Business Insights and Analysis

Amazon kept getting complaints – but the executive team didn’t know why, so Jeff Bezos called customer services on speaker in front of everyone… In the late 1990’s, Amazon was growing fast. Every week, Jeff Bezos gathered his leadership team for their most important ritual: the Weekly Business Review. One day, the head of customer service proudly presented a slide: “Average phone wait times: 59 seconds.” Tick - move on to the next item. Jeff paused. A number of Amazon’s customers were not happy. He knew this because he maintained and read a public email account. Customers would email him directly, Jeff would forward on to the appropriate executive with a simple “?” for follow up. But his customer service leader was saying everything was rosy. Something didn’t add up… So right there, in the middle of the meeting, Jeff did something radical: Placing the call on speaker, with the entire executive team watching, he picked up the phone and called Amazon’s customer support line… The room went silent. 60 seconds passed. Then 2 minutes. Then 5 minutes. Still no answer. After 10 minutes of hold music - still nothing. “It was a really long time,” Jeff recalled. “More than 10 minutes.” In a flash, the metric they’d been using to reassure investors and guide operations collapsed. The problem? The data wasn’t wrong – but it was measuring the wrong thing. The metric measured average wait time for answered calls, ignoring the calls that never got picked up. That one moment rewired Amazon’s entire approach to measurement, feedback, and truth. Jeff didn’t just want favorable data, he wanted reality. The result? Amazon rebuilt its customer service from the ground up - and made customer service a core part of its moat. Reflecting on that meeting, Jeff said: “When the data and the anecdotes disagree, the anecdotes are usually right.” 👉 Enjoyed this story? Subscribe for one great real life finance story a week: BizStory.co

Inside the Breach: What the 2025 Verizon DBIR Warns About Our Failing Cyber Defenses The 2025 Verizon Data Breach Investigations Report delivers one of the most comprehensive looks yet into the evolving threat landscape, and the findings should concern every organization handling sensitive data. With over 22,000 incidents analyzed and more than 12,000 confirmed breaches across 139 countries, this report isn’t just about numbers—it’s a snapshot of where cyber risk is headed and how fast it’s accelerating. From vulnerability exploits to supply chain breakdowns, the scope is global, and the risks are intensifying. One of the most alarming trends is the continued rise of ransomware, which now appears in nearly half of all breaches. Simultaneously, exploitation of vulnerabilities—particularly in edge devices and remote access tools—has surged, making up a significant portion of attack vectors. Add to this the doubling of third-party-related breaches, and it's clear that supply chain risk is no longer a future concern; it's a current crisis. Missteps in configuration and social engineering continue to haunt organizations, revealing that despite automation advances, human error still drives a majority of breaches. Perhaps most pressing is the emergence of generative AI as a double-edged sword. While it’s revolutionizing business, its unregulated use introduces massive data exposure risks. Cybercriminals are already testing GenAI in phishing and influence operations, while nation-state actors are moving from spying to full-on data theft. The message is clear: the threat landscape is growing in scale and sophistication. Organizations must act decisively—tighten access, secure credentials, enforce AI policies, and invest in real cyber resilience before the next breach strikes. #cybersecurity #VerizonDBIR2025 #trends #riskmanagement

One of the most valuable lessons I learned at Amazon was a simple question. “Is this a one-way or a two-way door?” Leaders at Amazon obsess about this. In 2016, Jeff Bezos outlined his vision for how to scale Amazon as an “Invention Machine”. The first section was on how to avoid slow decision-making. For many businesses, the need for high-velocity decision-making has never been greater. We know most decisions should be made with around 70% of the information we wish we had… but we often delay until we have 90-100%. This slows innovation. To avoid this, Bezos outlined how all decisions should be split into type 1 (consequential and irreversible) or type 2 (changeable and reversible). This approach is known inside Amazon as ‘one-way or two-way doors’. Bezos’ view was that… “As organizations get larger, there is a tendency to use the heavy-weight Type 1 decision-making process on most decisions, including many Type 2 decisions. The end result of this is slowness, unthoughtful risk aversion, failure to experiment sufficiently, and consequently diminished invention.” This simple approach has stayed with me since I left Amazon, and I highly recommend it if you want to speed up decision-making in your business.

Global economies are undergoing a massive transformation, shaped by shifts in geopolitics, culture, demographics, technology, and volatile trade dynamics. Old certainties are gone; new certainties yet to emerge. Where is Africa in this new world order? Africa, a continent rich in potential, with its youthful population, natural resources, and dynamic entrepreneurial spirit. Too often overlooked, the future of the world is going to be increasingly influenced by Africa and Africans. How can the world partner with Africa to unlock the huge opportunities present, for mutual and lasting benefit? The African Development Bank forecasts that Africa's GDP will grow at an average of 4% per year over the next decade, largely driven by entrepreneurship and innovation. With internet penetration reaching 45% in 2023, Africa is enjoying a digital revolution, opening vast opportunities for connectivity and commerce. The African Continental Free Trade Area (AfCFTA) aims to create a unified market for goods and services across the continent, and according to the IMF, it is projected to boost intra-African trade by 52% by the year 2025. Traditional trade models, which have often excluded or marginalised Africa, must evolve. AfCFTA represents a bold step towards redefining trade dynamics. By uniting 55 countries into a single market of 1.3 billion people, AfCFTA has the potential to add $450 billion to Africa’s GDP by 2035. This initiative is critical for establishing the infrastructure necessary for accelerated development. In 2022 alone, African tech startups raised a record $5 billion, a figure that continues to rise, highlighting the continent's vibrant entrepreneurial landscape. Technology is revolutionising trade and economies in ways we could not have imagined a decade ago. African innovators are creating solutions tailored to our unique challenges. Mobile money platforms have transformed financial systems, enabling millions to access banking services. E-commerce platforms are breaking down traditional barriers to trade. These statistics illustrate the immense potential Africa offers, particularly in entrepreneurship, the backbone of the continent's economic growth. However, to harness these opportunities fully, Africa's economic growth must be equitable: Africans need to get real value from their commodity supply chain by participating, barriers to agricultural exports need to be removed, the impact of climate change acknowledged by the polluters: and inclusive: benefiting women, youth, and marginalised communities. With over 60% of its population under the age of 25, Africa's youth represent a vast reservoir of talent and creativity. Yet, women entrepreneurs face particularly significant barriers in accessing capital, markets, and networks, while our young grapple with high unemployment rates. Read my full op-Ed on Africa’s Economic Potential👇🏼 https://lnkd.in/dZQeCz4T

Africa has too many small businesses, and too little business."  A few months ago, The Economist said this and it stuck with me.   #Africa is the only continent with no company on the Forbes Global 2000. We have just 60% of the large firms you’d expect, given the size of our economies. Why? Are we less talented? Less ambitious? No. But we do face structural roadblocks. Here’s what we hear all the time:  Lack of access to finance. Lack of access to markets. #Finance Want to start a business? Collateral + 20% interest rates. Manage to grow? You’re lucky if you get paid within 90 days. And yet, Kenyan banks are thriving.  NCBA Group just reported profits of KSh 61.8B (~$460M). So we have money — just not for businesses that create jobs and value? #Markets: -Flights within Africa cost $400–$1000. Cheaper to fly to Dubai or Europe. - It’s easier to ship goods from China to Kenya or Uganda than between our own countries. -54 countries = 54 licenses. One continent, but no real single market. -Even our trade payments go through the US dollar, costing us $5B every year. And yet, we have the tools: AfCFTA – continental free trade SAATM – single African air transport PAPSS – Pan-African payment system But we haven’t activated them at scale. So what now? Global systems are skewed. Capital is more expensive. Risk is exaggerated. But we’re not powerless. Individually, we are weak. But collectively, Africa is strong. Let’s stop waiting for  international governments or donors to save us.  Can we build trust, work as pan-Africa, drop the ego, and prove The Economist wrong again?

𝗛𝗼𝘄 𝘁𝗼 𝗯𝘂𝗶𝗹𝗱 𝗦𝘂𝗰𝗰𝗲𝘀𝘀 𝗶𝗻 𝗠𝗲𝗱𝗶𝗰𝗮𝗹 𝗖𝗮𝗻𝗻𝗮𝗯𝗶𝘀. 𝗪𝗶𝘁𝗵𝗼𝘂𝘁 𝗕𝘂𝗿𝗻𝗶𝗻𝗴 𝗖𝗮𝘀𝗵 𝗼𝗿 𝗖𝗿𝗲𝗱𝗶𝗯𝗶𝗹𝗶𝘁𝘆 Start with the Patient, Not the Plant Medical cannabis is medicine, not wellness or lifestyle. Your product must serve a real need consistently & safely, backed by data. Understand patient journeys, work with clinics & doctors, & embed yourself in the healthcare system, not outside it. Build GACP First, Then EU GMP or Equivalent Too many try to chase EU GMP without mastering GACP. Good Agricultural & Collection Practices are about how you grow. EU GMP is for post-harvest processing & pharma-grade quality control. Get the basics right, document everything, & then scale. Make Regulation One of Your Strengths If you don’t understand the regulatory landscape, you don’t have a business. Know your country’s cannabis laws, narcotics classifications, export rules, & patient access pathways. Compliance is not a department, it’s part of your product. Never Outsource Your Integrity There will be pressure to cut corners, overpromise, or take shortcuts. Don’t. One contamination, one false claim, one deal with a bad distributor and your business collapses. In cannabis, reputation takes years to build and seconds to lose. Trust the Local Team If you operate in another country, listen to the people on the ground. Local growers, engineers, regulators, and logistics teams know more than a remote HQ ever will. Many failed projects stem from ignoring local intelligence. Control the Supply Chain Medical cannabis isn’t just about growing. It’s about controlling drying, processing, lab testing, packaging, export clearance, & more. Own your chain or verify every part of it. You cannot afford surprises with patient-use products. Avoid Chasing the “Next Big Thing” There’s always a new hype, CBD for pets, infused snacks, luxury creams. These trends rarely survive strict medical regulation. Stick to your core business. Deliver clean, consistent, compliant flower or extract. Then grow. Document Everything This industry runs on traceability. You need clean SOPs, batch logs, validated results, cultivation records, & patient outcomes. If it’s not documented, it didn’t happen. If it’s not auditable, it’s not exportable. Raise the Right Money Work with investors who understand the timelines and risks. You need partners who can handle a 3 to 5-year return horizon and still back compliance over short-term revenue. Misaligned finance will kill your project faster than pests. Know When to Say No Sometimes the smartest move is to walk away. If the laws are too grey, your partners untrustworthy, or the facility isn’t ready, pause. Medical cannabis must be built with discipline and maturity. Forced projects fail. Focused ones succeed. Please ask me how to build or fix your cannabis business if you are unsure, stuck, or scaling. I’ve worked in this space for 9+ years, and I have seen what works and what wrecks good ideas.

The most revealing insight in the 2025 Verizon Data Breach Investigations Report isn't what it says about AI security—it's what it doesn't say. The report documents that 15% of employees routinely access commercial GenAI platforms, with 72% using non-corporate emails and 17% using corporate emails without proper authentication. It shows synthetic text in malicious emails doubling over two years. It reveals third-party involvement in breaches exploding from 15% to 30%. But scan all 104 pages for insights on security incidents involving locally-deployed AI systems, and you'll find... nothing. It's all about cloud AI. This is our current AI security reality: visibility into cloud AI risks but a complete blind spot for local AI deployments. Not because these systems are inherently more secure, but because we haven't built the monitoring capabilities and expertise to detect and report on these incidents. The DBIR shows exploitation of vulnerabilities as an initial access vector grew 34% to reach 20% of breaches. Without proper monitoring of local AI systems: 💥 How will you detect similar exploitation patterns in your internal AI deployments? 💥 What visibility do you have into the 46% of non-managed devices with corporate logins that the report identified as particularly vulnerable? 💥 How will you assess whether your local AI systems face the same authentication weaknesses documented in cloud platforms? Perhaps most critically, the monitoring gap reveals a skills gap. The security leaders who will thrive in the coming years are already building teams that can: 💥 Develop detection and monitoring capabilities for AI systems regardless of deployment model 💥 Apply the DBIR's lessons on credential security (credential theft present in 54% of ransomware victims) to all AI deployments 💥 Translate cloud AI security learnings to local environments and vice versa Forward-thinking Australian security leaders can address this monitoring asymmetry by: 💥 Developing consistent visibility across all AI deployments 💥 Creating security architectures that apply AI security lessons and BPs across deployment models 💥 Building teams with cross-domain expertise in AI security 💥 Sharing intelligence to create industry-wide visibility into the current blind spot The DBIR's silence on local AI security isn't a reason for complacency—it's a call to action. Local AI deployments have tremendous value, not to mention no vendor lock-in and building your teams capabilities and talent. You might not think you need an AI security strategy today, but by the time next year rolls around, you'll need to have a compelling narrative about why you don't. #AISecurityStrategy #DBIR2025 #SecurityIntelligence #TalentDevelopment

🥁 Just published: latest "MOD trade, industry and contracts 2025" 🥁 Freshly updated and reissued last month, these statistics remain, to my mind, the most useful official Government guide to understanding the overall commercial shape, size and potential of the MOD market, especially its main suppliers. This new edition should also prove something of a litmus test/benchmark in the years to come as the effects of the new Defence Industrial Strategy begin to turn the needle on the nature, identity and balance of the MOD's supplier base evident in these stats. Figure 5 reproduced below from the main document (see link below) - "Holding Companies Paid £100 million or More by MOD in 2024/25" - is especially graphic/pertinent, as perhaps are the following bullets: ◼️ £40.6bn paid by MOD core to UK and foreign owned organisations in (excludes FMS) ◼️ £20.9bn, the value of new contracts placed, an increase of £4.7bn - and 85 contracts over 2023-4 (both provisional figures) ◼️ 45%, the percentage of MOD core department payments through non-competitive sourcing in 2024-5; but provisional data suggests that 49% of new contracts were awarded through non-competitive sourcing, the highest level of single sourcing since 2015-6 ◼️ The top 18 MOD suppliers received around 50% of total procurement expenditure, over 39% with just 10 suppliers. Those "Top 10" are unchanged from the last stats; they are in order of revenue: BAE Systems, Babcock, Rolls-Royce, QinetiQ, Leonardo, Airbus, Thales, Leidos, Serco, Boeing. ◼️ No fewer than 438 organisations were paid more than £5 million by MOD ◼️ MOD placed c.560 new contracts with SMEs in 2024-5, with a collective value of c.£941m. This represents a decrease of about 10 contracts and £213m compared to 2023-4. Roll on the Defence Small Business Growth office in the New Year. For full details, with all the relevant data tables, view https://lnkd.in/eDMT4Whe Please note that MOD promises fresh defence export data in early 2026 - and that the usual section on major equipment projects has been omitted, pending the publication of the Defence Investment Plan this autumn. #MOD #DefenceIndustrialStrategy #UKdefenceprocurement #UKDefenceIndustrialBase #Makingdefenceanengineforgrowth #officialstatistics #DefenceDividend #UKDefenceMarket #DefenceInvestmentPlan

The 2025 Verizon Business Data Breach Investigations Report (DBIR) is here, and it delivers critical insights into the shifting cybersecurity landscape. For Enterprise and Public Sector business decision-makers, understanding these trends is crucial for protecting your organizations and the communities we serve. Here are some key findings from the report that rose to the top for me: - Exploitation of Vulnerabilities Surges: A 34% increase in vulnerability exploitation, with a focus on zero-day exploits targeting perimeter devices and VPNs, demands heightened vigilance and proactive patching strategies. - Ransomware Remains a Persistent Threat: Ransomware attacks have risen by 37%, now present in 44% of breaches. Enterprise and Public Sector entities must bolster their defenses and incident response capabilities. - Third-Party Risks Double: Breaches involving third parties have doubled, highlighting the critical importance of supply chain security and robust vendor management programs. - Espionage-Motivated Attacks Rise: We're seeing an alarming rise in espionage-motivated attacks in sectors like Manufacturing and Healthcare, as well as persistent threats in Education, Finance, and Retail. Public Sector entities are also at risk. - Credential Abuse Continues: Credential abuse remains a leading attack vector, emphasizing the need for strong authentication, multi-factor authentication, and continuous monitoring. For Enterprise and Public Sector organizations, these findings underscore the need for a multi-layered defense strategy, including: - Robust Vulnerability Management: Implement timely patching and vulnerability scanning. - Enhanced Security Awareness Training: Address the human element and reduce susceptibility to social engineering. - Strengthened Third-Party Risk Management: Thoroughly vet and monitor vendors and partners. - Advanced Threat Detection and Response: Invest in technologies and processes to detect and respond to threats quickly. The 2025 DBIR provides actionable insights to help us navigate these challenges. To dive deeper into the findings and learn how to enhance your organization's security posture, visit: https://lnkd.in/eXdHUYVM #Cybersecurity #DataBreach #EnterpriseSecurity #PublicSector #DBIR #Ransomware #ThreatIntelligence #VerizonBusiness #PublicSectorSecurity Verizon Jonathan Nikols | Daniel Lawson | Robert Le Busque | Sanjiv Gossain | Maggie Hallbach | Don Mercier | Chris Novak | Alistair Neil | Ashish Khanna | Alex Pinto | David Hylender | Suzanne Widup | Philippe Langlois | Nasrin Rezai | Iris Meijer

Let’s just start and see where it goes. It sounds agile. It feels lean. But for SMBs, it’s often the reason projects stall When you're working with limited time and team capacity, direction matters more than speed. That’s why I borrow a principle from Amazon’s playbook: Working backwards. At Amazon, before any team writes a line of code, they write a press release. Not for marketing. For focus It forces one hard question upfront: If this succeeds, what will the customer actually experience? Now imagine what that unlocks for your business: → No more “building for the sake of building” → Clear decisions anchored to outcomes → Alignment without 50 meetings How do we adapt it for smaller teams: ✔️We skip the fluff, no decks, no endless planning ✔️We write a simple customer story that defines success clearly ✔️We avoid corporate jargon, just real language and real outcomes ✔️We reverse-engineer from the goal to decide what’s actually needed ✔️We align fast, so small teams don’t waste time chasing the wrong thing Example:Project: Improve client handoff process →Instead of “Improve client handoff,” We write: “Clients say the new handoff is so smooth, they felt taken care of from day one. Suddenly, everyone knows what we’re aiming for. And what not to waste time on. Because when you're small, clarity isn’t a luxury. It's your strategy. 👉 Want to test this with your next project? DM me, I’ll show you how we do it