Category: Technology-Driven Disruptive Change

NB: Privacy, Data and Cookies Policy, Protects Facebook from Litigation

JUNE 7, 2017 CLIENT ALERT

Privacy Policy Rescues Facebook from Costly Litigation

From Michael Best & Friedrich.
We have all gone to a website and, in accessing the website’s services, have agreed to terms and conditions that include a litany of policies, including privacy policies governing how the company maintaining the website will use our information obtained while accessing the website. One such specific website that most, if not all, of us have used is Facebook. While we may not pay very close attention to privacy policies such as data and cookie policies, those policies explain that Facebook uses cookies or browser fingerprinting to identify users and track what third-party websites users browse. Such privacy policies serve an important function for any company, including Facebook, to help protect against potential liability for use of a consumer’s information. Indeed, Facebook’s privacy policy just carried the day in getting a case dismissed against it in which the Plaintiffs alleged a litany of causes of action against Facebook, including violation of the Computer Fraud and Abuse Act, California Invasion of Privacy Act, Health Insurance Portability and Accountability Act, and other common law claims.
In Smith v. Facebook, Inc., Case no. 16-cv-1282, the Northern District of California dismissed the claims against Facebook, with prejudice, based upon Facebook’s user agreement. There, the Plaintiffs argued that Facebook violated numerous federal and state statutes, as well as common law, by tracking and collecting its users’ web browsing activity, including sensitive information from various healthcare websites. In dismissing the case, the Court found that Plaintiffs had consented to Facebook’s tracking and marketing activity when they agreed to Facebook’s “data policy” and “cookie policy” when opening a Facebook account. The Court further found that while the applicable policy provisions were broad, they were not vague and provided adequate notice of the tracking activity in which Facebook engaged. For example, a portion of Facebook’s “cookie policy” explained that “[t]hings like Cookies and similar technologies (such as information about your device or a pixel on a website) are used to understand and deliver ads, make them more relevant to you, and analyze products and services and the use of those products and services . . . we use cookies so we, or our affiliates and partners, can serve you ads that may be interesting to you on Facebook Services or other websites and mobile applications.” Simply put, Facebook’s privacy policy, which Plaintiffs had agreed to when they signed up for Facebook, was adequately clear to permit Facebook to track and collect Plaintiffs’ web browsing activity, including browsing of healthcare related information. In so finding, the Court rejected Plaintiff’s arguments that the policies were buried and overbroad.
Facebook’s recent victory is a good reminder of the importance of having a thorough and clear privacy policy. Any company that collects or uses consumers’ information should aim to have a transparent and broad privacy policy to help guard against liability.

Albert Bianchi, Jr.
abianchi@michaelbest.com
T.608.283.4425

Michelle L. Dama
mdama@michaelbest.com

Heads Up: Boards, Businesses, Leaders- CyberSecurity, Risks and Responsibility, Heightened Requirements.

Dickinson Wright

Corporate boards recognize that cybersecurity is and will remain a high priority because of the attendant risks on so many levels. And two recent matters – one a case and the other a high profile internal investigation – portend that an imminent frontier in corporate monitoring will be cybersecurity.

Cybersecurity is “hot” and will stay “hot” for corporations, executives, regulators, law enforcement and legislators. Rarely is there a corporate compliance discussion in 2017 where cyber isn’t “the” topic or a material part of the discussion. Corporate boards recognize that cybersecurity is and will remain a high priority because of the attendant risks on so many levels. And two recent matters – one a case and the other a high profile internal investigation – portend that an imminent frontier in corporate monitoring will be cybersecurity.

Recent governmental attention to corporate cybersecurity programs suggests strongly that cyber oversight will be the next priority area for corporate compliance monitoring. The Securities and Exchange Commission (SEC), for example, announced in January 2017 that cybersecurity compliance procedures would be a key focus for its Office of Compliance Inspections and Examinations (OCIE) this year.i OCIE previously announced cybersecurity as a priority for its 2016 examination program,ii tracking its September 2015 cybersecurity examinations initiative.iii Considering prior enforcement actions by the SEC against investment advisors and broker-dealers to address allegedly inadequate cybersecurity policies that enabled data breaches, the SEC’s announcement is no surprise. Similarly, the Federal Trade Commission (FTC) has been flexing its enforcement muscle through actions alleging that policy failures led to the exposure of confidential consumer information.iv These actions consistently result in settlements that impose cybersecurity enhancements designed to prevent similar future incidents. In the absence of an informed and sufficient monitoring program, however, it is difficult to assess effectively whether the corporations are implementing the negotiated settlements properly and, perhaps more importantly, as expected by the agency.

The SEC has a well-established track record for using independent corporate monitors across a broad range of cases. The FTC, on the other hand is in its infancy doing so, somewhat surprisingly. In a September 2016 settlement, the FTC jumped into the monitorship space by imposing a monitor to ensure compliance with a settlement that required a company to change fundamentally its compensation structure by rewarding actual sales rather than recruitment of new distributors. Although that FTC settlement did not present a cybersecurity issue, the FTC nevertheless set the stage to connect monitorships with the agency’s already active regulatory attention to cybersecurity matters. An example of such an opportunity presented on March 1, 2017 when Yahoo announced, in its Form 10-K filed with the SEC,v that as a result of an internal investigation associated with three cybersecurity incidents – including the theft of data from more than one billion accounts – the Company “took certain remedial action, notifying 26 specifically targeted users and consulting with law enforcement.” The 10-K describes the cyber-centric “other remedial actions” as follows:

The Board has directed the Company to implement or enhance a number of corrective actions, including revision of its technical and legal information security incident response protocols to help ensure: escalation of cybersecurity incidents to senior executives and the Board of Directors; rigorous investigation of cybersecurity incidents and engagement of forensic experts as appropriate; rigorous assessment of and documenting any legal reporting obligations and engagement of outside counsel as appropriate; comprehensive risk assessments with respect to cybersecurity events; effective cross-functional communication regarding cybersecurity events; appropriate and timely disclosure of material cybersecurity incidents; and enhanced training and oversight to help ensure processes are followed.

The 10-K also references 43 related class action lawsuits and the company’s cooperation with the SEC, the FTC, the United States Attorney’s Office for the Southern District of New York, and two State Attorneys General. Additionally, the General Counsel and Secretary resigned, receiving no severance payments. Moreover, the CEO gave up $12 million in stock and did not receive her 2016 cash bonus. It is easy to see where breaches and remediation as Yahoo disclosed could become the door-opener for a cybersecurity monitor.

Traditional corporate monitoring models allow for the implementation of an independent monitor to oversee an organization’s compliance with imposed obligations over a period of time. Independent monitors, by operation of the monitorship agreement, typically receive access to the subject company’s personnel, files, books, and records that fall within the scope of the settlement agreement and have authority to take necessary steps to become fully informed regarding the monitored company’s operations, within the parameters of the agreement. The independent monitors also are free to communicate with the regulatory body (or agency) regarding the monitored company’s corrective measures (or lack thereof). If the subject organization is found not to have complied with the terms of the settlement (i.e., not adhering to the compliance and other policies, procedures and steps designed to remediate and correct the conduct that gave rise to the settlement), then penalties can be assessed, including reinstitution of the criminal or regulatory action(s), and extension of the monitorship. And, particularly in the cybersecurity area, systems vulnerabilities easily can challenge the test of compliance with the settlement terms.

Cybersecurity-related regulatory actions, however, usually do not follow this model. Instead, many cybersecurity settlements and consent orders mandate only that independent third-party professionals periodically assess and report on the implementation of information privacy and cybersecurity safeguards. Because cybersecurity settlement agreements do not typically include an active independent monitor with the requisite background and experience to assess an organization’s remedial cybersecurity measures on a granular level, the benefits of an imbedded qualified professional to ensure true remediation are absent from the impacted company. Ideally, a cybersecurity monitor would and should have through knowledge, skill, training, experience, or education sufficient up-to-date technical expertise and a measurable level of experience – preferably a minimum of five years of demonstrable experience dealing with cybersecurity or incident responses – to act in a cyber-monitoring capacity. Also, the cybersecurity monitor should hold a minimum of one relevant technical certification. Instead, the present norm is the less beneficial periodic spot-checking undertaken by professionals who likely do not have the level of knowledge of the organization or an in-depth appreciation of the issues surrounding what gave rise to the settlement and need for remediation in the first place.

This seemingly minimalist approach to corporate cybersecurity monitoring is surprising because proper implementation of cybersecurity safeguards is, by design, meant to be tailored to a specific organization. It is not always clear, however, that proper implementation necessarily will satisfy regulators’ expectations. For example, many experts view the National Institute of Standards and Technology’s Framework for Improving Critical Infrastructure Cybersecurity (the “Cybersecurity Framework”) to be a benchmark for modern digital security implementation standards. In a seeming inherent contradiction, the FTC has opined that (1) the Cybersecurity Framework is not something with which an organization can “comply,” and (2) even if an organization follows the NIST Cybersecurity Framework (which the FTC describes as “a set of industry standards and best practices to help organizations identify, assess, and manage cybersecurity risks”), then that does not necessarily mean an organization’s cybersecurity policies will withstand regulatory scrutiny.vi Additionally, cybersecurity enforcement actions often are precipitated by incidents exposing sensitive third-party information, which in turn result in the near inevitable perceptions of an absence of cybersecurity buy-in from management teams and a failure to fully appreciate various cybersecurity risk vectors. Periodic spot-checks of corporate policies, and even implemented practices, can miss these issues; meanwhile, an independent and informed monitor with appropriate in-depth knowledge of a company’s remedial efforts undertaken pursuant to a settlement agreement would be well-positioned to identify and remediate corporate deficiencies while simultaneously satisfying regulators’ expectations.

Properly addressing modern and emerging corporate and regulatory cybersecurity concerns demands a new compliance prism and model as part of settlement agreements with government agencies. Rather than simply accepting periodic external assessments, matters involving cybersecurity should be addressed more effectively through the use of a cyber-knowledgeable independent corporate monitor. That monitor will be able to appreciate the technical cyber and substantive needs of the subject company, have intimate knowledge of that company, and understand the goals and objectives of the regulatory body with the cyber-compliance expectations. Equally important is that the monitor will be in a position to ensure – from an informed position – that the company implements proper cybersecurity practices, and the Board, management and staff receive appropriate cyber-training. Thus, the not-too-distant future is now for cybersecurity monitoring and monitors.

i U.S. Securities & Exchange Commission, SEC Announces 2017 Examination Priorities (Jan. 12, 2017), https://www.sec.gov/news/pressrelease/2017-7.html

ii U.S. Securities & Exchange Commission, SEC Announces 2016 Examination Priorities (Jan. 11, 2016), https://www.sec.gov/news/pressrelease/2016-4.html

iii U.S. Securities & Exchange Commission, OCIE’s 2015 Cybersecurity Examination Initiative (Sept. 15, 2015), https://www.sec.gov/ocie/announcement/ocie-2015-cybersecurity-examination-initiative.pdf

iv E.g., Federal Trade Commission v. Wyndham Worldwide Corporation, 799 F.3d 236 (3d Cir. 2015); Federal Trade Commission v. D-Link Corp., No. 3:17-cv-00039 ((N.D. Cal. Compl. filed Jan. 5, 2017))

v https://www.sec.gov/Archives/edgar/data/1011006/000119312517065791/d293630d10k.htm

vi See Andrea Arias, Fed. Trade Comm., The NIST Cybersecurity Framework and the FTC (Aug. 31, 2016), https://www.ftc.gov/news-events/blogs/business-blog/2016/08/nist-cybersecurity-framework-ftc

Boards and Business Executives Beware- Possible Liability For Data Breach

Publication By Michael Best
Albert Bianchi, Jr.Michelle L. Dama, Adrienne S. Ehrhardt
MARCH 3, 2017CLIENT ALERT

Executives and Board Members Could Face Liability for Data Breaches

Executives and Board Members Could Face Liability for Data Breaches
By now, most everyone is aware that Yahoo was hacked in both 2013 and 2014 and had names, passwords, and other account data of between 500 million and one billion of its users stolen. Following the breach, various class action lawsuits brought against Yahoo by consumers and small business users of Yahoo ensued. The stolen data and lawsuits also caused Verizon to reduce its offer to purchase Yahoo by $350 million. Unfortunately for Yahoo, its inability to protect private account data has led to additional negative consequences.
In late February 2017, a group of Yahoo shareholders, guided by the Oklahoma Firefighters Pension and Retirement System, sued Yahoo, as well as some of its executives and board members, including the chairman of its Board of Directors, co-founder, and current CEO, for breach of their fiduciary duty to the shareholders stemming from the stolen account data. Although the complaint is sealed (and thus unavailable to the public), the lawsuit, which appears to be the first of its kind, seems to assert that Yahoo and its executives breached their fiduciary duty to shareholders by failing to disclosure the data security breaches to Yahoo account holders.
This lawsuit will be one to keep an eye on to see whether a failure to properly handle a data breach, and possibly even the data breach itself, can be considered a breach of a fiduciary duty to shareholders. Although this case appears to be the first of its kind, if it continues moving forward, it will undoubtedly spur like cases for other similarly situated entities that have suffered a security breach.
Other businesses that have been hacked and had personal account data stolen may be next in line for similar shareholder lawsuits. As such, the shareholder suit against Yahoo and its executives is yet another warning of how important it is for business to approach the need to properly protect personal data seriously. Whether its employee or customer information, businesses need to be on their guard and prepared to prevent and handle data breaches.

Business Leaders And Boards-Strategic Issues and Analytics In Business Planning and Competitive Action

Shared on LinkedIn.

The age of analytics: Competing in a data-driven world, suggests that the range of applications and opportunities has grown and will continue to expand. Given rapid technological advances, the question for companies now is how to integrate new capabilities into their operations and strategies—and position themselves in a world where analytics can upend entire industries.

Is big data all hype? To the contrary: earlier research may have given only a partial view of the ultimate impact. A new report from the McKinsey Global Institute (MGI), The age of analytics: Competing in a data-driven world, suggests that the range of applications and opportunities has grown and will continue to expand. Given rapid technological advances, the question for companies now is how to integrate new capabilities into their operations and strategies—and position themselves in a world where analytics can upend entire industries.

The age of analytics
Big data continues to grow; if anything, earlier estimates understated its potential.
A 2011 MGI report highlighted the transformational potential of big data. Five years later, we remain convinced that this potential has not been oversold. In fact, the convergence of several technology trends is accelerating progress. The volume of data continues to double every three years as information pours in from digital platforms, wireless sensors, virtual-reality applications, and billions of mobile phones. Data-storage capacity has increased, while its cost has plummeted. Data scientists now have unprecedented computing power at their disposal, and they are devising algorithms that are ever more sophisticated.

Earlier, we estimated the potential for big data and analytics to create value in five specific domains. Revisiting them today shows uneven progress and a great deal of that value still on the table (exhibit). The greatest advances have occurred in location-based services and in US retail, both areas with competitors that are digital natives. In contrast, manufacturing, the EU public sector, and healthcare have captured less than 30 percent of the potential value we highlighted five years ago. And new opportunities have arisen since 2011, further widening the gap between the leaders and laggards.

Progress in capturing value from data and analytics has been uneven.
Would you like to learn more about the McKinsey Global Institute?
Visit our Technology & Innovation page
Leading companies are using their capabilities not only to improve their core operations but also to launch entirely new business models. The network effects of digital platforms are creating a winner-take-most situation in some markets. The leading firms have remarkably deep analytical talent taking on various problems—and they are actively looking for ways to enter other industries. These companies can take advantage of their scale and data insights to add new business lines, and those expansions are increasingly blurring traditional sector boundaries.

Where digital natives were built for analytics, legacy companies have to do the hard work of overhauling or changing existing systems. Adapting to an era of data-driven decision making is not always a simple proposition. Some companies have invested heavily in technology but have not yet changed their organizations so they can make the most of these investments. Many are struggling to develop the talent, business processes, and organizational muscle to capture real value from analytics.

The first challenge is incorporating data and analytics into a core strategic vision. The next step is developing the right business processes and building capabilities, including both data infrastructure and talent. It is not enough simply to layer powerful technology systems on top of existing business operations. All these aspects of transformation need to come together to realize the full potential of data and analytics. The challenges incumbents face in pulling this off are precisely why much of the value we highlighted in 2011 is still unclaimed.

The urgency for incumbents is growing, since leaders are staking out large advantages, and hesitating increases the risk of being disrupted. Disruption is already happening, and it takes multiple forms. Introducing new types of data sets (“orthogonal data”) can confer a competitive advantage, for instance, while massive integration capabilities can break through organizational silos, enabling new insights and models. Hyperscale digital platforms can match buyers and sellers in real time, transforming inefficient markets. Granular data can be used to personalize products and services—including, most intriguingly, healthcare. New analytical techniques can fuel discovery and innovation. Above all, businesses no longer have to go on gut instinct; they can use data and analytics to make faster decisions and more accurate forecasts supported by a mountain of evidence.

The next generation of tools could unleash even bigger changes. New machine-learning and deep-learning capabilities have an enormous variety of applications that stretch into many sectors of the economy. Systems enabled by machine learning can provide customer service, manage logistics, analyze medical records, or even write news stories.

These technologies could generate productivity gains and an improved quality of life, but they carry the risk of causing job losses and dislocations. Previous MGI research found that 45 percent of work activities could be automated using current technologies; some 80 percent of that is attributable to existing machine-learning capabilities. Breakthroughs in natural-language processing could expand that impact.

Data and analytics are already shaking up multiple industries, and the effects will only become more pronounced as adoption reaches critical mass—and as machines gain unprecedented capabilities to solve problems and understand language. Organizations that can harness these capabilities effectively will be able to create significant value and differentiate themselves, while others will find themselves increasingly at a disadvantage.

About the author(s)

Jacques Bughin and James Manyika are directors of the McKinsey Global Institute, and Michael Chui is an MGI partner; Nicolaus Henke and Tamim Saleh are senior partners in McKinsey’s London office, Bill Wiseman is a senior partner in the Taipei office, and Guru Sethupathy is a consultant in the Washington, DC, office.
Article Actions

McKinsey on Disruptive Technology-Driven Change In The Automotive Industry.

McKinsey Dec 2016
Shared previously on LinkedIn:

“Technology-driven trends will revolutionize how industry players respond to changing consumer behavior, develop partnerships, and drive transformational change.”
You will note that some of the strategic issues raised, are similar to issues being faced by manufacturers of other complex products.The ability to recognize and effectively respond to these issues will be of increasing concern and value.

Today’s economies are dramatically changing, triggered by development in emerging markets, the accelerated rise of new technologies, sustainability policies, and changing consumer preferences around ownership. Digitization, increasing automation, and new business models have revolutionized other industries, and automotive will be no exception. These forces are giving rise to four disruptive technology-driven trends in the automotive sector: diverse mobility, autonomous driving, electrification, and connectivity.

Most industry players and experts agree that the four trends will reinforce and accelerate one another, and that the automotive industry is ripe for disruption. Given the widespread understanding that game-changing disruption is already on the horizon, there is still no integrated perspective on how the industry will look in 10 to 15 years as a result of these trends. To that end, our eight key perspectives on the “2030 automotive revolution” are aimed at providing scenarios concerning what kind of changes are coming and how they will affect traditional vehicle manufacturers and suppliers, potential new players, regulators, consumers, markets, and the automotive value chain.

This study aims to make the imminent changes more tangible. The forecasts should thus be interpreted as a projection of the most probable assumptions across all four trends, based on our current understanding. They are certainly not deterministic in nature but should help industry players better prepare for the uncertainty by discussing potential future states.

1. Driven by shared mobility, connectivity services, and feature upgrades, new business models could expand automotive revenue pools by about 30 percent, adding up to $1.5 trillion.

The automotive revenue pool will significantly increase and diversify toward on-demand mobility services and data-driven services. This could create up to $1.5 trillion—or 30 percent more—in additional revenue potential in 2030, compared with about $5.2 trillion from traditional car sales and aftermarket products/services, up by 50 percent from about $3.5 trillion in 2015 (Exhibit 1).

Connectivity, and later autonomous technology, will increasingly allow the car to become a platform for drivers and passengers to use their time in transit to consume novel forms of media and services or dedicate the freed-up time to other personal activities. The increasing speed of innovation, especially in software-based systems, will require cars to be upgradable. As shared mobility solutions with shorter life cycles will become more common, consumers will be constantly aware of technological advances, which will further increase demand for upgradability in privately used cars as well.

2. Despite a shift toward shared mobility, vehicle unit sales will continue to grow, but likely at a lower rate of about 2 percent per year.

Overall global car sales will continue to grow, but the annual growth rate is expected to drop from the 3.6 percent over the last five years to around 2 percent by 2030. This drop will be largely driven by macroeconomic factors and the rise of new mobility services such as car sharing and e-hailing.

A detailed analysis suggests that dense areas with a large, established vehicle base are fertile ground for these new mobility services, and many cities and suburbs of Europe and North America fit this profile. New mobility services may result in a decline of private-vehicle sales, but this decline is likely to be offset by increased sales in shared vehicles that need to be replaced more often due to higher utilization and related wear and tear.

The remaining driver of growth in global car sales is the overall positive macroeconomic development, including the rise of the global consumer middle class. With established markets slowing in growth, however, growth will continue to rely on emerging economies, particularly China, while product-mix differences will explain different development of revenues.

3. Consumer mobility behavior is changing, leading to up to one out of ten cars sold in 2030 potentially being a shared vehicle and the subsequent rise of a market for fit-for-purpose mobility solutions.

Changing consumer preferences, tightening regulation, and technological breakthroughs add up to a fundamental shift in individual mobility behavior. Individuals increasingly use multiple modes of transportation to complete their journey; goods and services are delivered to rather than fetched by consumers. As a result, the traditional business model of car sales will be complemented by a range of diverse, on-demand mobility solutions, especially in dense urban environments that proactively discourage private-car use.

Consumers today use their cars as all-purpose vehicles, whether they are commuting alone to work or taking the whole family to the beach. In the future, they may want the flexibility to choose the best solution for a specific purpose, on demand and via their smartphones. We already see early signs that the importance of private-car ownership is declining: in the United States, for example, the share of young people (16 to 24 years) who hold a driver’s license dropped from 76 percent in 2000 to 71 percent in 2013, while there has been over 30 percent annual growth in car-sharing members in North America and Germany over the last five years.

Consumers’ new habit of using tailored solutions for each purpose will lead to new segments of specialized vehicles designed for very specific needs. For example, the market for a car specifically built for e-hailing services—that is, a car designed for high utilization, robustness, additional mileage, and passenger comfort—would already be millions of units today, and this is just the beginning.

As a result of this shift to diverse mobility solutions, up to one out of ten new cars sold in 2030 may likely be a shared vehicle, which could reduce sales of private-use vehicles. This would mean that more than 30 percent of miles driven in new cars sold could be from shared mobility. On this trajectory, one out of three new cars sold could potentially be a shared vehicle as soon as 2050.

4. City type will replace country or region as the most relevant segmentation dimension that determines mobility behavior and, thus, the speed and scope of the automotive revolution.

Understanding where future business opportunities lie requires a more granular view of mobility markets than ever before. Specifically, it is necessary to segment these markets by city types based primarily on their population density, economic development, and prosperity. Across those segments, consumer preferences, policy and regulation, and the availability and price of new business models will strongly diverge. In megacities such as London, for example, car ownership is already becoming a burden for many, due to congestion fees, a lack of parking, traffic jams, et cetera. By contrast, in rural areas such as the state of Iowa in the United States, private-car usage will remain the preferred means of transport by far.

The type of city will thus become the key indicator for mobility behavior, replacing the traditional regional perspective on the mobility market. By 2030, the car market in New York will likely have much more in common with the market in Shanghai than with that of Kansas.

5. Once technological and regulatory issues have been resolved, up to 15 percent of new cars sold in 2030 could be fully autonomous.

Fully autonomous vehicles are unlikely to be commercially available before 2020. Meanwhile, advanced driver-assistance systems (ADAS) will play a crucial role in preparing regulators, consumers, and corporations for the medium-term reality of cars taking over control from drivers.

The market introduction of ADAS has shown that the primary challenges impeding faster market penetration are pricing, consumer understanding, and safety/security issues. Regarding technological readiness, tech players and start-ups will likely also play an important role in the development of autonomous vehicles. Regulation and consumer acceptance may represent additional hurdles for autonomous vehicles. However, once these challenges are addressed, autonomous vehicles will offer tremendous value for consumers (for example, the ability to work while commuting, or the convenience of using social media or watching movies while traveling).

A progressive scenario would see fully autonomous cars accounting for up to 15 percent of passenger vehicles sold worldwide in 2030 (Exhibit 2).

6. Electrified vehicles are becoming viable and competitive; however, the speed of their adoption will vary strongly at the local level.

Stricter emission regulations, lower battery costs, more widely available charging infrastructure, and increasing consumer acceptance will create new and strong momentum for penetration of electrified vehicles (hybrid, plug-in, battery electric, and fuel cell) in the coming years. The speed of adoption will be determined by the interaction of consumer pull (partially driven by total cost of ownership) and regulatory push, which will vary strongly at the regional and local level.

In 2030, the share of electrified vehicles could range from 10 percent to 50 percent of new-vehicle sales. Adoption rates will be highest in developed dense cities with strict emission regulations and consumer incentives (tax breaks, special parking and driving privileges, discounted electricity pricing, et cetera). Sales penetration will be slower in small towns and rural areas with lower levels of charging infrastructure and higher dependency on driving range.

Through continuous improvements in battery technology and cost, those local differences will become less pronounced, and electrified vehicles are expected to gain more and more market share from conventional vehicles. With battery costs potentially decreasing to $150 to $200 per kilowatt-hour over the next decade, electrified vehicles will achieve cost competitiveness with conventional vehicles, creating the most significant catalyst for market penetration. At the same time, it is important to note that electrified vehicles include a large portion of hybrid electrics, which means that even beyond 2030, the internal-combustion engine will remain very relevant.

7. Within a more complex and diversified mobility-industry landscape, incumbent players will be forced to compete simultaneously on multiple fronts and cooperate with competitors.

While other industries, such as telecommunications or mobile phones/handsets, have already been disrupted, the automotive industry has seen very little change and consolidation so far. For example, only two new players have appeared on the list of the top-15 automotive original-equipment manufacturers (OEMs) in the last 15 years, compared with ten new players in the handset industry.

A paradigm shift to mobility as a service, along with new entrants, will inevitably force traditional car manufacturers to compete on multiple fronts. Mobility providers (Uber, for example), tech giants (such as Apple, Google), and specialty OEMs (Tesla, for instance) increase the complexity of the competitive landscape. Traditional automotive players that are under continuous pressure to reduce costs, improve fuel efficiency, reduce emissions, and become more capital-efficient will feel the squeeze, likely leading to shifting market positions in the evolving automotive and mobility industries, potentially leading to consolidation or new forms of partnerships among incumbent players.

In another game-changing development, software competence is increasingly becoming one of the most important differentiating factors for the industry, for various domain areas, including ADAS/active safety, connectivity, and infotainment. Further on, as cars are increasingly integrated into the connected world, automakers will have no choice but to participate in the new mobility ecosystems that emerge as a result of technological and consumer trends.

Automotive & Assembly