Some of the world’s largest shippers are facing increasing difficulties in global supply chains amid a disruption in trade caused by the pandemic. A number of factors, including staff illness, quarantining and social distancing coupled with a spike in consumer demand and disruption to factory production has resulted in increasing delays for shippers and in turn their customers.

On the eve of Starbucks biennial investor day CEO Kevin Johnson highlighted the central importance of digital technology in its rebound effort. The company is predicting traffic in stores to exceed pre-pandemic levels as Starbucks reorients its operating model towards more ‘walk thru’ and seeks to leverage what COO Roz Brewer referred to as extraordinary data analytics to inform a better allocation of resources.

The COVID‑19 pandemic has spurred a dramatic digital revolution in the healthcare sector in the way patients interact with doctors and other service providers. Pre-pandemic, the sector’s service model was arguably the least changed by the technology revolution, as in-person interactions were the rule. But the need for social distancing, as well as coordination in COVID‑19 response has forced the industry to make radical changes to this model, to everything from digitizing and sharing health records, to remote patient analysis, diagnosis and treatment delivery. McKinsey estimates that revenues from digital health will increase to $600b in 2024 from $350b in 2019 as this revolution takes hold.

A CrowdStrike survey conducted in August and September of 2,200 companies across the US, UK, Germany, Japan, Australia, Italy, India, Netherlands, Spain, Singapore, France and the Middle East, and across different sectors found that 56% of responding organizations were hit by at least one ransomware attack in the last year. Indian and Australian companies reported the highest breach incidence, and 22% of US companies reported being hit by more than 1 attack during that period. 27% of victims admitted paying the demanded ransom, which averaged $1.1m.

Goldman Sachs spotlighted 50 companies in the S&P 500 that it expects to benefit the most from ESG selection criteria. Focus was put on evaluating Environmental and Social metrics, with Goldman pointing out that the top quintile companies based on ‘E&S’ factors in the MSCI ACW Index generated 11% annual returns since 2012, vs 8% returns for companies in the bottom quintile.

After being the dominate theme in the hundreds of portfolio managers, ESG has been downgraded as a priority this year by portfolio managers surveyed by Edelman. ‘Social’ in ESG saw the biggest jump among investor priorities, especially in the US where it saw a 15% jump from last year among respondents.

Home Depot (HD) 3Q20 results beat expectations with sales increasing 23% year-on-year to $33.54b and net income rising 24% to $3.43b as the consequences of the pandemic continued to be positive for the home improvement giant. Work from home and lockdowns translated into a big increase in demand for many HD products, including DIY related projects, home offices, and garden and outdoor goods. Digital sales increased 80% year-over-year, with 60% of those orders being picked up by customers in the stores. HD shares are up 28% year to date, vs 12% for the S&P500.

A recently released World Economic Forum (WEF) report on cyber information sharing calls attention to how “The COVID‑19 pandemic has led to rapid digital transformation in many workforces and sectors, further increasing the dependency of our global economy on digital infrastructure.” According to WEF: “Trusted, secure and scalable cyber information sharing needs to be a foundational platform on which all participants of the digital ecosystem can rely.”

Honeywell beat estimates in Q3 despite a 14% YoY drop in revenue and a 25% decrease in earnings. Aerospace (-25%), building technologies (-8%) and performance materials and technologies (-16%) got hit the hardest, while the company saw an increase defense and space, warehouse automation and personal protective equipment.

Perimeter scanning of 3,514 corporate networks in the finance, manufacturing, IT, retail, government, telecoms and advertising sectors conducted by Positive Technologies found high-risk vulnerabilities at 84% of the organizations. 47% of the detected vulnerabilities can be eliminated by making sure recommended updates have been installed in the software, and the causes of the vulnerabilities — absence of recent software updates, outdated algorithms and protocols, configuration flaws, mistakes in web application code, and accounts with weak and default passwords — are in general easy fixes.

Home Depot (HD) Chief Information Officer Matt Carey detailed to the Wall Street Journal how the company’s Digital Transformation strategy enabled it to successfully meet the unprecedented shift in customer demand and business operations caused by the COVID‑19 shutdown. HD’s cloud-based IT infrastructure supported the huge increase in online sales while competitors struggled to adapt as smoothly to the new environment. HD’s cloud back-end meant these initiatives could be launched much more quickly than if they managed their own IT hardware infrastructure.

Cyberhedge 5-Star rated Union Pacific (UNP) Q3 results announced last week saw year-on-year a drop in net income of $1.4 billion (from $1.6 bn in Q3 19’), and operating revenue of $4.9 billion was down 11% in third quarter 2020 compared to third quarter 2019. But YTD free cashflows (FCF) were up to ~$1.93bn (compared to $1.83bn in 19’) due in part to a 58.7% operating ratio, an all-time quarterly record for the company. This included +11% increase in locomotive productivity and +13% increase in worker productivity — both key metrics for the company’s Unified 2020 Plan.

Top cyber security experts highlight the difficulty in assessing the quality and capabilities of cybersecurity products has led to a broken market. In this market, customers have low confidence in their ability to properly analyze, assess and manage products on the market, as well as their own organizations overall cyber security posture.

Technology and the COVID‑19 pandemic are combining to rapidly transform the beauty industry. Artificial Intelligence (AI) and Augmented Reality (AR) allow a degree of personalization that is helping offset the loss of in-person product sampling that has long been a cornerstone of the cosmetics industry. Imaging and analysis technologies can detect issues such as skin oiliness, wrinkles and dark spots in a way that previously could only be done face to face.

A Tessian survey of 250 IT leaders and 2,000 working professionals in the US and UK conducted in August revealed that 1/3 of employees will not consider working for a company that does not offer remote working, and only 11% replied that they want to work exclusively in an office post-pandemic. 75% of IT leaders agree that permanent remote or ‘hybrid’ work will become the norm post-pandemic, and 85% report that this will increase pressure on their and their team’s abilities to secure IT systems.

Billion-dollar eyewear giant EssilorLuxottica (EL) has reportedly suffered a ransomware attack that led to the shutdown of operations in Italy and China last week. It appears to have disrupted web-based commerce sites like Ray-ban and LensCrafters.

Credit card affiliations at airline loyalty programs provide a significant revenue contribution to the airlines and have grown sharply during the COVID‑19 disruptions. Delta Air Lines received $4.1B in 2019 (approx. 9% of Group revenue) from their co-branded credit card program with American Express, up from $1.7B in 2012. Revenue from this program has been relatively stable in 1H20 (down only 5% from 1H19) as consumer spending using Delta-branded AmEx cards has been uncorrelated with the collapse in air travel. As a result of this stable credit card related revenue while airline ticket sales have collapsed, credit card affiliation revenue was well over 50% of Group revenue in 2Q20. United Airlines recent disclosures reveal that its credit card loyalty program is also a significant source of revenue.

As retail has been disrupted nearly as much as any sector in the wake of COVID‑19, there are some clear lessons learned on how the landscape has dramatically shifted. Companies that were executing well on digital strategies have outperformed while those that weren’t have not only underperformed but many are no longer in business.

The US Department of Energy is expected to release detailed proposals by the end of September limiting the use of foreign equipment in the US power grid. These follow a May 1, 2020 Executive Order by President Trump ordering a ban on the use of utility infrastructure manufactured by ‘foreign adversaries’ due to the risk they pose to the power grid’s cybersecurity. Complying with the order will be complex due to the current reliance on foreign suppliers as well as global supply chains which stretch across many countries. In addition, vendor lists for utilities often number in the hundreds or even thousands and ensuring each one is in compliance will be a time consuming—and expensive—task.

Two recent pieces of consumer goods companies—Kuerig Dr. Pepper and Target—outline how digital transformation is changing the way they operate and seek to expand margins and make profit.

Rubrik, a leading data center backup and recovery provider, recently released a report analyzing the best approaches to managing the financial cost of ransomware. It contends that one reason the financial cost of operational disruptions is so high is because most of the focus and resources are placed on prevention rather than recovery. The report claims that a ‘belt and braces’ approach—one that ensures back-ups cannot also be easily compromised when core IT infrastructure is impacted—helps limit data loss and operational damage. Yet in 23% of cases, backup data was affected prior to the ransomware attack being identified. 30% of those who had experienced a ransomware attack said that it took days to recover.

Following a reported 62% drop in revenue in Q2, Levi’s is outlining the steps it is taking to accelerate its own digital transformation amid COVID‑19. Steps include investing in online sales growth and direct-to-consumer sales in addition to scaling down physical store growth from the planned 100 this year to 70. CEO Chip Bergh’s comments during the company’s recent earnings call captured this strategy well.

In the words of one commentator, COVID‑19 has been the final blow for several retailers that were considered ‘the walking wounded’ prior to the pandemic. The two dozen Chapter 11 filings this year have exceeded 2019’s total and show no signs of slowing down as the disruption and uncertainty continues into the second half of the year.

IBM 2Q 2020 earnings are a tale of two business models. Revenue from its cloud-related businesses surged 30% to $6.3b, while overall group revenue declined 5.4% to $18.12b. 2Q net income was $1.36b. Services and Consulting businesses were weak spots as client companies look for cost savings and postpone spending in the wake of COVID‑19, with CFO Kavanaugh noting that “many clients continued to delay projects, defer purchases, and favor opex over capex spending.”

The SEC’s Office of Compliance Inspections and Examinations (OCIE) warned of a recent increase in the sophistication of ransomware targeting financial service providers. The OCIE issued guidance on tactics and techniques organizations can use to guard against these attacks, broken down into six key areas: Incident response and resiliency policies, procedures and plans, Operational resiliency, Awareness and training programs, Vulnerability scanning and patch management, Access management, Perimeter Security.

The Honeywell USB Threat Report 2020 called attention to the rising threat facing industrial control systems (operational technology) amid the continued digitization of industrial processes. According to the report, “as the second most prevalent attack vector into industrial control and automation systems, USB devices continue to play an important role in these types of targeted attacks.”

Citrix has issued patches for 11 CVE-listed security vulnerabilities in its various networking products. This is the third in a series of ‘must patch’ vulnerabilities in recent months for Citrix, and it comes on the heels of a public breach the company announced in March of 2019.

The Financial Times reports that over the first 4 months of 2020, the S&P 500 ESG Index outperformed the normal index by 0.6%, and the MSCI Emerging Markets ESG Index and Asia-focused Asia ESG leaders index outperformed their parent indices by 0.5% and 3.83% respectively. Blackrock also reports outperformance by most ESG indices globally over their non-ESG peers.

DXC Technology, an already struggling IT services provider, was hit by a ransomware attack that has paralyzed part of its business. According to the company, the part of its business impacted was Xchanging, “primarily an insurance managed services business that operates on a standalone basis.” As of July 5th, DXC indicated it was confident the damage was confined to this part of the business.

Swiss Re, the world’s second largest reinsurer, has called for companies to release ‘cyber resilience’ reports, saying there needs to be more transparency into how prepared they are to defend against attacks. The company indicates that in the wake of COVID‑19, there will be greater pressure on companies to demonstrate how resilient they are in the face of increasing risks.

IBM Security Work from Home survey of more than 2,000 newly remote work employees in the US reveals unpreparedness for remote work, and also provides a picture of companies slow to implement new training in response to this increased threat environment.

Insurer Hiscox’s Cyber Readiness Report 2020 surveyed 5,569 cyber security professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland.

Cognizant, one of the world’s largest IT outsourcing companies, disclosed this spring that cybercriminals “exfiltrated” data related to employees’ corporate credit cards among other personal data including Social Security numbers, tax IDs, financial account information, and driver’s license and passport details.

The US Cyber Solarium Commission’s recently released white paper, Cybersecurity Lessons from the Pandemic draws parallels between the disruptions of the pandemic and the disruptions the US would experience during a significant cyber attack.

L’Oreal, the largest cosmetics company in the world, has seen a huge increase in digital engagement and online sales during the COVID-19 shutdowns, and expects these trends to stick and even increase in the coming years. Echoing other companies that have seen a similar acceleration due to the pandemic on their digital initiatives, Chief Digital Officer Lubomira Rochet remarked: “In ecommerce, we achieved in eight weeks what it would have otherwise taken us three years to do.”

Australia and New Zealand’s largest drinks manufacturer, Lion, was hit by a ransomware attack on June 9th. As of Monday June 15th, systems were still ‘partially down’. Per Lion: “Our investigations have shown that a partial IT system outage at Lion is a result of a ransomware attack. In response, we immediately shut down key systems as a precaution. We have made good progress, however there is still some way to go before we can resume our normal manufacturing operations and customer service.”

Zara owner Inditex reported that it will permanently close 16% of its global outlets (1,200 stores) by the end of 2021 and shift towards a strategy more focused on online sales. This trend of increasing online sales was already growing pre-COVID‑19, but has accelerated due to the pandemic. Inditex’ online sales increased 95% in April, and the company estimates that online sales will account for more than 25% of total sales by 2022, up from 14% in 2019. Inditex will spend 1b euros on digital investments over the next three years to support its online sales efforts. Most of the store closures will take place in Europe and Asia.

A ransomware attack disrupted Honda’s global operations on Monday, and is suspected to have penetrated the company’s corporate network. This comes at a time when Honda was just getting operations back to fuller capacity after the Covid-19 driven complete suspension at major facilities, and while it is struggling with a drop in auto and motorcycle sales in every major market. Honda staff were advised not to access their work computers on Monday, and to take paid leave on Tuesday if possible.

ECB President Christine Lagarde’s comments to the Committee on Economic and Monetary Affairs of the European Parliament positioned digital transformation as an important priority for Europe’s economic recovery effort. Lagarde: “Another key dimension is the digital transformation. Here, the recent lockdowns have accelerated the adoption of digital technologies on a broader basis. Now is the time to expedite the digital transformation on a more permanent basis and bring the EU to the frontier of the digital economy.”

Industrial companies are greatly increasing their use of data management tools both as a response to Covid-19 workforce reduction issues, and due to the productivity improvements good data monitoring, analysis and control can provide. Annual spending on these tools is forecast to increase from $5b/year today to $20b/year by 2026. Meanwhile, Kaspersky detailed a series of attacks in Japan, Italy, Germany and the UK which targeted suppliers of equipment and software for industrial companies.

Macy’s announced a $1.1 billion bond sale to help shore-up the struggling retailers balance sheet as it navigates the COVID‑19 shutdown. The fresh injection of capital is needed to pay down short term debt maturing in January 2021 and fund operations in the immediate term.

Data from 30m McAfee MVISION Cloud users worldwide between January and April 2020 show external attacks by hackers on companies’ cloud-based systems have increased 630 percent following the mass migration to work from home. Overall enterprise use of cloud services has increased by 50 percent over the same time period. Use of Cisco Webex has increased 600 percent, Zoom by 350 percent, Microsoft Teams by 300 percent and Slack by 200 percent. Attacks by ‘insider threat’ categories (i. e. employees working from home) have remained the same, indicating that employees do not ‘attempt to steal more data because they are working from home’.

A WSJ article chronicled how HTZ was struggling long before COVID‑19, including reference to its belated digital shift relative to peers and repeated missteps with regard to its digital strategy. This reportedly included adverse impacts on fleet management while it cycled through four CEOs in less than 10 years.

British low-cost carrier EasyJet (EZJ) disclosed a customer data breach that the company says impacted 9 million customers. A majority of the data stolen was reportedly email and physical addresses, but a smaller percentage of customers reportedly had credit card details stolen. EZJ first became aware of the breach in January.

Companies are struggling with increasing compliance burdens that are taking up significant portions of corporate IT budgets and time. 51 percent of respondents report that compliance requirements take up 20,000 hours of resources annually. In addition, 58 percent of companies report that compliance requirements are a barrier to entering new markets. 70 percent say they must manage at least five different compliance projects at any given time, while 7 percent work on 50 or more projects at any given time.

A NYT Times story explains how the fall of two retail giants—J. Crew and Neiman Marcus stemmed not only from the pandemic but also from the involvement of private equity firms and the financial over-engineering they deployed. The longstanding weaknesses of some traditional bricks and mortar retailers which include belated or poorly executed digital strategies are also directly related to an inability to make big investments due to being overleveraged. These weaknesses were further exposed by the pandemic, resulting in the recent bankruptcy filings.

Vulnerabilities in SaltStack software were used as a vector to infect cloud servers with malware or other exploits, with over 6,000 master servers reportedly infected and directly exposed to the internet according to the company, allowing them to be breached. The vulnerabilities were discovered about two weeks ago, and several networks have already reported that they have been breached and had cryptocurrency mining malware deployed onto their servers. More damaging attacks such as data theft and ransomware are possible. A patch is now available for the vulnerability.

Pitney Bowes Inc. (PBI) experienced a second ransomware attack in seven months on May 4th. The ransomware gang Maze claimed to have breached and encrypted the company’s network. The incident was confirmed by PBI in a statement: “Recently, we detected a security incident related to a ransomware attack. We are investigating the scope of the attack, specifically the type of data that had been accessed, which appears to be limited.” PBI is working with its security partner IBM Iris to complete forensic analysis on the attack.

Citing a recent report by market research firm Canalys, the WSJ depicts a mixed picture on market-wide digital transformation prospects. Though Microsoft’s year-on-year enterprise cloud growth grabbed headlines, also included in results was the company’s admission that multi-year licensing deals were slow to complete in the final weeks of the quarter —just as the COVID‑19-induced slowdown was taking hold. Some analysts see a positive long-term trend towards digital being brought forward by the pandemic. Others see a slowdown in IT spend and longer-term licensing commitments and investment in cloud initiatives like further AI adoption in the short term as companies scramble to cut costs.

A survey by Barracuda of over 1,000 business decision makers in the UK, US, France and Germany reveals significant cyber security deterioration from the recent sudden shift to remote working. 51 percent have seen an increase in email fishing attacks, 51 percent say their workforce is not proficient or properly trained in the cyber risks associated with remote working, 46 percent are not confident that their web applications are secure, 50 percent allow employees to use personal email addresses and personal devices to conduct company work, 49 percent fully expect to see a data breach or cybersecurity incident in the next month due to remote working. Despite this clear increase in the threat surface, 40 percent of the companies have cut their cybersecurity budgets as part of COVID‑19 cost saving measures.

Fitch expects COVID‑19 related economic impacts to test the growing cyber insurance market due to risks around cloud-related breaches and other operational disruptions that could result in capital constraints and impact ratings.

“We’ve seen two years’ worth of digital transformation in two months. From remote teamwork and learning, to sales and customer service, to critical cloud infrastructure and security—we are working alongside customers every day to help them adapt and stay open for business in a world of remote everything,” said Satya Nadella, chief executive officer of Microsoft on the announcement of strong Q3 results today.

Travelex announced that it is seeking offers and that interested parties should contact PricewaterhouseCoopers. Travelex’s business was severely impacted by its December 2019 cyber breach, which put the company in a very difficult financial position even before COVID‑19 disruptions hit.

A WSJ report outlined how increased cyber risks amid COVID‑19 are posing increased challenges for M&A transactions globally.

A survey of 2,000 remote workers in the UK reveals that two-thirds have not received cybersecurity training over the past year, and 61 percent said they were using personal devices to work remotely instead of corporate-issued devices. Despite these shortcomings, 77 percent reported that they are not worried about security while working from home.

A recently published Trustwave report looking at cybercrime globally found that far and away the most common environment breached is corporate and internal IT networks (54%), followed by ecommerce (22%) and the cloud (20%). In the thousands of incidents studied, the report found that 50% of breaches across all environments stemmed from phishing and social engineering.

Zurich Insurance outlined how companies can defend against ransomware at a time when cyber vulnerabilities have increased amidst the COVID‑19-induced shift to remote work. The approach leverages the NIST framework, widely seen as the global standard for improving cyber defense.

MSC reported Friday that a network outage is affecting systems at its Geneva headquarters, and that a cyber attack might be responsible. As of Tuesday 16:00 GMT, the MSC website is still down and the company has released very little new information. General operations appear not to be widely impacted yet, but precedent shows that an operational disruption can be extremely value destructive to a company like MSC.

At a hearing on March 4 before the U. S. Senate Judiciary Committee, Department of Justice (DoJ) Deputy Assistant Attorney General for National Asset Protection in the National Security Division Adam Hickey called upon Congress to enact legislation that would create a uniform nationwide data breach disclosure law and include a requirement that companies report breaches not just to customers but also to law enforcement.

Ransomware attacks on the healthcare industry continue at the same frequency as before COVID‑19, despite recent promises by some hacker groups to avoid targeting the industry during the current crisis.

A Wall Street Journal article outlined the accelerated pace of corporate bond downgrades amidst the COVID‑19 pandemic and economic crisis. It has been the swiftest pace of downgrades on record over the last two weeks. Ford was the latest big name to be downgraded to junk, while approximately $90bn of debt was downgraded in March, and some estimate the number to reach $200bn this year.

As Zoom’s popularity has exponentially increased in recent weeks due to the mass migration to remote work, reports on security flaws continue to trickle out. Former NSA hacker Patrick Wardle shared with TechCruch two new security flaws that can be exploited to grant hackers physical control of a victim’s computer. Malicious code can be injected into a computer via a Zoom installer to gain root access—the highest level of user privileges.

Enterprise use of VPNs has increased by 33 percent, and use of Remote Desktop Protocols (RDP) has increased by about 40 percent over the past month as companies respond to COVID‑19 by having employees work from home. These systems increase the risk of a breach of company IT systems as they are inherently less protected than onsite systems and as employees use external access systems that they are less familiar with.

Macy’s announced it is furloughing a majority of its 130,000 staff globally in the midst of the COVID‑19 crisis that has ground brick-and-mortar retail to a halt. Staff that remain will maintain e-commerce, distribution, and call centers operations.

The unprecedented challenges posed by the COVID‑19 outbreak extend to securing companies’ IT networks, and this event may be the biggest cybersecurity threat ever. Threat surfaces are also increasing dramatically as large numbers of workers are forced to work from home, often with systems and procedures that are different from those they are trained on and familiar with in their workplace.