to cyber security products is not fit for purpose, warns systems integrator World Wide Technology.

Nick Hammond, lead advisor for financial services at World Wide Technology, comments: “The Hiscox report will serve as an important reminder to financial services firms about the importance (and difficulty) of securing against the cyber threats.

“This kind of protection is all the more necessary this year, in the wake of new regulations such as MiFID II, PSD2 and GDPR. Unlike older rules that only required yearly tick-box compliance exercises, these new regulations require continued assurance of critical applications.

“But with the complexity of existing IT systems, which have been built with different and sometimes opposing metrics over the years, this is easier said than done. Legacy infrastructures are often formed from an extremely complex patchwork of applications, which communicate with each other in convoluted ways.

“This web of opaque interdependencies is creating problems for cyber security. Without a clear view of how the system is plumbed together, there can be knock-on effects downstream when one application is prevented from sharing data with another system or user.

“To meet changing regulatory requirements, companies in the financial space need to access infrastructural expertise, to generate a working, real-time picture of the entire framework. Only after gaining this level of visibility can the right security policies be fitted to each application in a way that fits within the functioning of the existing system, allowing components to communicate as they need to whilst closing them off from external threats.”

(Source: World Wide Technology)

Budgeting is a highly necessary and mandated task for any business, with an extremely structured process in most cases. But as budgeting expands to include a broader scope within companies, how can we work towards a collaborative budget? Chris Howard, Vice President of Customer Experience, Centage, explains for Finance Monthly.

I’ve yet to speak to anyone involved in the budget modeling process who didn’t wish for an Excel feature that somehow made budget collaboration easier. And I speak to a lot of people.

The folks responsible for creating the ‘master’ budget models, often CFOs, don’t have an easy time of it. They need to gather input from numerous people within their organizations (most of whom have no background in corporate finance) and then validate the data they receive. All too often, they rely on managers to put together entire budgets based on higher level numbers, guidelines and goals they provide.

Once that’s done, they need to piece together a myriad of spreadsheets and apply complex formulas and macros to arrive at projections. This last bit typically occurs late into the night.

But here’s the thing: Excel was never meant to be a collaborative tool. It simply wasn’t designed to farm out files and to collect and manage the input of multiple users. That means even the most advanced power user can’t deliver the level of collaboration finance teams need.

Beyond input consolidation, the CFO’s I speak to say they have an urgent need for automated rigor in their budget models to ensure accuracy. It’s not uncommon for a CFO (or another budget contributor) to find that an error – such as a broken link or formula – which causes a costly displacement in the budget. The result is a lot of discomfort.

Given needs and constraints of budget modeling, what does a truly collaborative budget look like? How does it work? Based on what I’ve heard from CFOs in the mid-market, here’s what I think are the requirements of a collaborative budget model:

Bottom-Up vs. Top-Down Management

Although it’s the finance team’s responsibility to manage a budget, the budget itself belongs to every department within the organization. It’s the CMO who determines how to spend the marketing budget, and the CTO how to best manage IT investments. This means that budgets must be managed from the bottom up, rather than top down, and that buy-in is essential. But when a CFO is forced to control the budget model via a master spreadsheet, those models are, by definition, managed from the top down. This results in a disconnect between the model and the day-to-day activities of an organization. Monitoring performance vs. plan becomes impossible.

Role-Based Security

Budgets are filled with highly sensitive information, personnel data, salaries and the like. A collaborative budget should prevent the wrong users from accessing data that’s not directly related to their roles in the organization. For this reason, a collaborative budget model should have role-based security with an interface that’s customized to the user’s function. What the VP of Marketing sees should be very different from what the CFO sees. Needless to say, this is far outside the realm of Excel’s capabilities.

Financial Integrity Safeguards

In a true bottom-up collaborative budget, most of the contributors will have no background in corporate finance, and little understanding of the differences between a balance sheet, cash flow or P&L statement. How do you ensure that input from these contributors is correctly tied to the right outputs, and is fully compliant with US GAAP accounting rules?

Collaborative budgets need some kind of built-in rigor that protects the financial integrity of the outputs, allowing non-finance team members to enter data without breaking things. In other words, data entered by facilities management is automatically tied to the correct outputs without that user even realizing it.

Self-Serve Reporting

Finally, a collaborative budget must promote self-sufficiency, especially when it comes to reporting. Every CFO I speak to tells me his or her goal is to create reports once – with financial rigor firmly in place to ensure integrity – and then hand over the reins to the CEO or Board. This is the only way a CEO is free to monitor performance vs. plan, cash flow or P&L on a monthly or even a weekly basis on their own, and without the CFO’s constant involvement.

In order to turn over the reins, the entire budget needs access to the data in real-time, otherwise the CFO will be forced to update the reports manually (hardly the level of self-sufficiency they’re looking for).

Why a Truly Collaborative Budget is Worth Working Towards

A truly collaborative budget model will, by definition, require finance departments to jettison their budgeting spreadsheets – a painful exercise given that most of them have been working with Excel since their pre-college days. But the payoff will be huge.

A budget model that combines historical information with real-time data is the only way to spot trends, threats and business opportunities. And it will be “board ready,” meaning it will allow teams to respond with accuracy to the Board of Directors when they ask about ramifications of any number of business changes on the P&L, balance sheet and cash flow statement.

Put another way, it’s time to say goodbye to that monster spreadsheet your team just finished creating. Instead, implement a budget that lets you combine data from multiple sources to present a single version of the truth. You’ll get a living, evolving document that significantly improves the quality of information you deliver throughout the year.

When it comes to financial investment, whether it's in supply chains or your employees, business decisions are an everyday chore. If you add Brexit, hurricanes and fluctuating stocks to the mix, planning for uncertainty can become tedious. Here Lena Shishkina, head of finance, EMEA and APJ at Workday, provides Finance Monthly with some insight into planning for uncertainty.

The level of uncertainty that businesses have to deal with today due to various political, social and economic forces is almost unprecedented. From fluctuating currencies and political leadership to other disruptive events such as Brexit, there are plenty of reasons for a degree of global anxiety. The reality is that the effects of these things are still unknown. Business leaders are in a state of flux, questioning how this instability will affect trading, regulation, policies, and markets, for instance.

This level of uncertainty is impacting the finance world most. Now more than ever striking a balance between executing the day-to-day and future planning is critical. Unfortunately, not everyone has this mastered just yet. Despite the advent of tools such as big data and predictive analytics, recent figures show that 50 percent of businesses cannot create revenue forecasts past the next six months.

When uncertainty strikes, the c-suite tends to revert to requesting more frequent forecasts and adopting a ‘what about now’ mindset. While this tends to be a knee-jerk reaction, finance planning is only effective if it is based on relevant, real-time data.

Expecting the unexpected

It’s probably from personal experience that most financial professionals know that an annual budget can be rendered useless in the space of a few days. This is due to the unexpected nature of market volatility and political changes for instance that can shape the future of companies.

This is why continuous planning is being widely adopted by organisations, as it allows them to have the ability to re-run forecast predictions based on these kinds of changes. And it works: businesses that have already adopted this methodology claim to be almost twice as likely as their peers who haven’t accurately forecast earnings between plus or minus 5 percent.

Another benefit is that this kind of approach can create and develop the authority of the finance department. In fact, the same study found that respondents were three times more likely to report increased stakeholder confidence, and finance leaders were four times more likely to be able to respond more quickly to market disruption.

Despite the clear advantages of this methodology, why do many so companies still choose not to go down this path? A lot of businesses continue to rework forecasting on outdated budgets, which breeds inaccuracies and further trepidation. Financial professionals need to rethink their forecasts and look beyond financial data to ensure their projections are robust, accurate and of the highest quality.

Continuous planning and the importance of non-financial data

Non-financial data has traditionally been left out of forecasting largely because it is not as quantifiable or predictable, but executives can no longer get away with that thinking. A recent report found that executives who make better use of non-financial data are more than twice as likely to be able to forecast beyond a 12-month horizon.

Take workforce costs, for example. This is typically an organisation’s greatest expenditure and relies on much more than just financial data for an accurate forecast. That includes everything from anticipated salary to recruitment plans as it paints a more comprehensive view that teams can then use for an accurate look at the future.

A robust data set is one thing. But being able to adjust forecasts in real-time as changes arise at the last minute is just as vital. This is where continuous planning can be truly valuable as it adds context from across the organisation, helping to involve more stakeholders and providing deeper visibility into plans and real-time revisions. A rolling model means the business is in a much better position to react quickly to external factors and give the organisation the visibility they need when these changes arise.

Innovation is key

In theory, continuous planning is a saviour for financial services professionals. However, the reality is most organisations do not have the infrastructure or technology in place to support it in practice. Embracing new technology is the only way organisations will be able to seamlessly bring together rolling forecasts and non-financial data.

The fragmented way finance teams currently work is stifling operational agility. All too often, they are using a mixture of legacy tools from a variety of vendors, which makes it difficult to integrate data sets and make educated decisions. Organisations can no longer afford to base their decisions on luck; they have to start rethinking their technology and the foundation it’s built on. It is the only way to achieve real transformational change. A visionary CFO and a highly engaged finance team will see that and be well placed to usher in this new era.

Determining the future

The only constant in this world is change. And as this time of uncertainty shows no signs of slowing, continuous planning is the only antidote. The combination of rolling forecasts alongside both non-financial and financial data is a significant step in effectively predicting future business outcomes. As a finance professional, you’ll no longer feel like you’re being asked to gaze into your crystal ball, you’ll finally have the answers.

With the worldwide number of robots in smart factories now topping a million, Ross Thomson cites a lack of awareness as the reason most operators haven’t tackled the threat.

“Many firms believe hackers only want personal or financial data, but there is a credible risk to industrial robots,” says Mr Thomson, Principal Consultant at Amethyst Risk Management, which advises government and industry on cyber security.

He points out the risk is growing as robots, like other devices, are increasingly connected to wider networks and the internet. That gives hackers more ways in, and the consequences are potentially disastrous.

In one example, attackers locked up a robotic assembly plant in Mexico and demanded a ransom from the operators. Mr Thomson also highlights the safety risk for human factory operatives if a robot were to be hacked.

Lack of awareness and preparedness for a cyber-attack extends to robot makers. Mr Thomson points to an experiment where researchers hacked a robotic arm and forced it to mis-perform, compelling its manufacturer to plug the security hole.

Nightmare scenarios

The threat might come from disgruntled employees, criminals, recreational hackers or nation states.

One kind of attack would inject faults or defects in the production process, or lock it down completely as in the Mexican incident, leading to loss of production and revenue. If defective products make it to market, they can cause reputational damage, a potential advantage that could motivate an attack by unscrupulous competitors.

By manipulating safety protocols, hackers could cause the robot to injure human operators, or to damage itself or the factory environment. Alternatively, attackers might attempt to steal sensitive data from the machines themselves or the wider company network through remote access.

How easy is it to hack a robot? Ease of access to the software varies, making an inside job more likely in some scenarios. Firmware may be freely available online or retrievable from used robot CPUs, and some manufacturers allow programmers to access code in a simulation environment, creating a potential practice ground for would-be robot hackers.

Hackers have other ways to infiltrate, other than via the internet. They may attack from within the factory, for example connecting to the robot directly through a USB port, or physically accessing its computer controller directly or via remote service.

Once they have penetrated the system, they can potentially alter the controller’s parameters, tamper with calibration programmes or production logic and alter the robot’s perceived state, for example to show it is idle when it is not, or its actual state causing loss of control.

How big a risk?

The scale of the threat could be enormous. It’s estimated there will be 1.3 million robots in factories worldwide by next year (2018) and that 12 per cent of jobs will have been taken over by automated systems within a decade anda half. Robots are operating across almost all industrial sectors from car manufacturing to aviation and food processing.

The UK’s National Cyber Security Centre has highlighted hacking of robotic, unmanned and autonomous systems as a subject for attention, both by itself and by the intelligence organisation GCHQ.

A survey of robotic engineers by Italian academics found three quarters had never properly checked cybersecurity in their infrastructure, a third of robots were internet accessible and half of respondents didn’t see a realistic cyber security threat. To make matters worse, industrial robots often have weak authentication protocols and outdated software running on vulnerable operating systems

Operators need to take the necessary precautions

Mr Thomson urges operators of industrial robots to conduct a professional review of cybersecurity risks, have an incident response plan in place in case of a security breach and ensure that software is regularly updated, especially with security patches. The security review should look at what data robots hold and how they are potentially connected to sensitive data elsewhere on the network.

“Considering the risk to production, people and facilities, it must be taken seriously from board level to operational level,” he says. “An internet-connected robot should be treated with the same security precautions as any computer on the network, including setting long, complex passwords rather than relying on manufacturers’ default. There is a temptation to neglect updates because they may cause production downtime, but it needs to be given a higher priority.”

He advises operators to make security a key factor when sourcing new industrial robots, selecting a manufacturer that shows commitment to the issue and provides frequent software updates with security patches.

“Limiting who has access to robots and segmenting machines from networks where possible can also reduce risk,” he advises.

Ultimately, one of the most effective precautions is also one of the most prosaic, and may comfort those who fear their jobs will be stolen by robots, as Mr Thomson explains: “It’s hard to imagine a time when we dare leave robots to get on with it, so until and unless that day comes, we need humans to keep watch on robots at work.”

(Source: Amethyst Risk)

Only 12% of homeowners in the US had flood insurance in 2016. For every one inch of flood, it could cost a homeowner $20,000 in damages. Here’s how flood insurance works, the average cost and if it’s too late to get covered.

While the threat of cybercrime is at the forefront of SME owners’ minds, ‘cyber recovery’ is not, according to a new study, The Business of Cyber Recovery, by PolicyBee. Five hundred UK SMEs were asked about their preparedness for cybercrime and its aftermath: one in three believe that a cyber-attack on their business is a matter of ‘when’ not ‘if’, and quarter believe an attack is ‘likely’.

However:

Sarah Adams, cyber insurance expert, who commissioned the study for PolicyBee, said: “Large corporates will all have a ‘what if’ plan in place that has been stress tested via a crisis simulation or role play exercise. They will know exactly what to do in the event of a cyber-attack. However, small businesses seem to be chancing their luck and despite expecting to be hacked, aren’t preparing to be prepared.

“The difference between a large and small company is that at least in the short term, no single individual will lose their income in a big business - but in a small business, their day to day livelihood could be altered dramatically within a scarily short space of time.”

Businesses in denial

Younger respondents seem more aware of potential cyber risks - as business owners get older they think a cyber-attack is less likely: 22% of 18-34 year olds think a cyber-attack is unlikely; 41% of 35-54 year olds and 56% of 55+ year olds.

Business in the South West and East of England are most in denial of a cyber-attack - those in London and the NE are the most switched on.

Similarly, sole traders believe they are least at risk from a cyber-attack: 71% say it is unlikely; 32% of businesses with 10-49 employees and one in five of businesses with 50-249 employees.

Adams continued: “More mature sole traders in the South West and East Anglia seem to be in the most potentially vulnerable group. If you are one of these people, it would be well worth looking at your business’s potential to become the next cyber victim, and how you’d continue to operate afterwards.”

IT and management consultant firms more switched on to cyber recovery

Interestingly, SMEs operating in the IT and management consultancy sectors had a much more realistic attitude to cyber-attacks:

SMEs not ostriches

According to PolicyBee, who provides cyber insurance and other business insurance to freelancers and small businesses, the study highlights the fact that SMEs are simply too busy running their day-to-day operations.

Adams concluded: “It’s not the usual case that all SME owner-managers are burying their heads in the sand, as the study shows some awareness of the possibility of an attack amongst some groups. It’s more that these busy owner-managers haven’t prioritised any time to deal with the aftermath of an attack. We’re all familiar with the terms cybercrime; cyber-attack; and hackers; but we need to make ‘cyber recovery’ part of the general discussion now too.”

(Source: PolicyBee)

With the implementation of GDPR on our doorstep, companies risk serious vulnerability in the face of data protection. This week Finance Monthly has heard from Rafi Azim-Khan and Steven Farmer of Pillsbury Law, who gave us a rundown on how you need to prepare for the regulatory changes.

From the debate about the UK’s ‘Snooper’s Charter’, to a number of high-profile cyber-attacks and the wrangling, both legal and political, over the abolition of the EU-US data sharing treaty, Safe Harbour, data privacy has remained firmly in the media spotlight in recent months.

Following the most significant overhaul of the EU data protection regulations in recent years set to come into effect with the introduction of the EU General Data Protection Regulation (GDPR) in May 2018, this trend looks set to continue.

The GDPR rips up the existing legal framework and provides for the imposition of heavy fines. Equally seismic is the fact that the new rules have an extra-territorial reach, catching companies who traditionally did not need to prioritise data protection laws.

Significantly, however, few businesses are reported to have actually looked at what they need to do to ensure compliance under the GDPR. As the time until enforcement dwindles, it is essential that firms act, as the UK data protection regulator has said herself. So what do companies actually need to be aware of?

The letter of the law

The GDPR replaces the current EU Data Protection Directive 95/46/EC. As a Regulation, and unlike the old law, the new laws will be directly applicable in all EU member states.

Specific changes introduced include the following:

Of course, with the UK set to leave the European Union, there is much ongoing discussion about what the post-Brexit regulatory regime may look like. It is generally accepted, however, that after the UK leaves the EU, UK laws will nevertheless track the GDPR (e.g. via some form of implementing legislation or a new UK law which effectively mirrors the GDPR). In other words, even if you are purely a UK company, or you are outside the UK and targeting UK consumers only, you should not ignore these changes on the basis Brexit is some sort of get out of jail free card.

Who needs to comply?

All organisations operating in the EU will be caught by the new rules. Importantly, organisations outside the EU, like US-based companies that target consumers in the EU, monitor EU citizens or offer goods or services to EU consumers (even if for free), will also have to comply.

The GDPR also applies to “controllers” and “processors”. What this means, in summary, is that those currently subject to EU data protection laws will almost certainly be subject to the GDPR and processors (traditionally not subject) will also have significantly more legal liability under the GDPR than was the case under the prior Directive.

What can businesses do to prepare?

To ensure compliance, companies need to ensure that they have robust policies, procedures and processes in place. With the risk of heavy fines under the GDPR, not to mention the reputational damage and potential loss of consumer confidence caused by non-compliance, nothing should be left to chance. In terms of key first steps, companies might consider prioritising the following as a minimum:

As May 2018 draws inexorably closer, companies need to start thinking about compliance before it is too late to avoid being made an example of. As the old adage goes: those who fail to prepare, prepare to fail.

About Finance Monthly

Universal Media logo
Finance Monthly is a comprehensive website tailored for individuals seeking insights into the world of consumer finance and money management. It offers news, commentary, and in-depth analysis on topics crucial to personal financial management and decision-making. Whether you're interested in budgeting, investing, or understanding market trends, Finance Monthly provides valuable information to help you navigate the financial aspects of everyday life.
© 2024 Finance Monthly - All Rights Reserved.
News Illustration

Get our free monthly FM email

Subscribe to Finance Monthly and Get the Latest Finance News, Opinion and Insight Direct to you every month.
chevron-right-circle linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram