In our first interview for this quarter, we share an eye opening conversation we had with Bill Mew. He is a former officer in the Royal Navy, a former global communications leader for IBM’s Financial Services Sector - the top global fintech player, and former cloud strategist for UKCloud - the top UK govtech player and the fastest growing privately-held tech firm in Europe.
He is currently the CEO of a cyber crisis firm, CrisisTeam.co.uk, and also a leading strategist and campaigner for striking the right balance between digital transformation ‘changing the world’ (including cloud, AI, etc) and digital ethics ‘doing the right thing’ (including privacy, security, etc). As we move beyond the tech revolution and tech backlash, we need to find a new equilibrium that not only provides meaningful protection, but also maximises overall economic and social good and that’s what Bill is poised to do.
In addition, Bill is not only one of the top global social influencers for a range of technology issues, but he also appears regularly in the press and on broadcast media. Indeed, he has more broadcast airtime than any other technologist in the UK, appearing almost weekly on broadcast TV and Radio (BBC, RT, etc) as an expert on digital ethics, data privacy, social media regulation and digital transformation.
- What are your current goals?
I am working with both sides of the privacy debate; the privacy campaigners and also the tech firms, to find a new equilibrium that not only provides meaningful protection but also maximises overall economic and social good.
I also provide cyber crisis management services - working alongside the UK’s top cyber law experts, my team helps firms mitigate against, prepare for, and if necessary, deal with the impact of data breaches. We have a particular focus on rapidly formulating a legally defensible narrative, conveying this effectively and also leveraging a network of global social influencers to counter any hysteria and misinformation.
- How did you decide this was the industry you wanted to dominate? Or How did you find yourself in this industry?
I have always worked as a strategist in the tech sector but my focus on privacy has been more recent.
UKCloud is a small UK SME with only 200 staff that attempted to take on the global cloud giants (Amazon, Microsoft and Google). It focused on specialisation, working only in the UK public sector, and differentiation, providing UK-sovereign cloud services with a higher level of data assurance. It succeeded in capturing over 30% market share in the UK public sector, becoming the fastest growing privately-held tech firm in Europe and being the only small local player anywhere in the world to beat the giants at their own game.
To do so, we needed to gain a high profile and to focus on differentiating issues such as data sovereignty, security and privacy. With limited staff and budget, I had no choice but to be innovative and to do most of the things myself – acting as the strategist, the content creator, the marketing communications guru and the spokesperson. By employing smart social tactics, I was able to grab headlines and dominate the TV airwaves on these issues and in doing so I created social influence for myself and others within the organisation, all of which we deftly applied to support the objectives, messages and agenda of UKCloud.
For example, one tactic that I used on behalf of UKCloud to destabilize the opposition and increase the focus on privacy was to work with Max Schrems, (the privacy campaigner famous for bringing down Safe Harbor, the precursor to Privacy Shield). Six months before GDPR, Max was pushing a crowd-funding campaign to launch a “privacy enforcement” NGO called NOYB (None Of Your Business). He was struggling to hit the crowdfunding target, so I swung into action creating a twitter storm and a wave of press coverage that enabled them to exceed their target and launch NOYB, which went on to bring cases against the tech giants on day one of GDPR.
- What are you doing to ensure you continue to grow and develop as an industry leader?
The whole privacy versus innovation debate will roll on for some time to come. The thing that people often overlook is the fact that data protection is one of the most important aspects of guarding privacy. Unfortunately, cyber attacks are at an all-time high, and the general level of preparedness is far too low. Cybersecurity spending is on the rise, but the levels of cyber insurance and cyber crisis management cover is concerningly low. Keeping on top of these issues and encouraging best practice is essential for a global evangelist in this space.
- Did you have any formal education in this space or you schooled yourself via books and online courses?
I started out as a Weapons Engineer in the Royal Navy - working on missile guidance systems, radar and communications and chasing Russian submarines in the Baltic. I built on my degree and experience in electrical engineering, supplementing it with marketing qualifications and an executive MBA course. I am also, however, a news junkie so I always keep myself up to date on the latest issues in tech, business and politics come naturally to me.
- What does your industry look like a year from now? Five years? Ten years?
A while ago, nobody thought that regulating privacy or ethic issues would be possible. GDPR showed that it was not only possible but was entirely practical. Now, there is a broad acceptance that some form of privacy regulation will inevitably follow in the US and elsewhere, and rather than dismissing such measures, big tech is now scrambling to limit its impact. All such regulation needs to strike the right balance though - between protection and innovation.
- Are you mentoring anyone? If Yes, would you encourage everyone to get a mentor and why?
- What’s the most important factor you consider when hiring someone?
Real passion and innovation are hard to find - such traits are essential in this line of work. We don't have big budgets or teams to work with, so we have to be really innovative if we are to outsmart rivals and provide any real influence or change in the market.
- Which one thing do you wish you would have done differently?
I was slow to get into social media and to realise its potential. It is now an indispensable tool in all that I do, but I wish I had started growing my following earlier. My advice to others would be DON'T WAIT - start building your social profile and developing your social persona now.
- What would you advise a new e-commerce merchant to get a grasp on with regards to your industry?
If you're not doing it already then start taking privacy and data protection seriously. Your customers care about how you handle and protect their data. They want organisations to take a stand on data security and privacy – seeing it as more important than either diversity or sustainability initiatives.
As you do so, however, you need to be aware of the four following systemic issues that authorities cannot afford to ignore and that you need to understand:
1: Authorities are ignoring the incompatibility between the EU which won't compromise on privacy, a fundamental human right in Europe, and the US which won't compromise on mass surveillance, seen as essential for its security.
2: Authorities are also ignoring the incompatibility between GDPR's right to be forgotten and blockchain's immutability. And the fact that most blockchains are vulnerable to 'poisoning'.
3: Local social media regulations to combat ‘online harms’ are either futile (UK) or overreaching (Australia) as there is unlikely ever to be international agreement on its definition or jurisdiction.
4: Just as Western societies are becoming more interconnected and vulnerable than ever before, the US is losing its overwhelming global technological superiority (in both commerce and espionage).
Secondly, there are four further issues that businesses cannot afford to ignore in their own planning:
5: We are in an AI-powered cyber arms race, where black and white hats are battling to uncover vulnerabilities that they can either exploit or patch, but the black hats only need to be lucky occasionally while the white ones have to be lucky all the time.
6: Rather than harvesting consent or using overly complex privacy policies to avoid fines, organisations need to be adopting a company-wide culture of digital ethics if they want to build digital trust in their brands.
7: The rate of cyber insurance coverage is woefully low and some policies are inadequate, while many of the risk ratings on which many cyber insurance premiums are based are far too crude.
8: The level of cyber crisis management preparedness is also woefully low, with many traditional crisis management techniques being inappropriate in a cyber crisis anyhow.
If you take all eight of these points on board, then you should be well placed to minimise the chances of any potential incident and cope with the impact if it happens.