Application Modernization Strategies to Meet the EU CSRD Regulations
The EU’s new Corporate Sustainability Reporting Directive (CSRD) has thrown a chill on the business processes of organizations: Companies must modernize their applications and data foundations to enhance their reporting capabilities.
The struggle of companies in Europe to comply with the CSRD was on display at the ChangeNOW global summit, held in Paris at the end of March. Participants at the event — which seeks to map sustainable initiatives, best practices, tools, and technologies — revealed that organizations are lagging when it comes to implementing CSRD.
This is in line with results of IDC’s recent European IT Services Survey (N = 700), which found that just 25.6% of European organizations expect to deploy tech to improve sustainability KPIs as a transformation initiative in the next two years.
The CSRD is having a huge impact on organizations: It imposes reporting standards that compel organizations to publish their ESG information, which must then be verified and audited. All industrial sectors, from large accounts to SMBs, are subject to a staggered compliance timetable: The first reports must be published between 2025 and 2026 for large accounts, and in 2027 for SMBs.
Everyone agrees on one point: It’s a race. The timetable is forcing the acceleration of activities in data collection and qualification, methodologies and best practices, to structure and industrialize the creation of these reports.
CSRD weighs heavily at all levels of organizations. It requires a review of business processes and the organizational model, and, therefore, the modernization of core business applications — where the data is. New platforms or custom developments may need to be deployed to consolidate ESG data.
After examining their data lakes and the shift toward new data architectures, many businesses perceive this as a transformational endeavor.
Like any IT project, such complexity brings opportunities for services providers to support organizations with compliance. IDC surveys have shown that 41.2% of organizations expect partners to play a key role in implementing their sustainability strategy and achieving their objectives.
The Scaling Problem of Legacy Finance
Let’s examine where CSRD creates a bottleneck. Among the processes impacted by the CSRD is that of the finance department. Today, the CFO is one of the guardians of the transformation of the finance function, whose scope has been extended to non-financial matters and CSR.
For example, the French bank Crédit Agricole and cosmetics specialist L’Oréal have entrusted the finance department with their CSRD projects. Experienced in standardized financial reporting, the CFO has the difficult task of reproducing and improving processes by integrating CSRD.
Logical, but still difficult to implement. One of the biggest challenges is getting the different personas impacted by CSRD — and the associated data — to sit at the same table to find the right communication channel and vocabulary to communicate.
These human interconnections represent a real challenge in terms of governance but are necessary to deploy an application modernization strategy and convert the new operational model and business processes into a revitalized IT structure.
Financial IT systems are often very mature. CSRD requires them to scale rapidly to support new workloads in only three years. This includes related data initiatives: the mapping of data sets, the overcoming of information silos, increasing automation, and supporting heterogeneous files (PDF or Excel, for the most part).
The legacy must be modernized within the timeframe of the CSRD. But urgency means risks must be controlled. For example, misunderstanding the regulation and the requested data could have a negative impact on technological engagements and procurement.
Using GenAI to modernize legacy applications and make them “CSRD ready” has been explored to collect, map, and consolidate data, generate appropriate information for criteria, or automate the storytelling inside the CSRD reports.
Capgemini has detailed how GenAI could accelerate gap analysis and identify which data is lacking and which data is relevant for presentation. L’Oréal discussed how it believes that GenAI is key to education and acculturation on the criteria and wording of the regulation.
This scenario is in line with our vision for application modernization strategies in Europe.
The implementation of the CSRD — and, by extension, the major theme of sustainability — represents a powerful driver for adapting processes, revitalizing part of the application estate, and establishing a coherent link between IT and new business requirements.
Revitalizing applications to optimize business processes is a key theme of IDC’s European Application Modernization Strategies research program.
Modernize with a Sustainability/ESG Integration Platform
The challenges include making the regulation a starting point for a more global strategy, and placing CSRD and sustainability at the center of the organization’s decision-making and business innovation.
We believe this requires building an enterprise architecture, including modular and loosely coupled components, to integrate systems, applications, and data in a flexible and sustainable way over time.
Such a sustainable integration platform will de-silo business applications, facilitate the continuous collection of data, the industrialization of analytical reporting, and the connection to ecosystems. In short, it means building a dynamic CSR link in the value chain and anticipating the evolution of reporting obligations.
Ransomware in EMEA - The Threats and Defenses
Ransomware attacks have been one of the most high-profile scourges of business over the past decade — and the threat shows no signs of abating. If anything, it has become more prevalent as “ransomware as a service” has lowered the entry barrier for threat actors.
Innovation by cybercriminals keeps security teams on high alert. When governments and security agencies advise organizations not to pay ransom, attackers may switch to extortionware approaches.
Or, sticking with ransomware, they may use AI to augment their capabilities, refine their lures, automate attacks, or hit hundreds or thousands more organizations than they would have been able to previously.
This Is Going To Hurt
According to IDC’s Future of Enterprise Resilience Survey, conducted in November 2023, 63.4% of EMEA organizations with 500 or more employees suffered a ransomware attack that blocked access to their systems or data in 2023.
Which assets are being impacted? According to the survey respondents, the most frequently impacted resources were collaborative applications (37%) such as MS 365 or Google Workspace. These were followed by virtual or physical servers (35%) and public cloud IaaS and PaaS (also 35%). For 34% of organizations, ransomware attacks impacted their partner, supplier, or customer systems.
These impacts reflect the infrastructure and environments in which most modern organizations operate: cloud-based infrastructure and platforms running cloud-based collaborative applications on enterprise licenses for cost efficiency and productivity, often within broader digital ecosystems to enhance operational efficiency.
Targeting what has become the critical infrastructure for operational capability gives cybercriminals the greatest leverage over their victims. The hackers strive to ensure there is no choice but to pay the ransom.
The Best Defense is… Multi-Layered
Despite the rising volume of attacks, more than one-third of the surveyed organizations stated that no ransomware attacks had managed to block access to their systems or data. These organizations highlighted some of the key technologies that helped them detect the attacks before the malware was able to deploy.
The most frequently cited tool was a cloud security gateway/cloud access service broker (CASB, 30%). This aligns with the operational environments described above, placing protection where it is needed most. Deploying a CASB provides visibility and control over cloud environments and assets, enabling quicker detection and containment of potentially malicious activity.
Threats can come from within the organization as well as outside. A further 26% of respondents said they used specific security analytics aimed at detecting insider threats. The third most common response was SIEM systems (25%), which help by correlating data from multiple sources to identify suspicious patterns and anomalies before an attack. Organizations also mentioned that NDR, identity analytics/UEBA, and EDR helped with detection.
Fundamentally, there is no single technology that is a silver bullet against ransomware. Effective protection depends upon a layered approach that aligns security controls to the environment, infrastructure, and processes of the organization.
As attacks grow more prevalent, fueled by ransomware as a service and AI-augmented attack campaigns, EMEA organizations need to be on their guard with a mix of technologies to detect and contain malware payloads before they can be deployed.
8 Future of Work Trends for 2024 and Beyond
End Users Tell IDC About the Trends
Changes are occurring in the work environment that can no longer be ignored or dismissed with superficial comments like, “This is how things are evolving, so you need to accept them.”
In this day and age, the full employee experience package must be nurtured. Sharp attention must be paid to the demands of younger employees entering the work environment.
The statements above are some of the thought-provoking perspectives that technology end users voiced to IDC during deep-dive discussions at IDC’s Future of Work and AI Summit in London and our Future of Work Summit in Milan. During these events, both of which occurred in March, IDC held free-ranging conversations with more than 100 Italy- and U.K.-based IT and HR experts who work in industries including education, manufacturing, finance, and healthcare.
The talks revealed 8 Future of Work trends that are likely to impact workspaces in 2024 and beyond.
- Using Tech to Boost Productivity and User Experience in Hybrid Workspaces: The experts IDC spoke to supported greater technology adoption, including of intuitive technologies, to unlock productivity improvements and help employees close digital skills gaps. They emphasized the need for workplace cultural change, including clear communication to employees on the benefits of new technologies. The experts noted that hybrid working models will require organizations to redesign office spaces to enable digital parity between remote and onsite workers.
- Assessing AI’s Impact on the Workforce: The experts were generally of the view that AI and automation will make a positive impact on processes, employee productivity, and innovation. Organizations should make upskilling a priority, as new skills will be required to advance these technologies. Attention must also be paid to the EU’s new Artificial Intelligence Act, which demands greater transparency and traceability of AI initiatives, as well as contains requirements around removing bias that could be fed into large language models (LLMs).
- Ensuring Cybersecurity in Flexible Work Environments: Cybersecurity remains critical, especially for organizations that employ remote workers and/or employees who split time between working at the office and at home. IDC’s discussions pointed to the need to deploy multiple layers of safeguards, such as cryptography and virtual desktops, to safeguard data and assets connected to the organization’s networks. Regardless of their location (i.e., home or office), workers must be continually trained on cybersecurity and on how to protect IT and OT data in converged environments.
- Leveraging Data, Automation, and Innovation to Build Intelligent HR: When applications are being created, employees in different functions may not have the same understanding of the processes that need to be designed. A pivotal initial step to ensure user adoption is to make certain that all involved share the same understanding of goals and processes. The IT function, for example, should not spend time developing solutions that will not ultimately serve user needs efficiently and effectively. A complicating factor is that many organizations are still stuck with legacy solutions that hinder technological advancement. Governance is another challenge. Many organizations are struggling to develop and implement processes that guarantee clean and ready data for use in AI and GenAI applications.
- Fine-Tuning Hybrid and Flexible Work Models: Hybrid and flexible models require a high level of employer trust in workers’ ability to be productive if not in the office. Some of the experts IDC spoke to indicated that many in Italian senior management remain skeptical about the benefits of work-from-home policies and continue to demand that their workforces return to the office. On the workforce side, there is growing demand for objectives and detailed KPIs. In general, the experts regard hybrid and flexible working models to be at least as productive as office-only models — in some cases more so. Flexible working models can be critical to help ensure employee engagement, especially for those who are caregivers, a parent, or members of the younger generation.
- Boosting Employee Engagement and Retention: Companies can utilize multiple levers to improve employee engagement and retention. These include fostering in-office/in-person connections, team building, and providing clear and continuous feedback to employees from the top to the bottom of the organization. The role of technologies in such initiatives is pivotal. Employees, for example, are usually happier and more engaged if they are satisfied with the technologies used in their workplace. The experts at our meetings also told us that the expectations of the incoming generation of workers are driving organizations to reshuffle their employee engagement priorities and requirements.
- Connecting the Future of Work and Sustainability: Organizations in the U.K., Ireland, and Italy are increasingly responsive to environmental, social, and governance (ESG) priorities. Much effort and resources are being invested in the “E” component as companies act to shrink their carbon footprints, for example, by shifting to more carbon-neutral cloud solutions. Initiatives connected to the “S” component are raising organizational awareness of issues like gender parity, inclusion, digital accessibility, and community commitment. “G” components focus on the R&D and implementation of technologies to collect and analyze reporting data. To meet their ESG commitments efficiently, companies are seeking to onboard sustainability experts across all organizational levels.
- Analyzing How Skills and Talent Are Evolving: Organizations continue to struggle to find employees with the skills to help the company stay abreast of new technology and innovations. On one hand, we see AI boosting productivity and making some tasks and jobs obsolete. On the other, there is rising demand for humans with the “hard” technical skills to effectively manage AI and connect AI with humans. Demand is also rising for humans who possess the “soft” skills to manage the creativity and needs of human employees. Employees who can effectively fulfill these roles will be highly valued and rewarded.
Many of the above points are succinctly summarized in IDC’s Human-First Future of Work Framework, which is based on five pillars that are essential for any business seeking to build a sustainable, human-first work environment.
Interested in a deeper understanding of the issues discussed here? Contact IDC’s Future of Work Team or connect with us on LinkedIn for live updates from the EMEA Xchange Summit in Malaga on April 15–16, 2024.
A Glimpse into the Future for European Digital Natives
Digital-native businesses’ (DNBs) deal-making, valuations, and exit activities were all down in 2023 in the European venture market, according to Atomico’s The State of European Tech 2023. A market return to form that, however, can be considered a worldwide phenomenon.
The key fundamentals that led to a downturn in the funding environment in the last two years are still in place. Limited partners are still cautious about providing more money to the venture capital (VC) ecosystem, due to persisting macroeconomic and geopolitical uncertainties. With difficulties continuing in the funding environment, the number of exits is expected to remain limited in the short term, in favor of M&A and consolidation.
With all this as a backdrop, what will 2024 look like for European DNBs?
From AI to Sustainability Technologies: Where Is the Money?
European venture capitals hold a consistent amount of dry powder due to this lack of activity, which could be invested in selected deals this year. A 2024 rebound is expected in the event of a cut in interest rates, which could lower risk perception from limited partners. If only 10 new unicorns (privately owned companies with valuation above $1 billion) were created in Europe in 2023, down from 46 in 2022, with an upturn in deal-making activities we expect a larger number of DNBs to join the unicorn cohort.
European Artificial intelligence DNBs are expected to be at the forefront of investors’ interest again in 2024. As focus on deals from VCs and corporate VCs in 2023 was on large language models (LLMs), deals will most probably shift toward AI vertical applications. With regulations such as the EU AI Act coming into effect, investment will also shift toward start-ups and scale-ups focused on AI security and privacy.
Sustainability technology DNBs, from carbontech to climatetech, dominated capital flows in 2023, and the segment is expected to attract more capital in 2024 too, with climate change a key topic on European (and worldwide) leaders’ agendas, as demonstrated by the outcomes of COP23. Furthermore, tech start-ups growth in Europe is also sustained by national and EU stimulus funds, such as the European Innovation Council (EIC) work programme 2024, which allocates €1.2 billion for strategic technologies and scaling up companies in deep tech innovations, from spacetech to quantum technologies.
How Will External Conditions Shape European DNBs’ Technology Investments?
Uncertain market conditions push digital natives to reprioritize their tech spending toward optimizing processes and increasing profitability, but tech expenditure will not be cut, as it is essential to sustain their digital-based business models. More specifically, security technologies and cloud platforms are pivotal investments to develop secure and scalable digital products and services, whereas increased focus on AI and automation technologies is set to make larger DNBs leaner and more cost effective. Data infrastructure, integration, and quality investments would be still pivotal to boost wider AI adoption, targeting customer experience initiatives as well, with the aim to retain and enlarge the existing customer base.
Want to know more? You can find these and other key trends driving the European DNB landscape, in IDC’s 2024 Digital-Native Business Trends or by getting directly in touch at mlongo@idc.com.
