This is the latest in a series of posts featuring CCO stories, examining their priorities and challenges and sharing their experiences.

Imagine what would happen if your organization considered forbidding the use of Google Analytics. Now, catch your breath. 

For Ulrike Haugen, EVP and CCO at Norway-based DNV, this was at one point a real possibility. “I almost had a walk-out by my digital team,” she said. No kidding. Although Google Analytics may carry risks that Legal might find intolerable, Ulrike helped the lawyers understand that if configuring the tool with personal data protection in mind the risks presented by data protection authorities were mitigated. Risk is a priority on her agenda, and she has established processes to ensure that Google Analytics is compliant with EU’s General Data Protection Regulation (GDPR). 

Ulrike is an ideal fit as CCO. She’s a lawyer by training, which gives her an advantage when dealing with risk and working with her counterparts in Legal. “The legal background has taught me to be curious, to continually remain up to speed,” she said. She worked for renewable energy companies early in her career and went on to ABB to be the head of marketing and communications for its maritime business. In 2017, she joined DNV, a 160 year-old company with 13,000 employees, which is itself in the business of risk management and assurance with a focus on the energy and maritime industries. It provides certification, technical advisory and digital solutions to help companies manage risks for the purpose of safeguarding “life, property and the environment.” 

As a function that safeguards trust and manages public perceptions, CCOs are in the business of risk already. But recently that purview has gone beyond conventional reputation and crisis risk. Stakeholder capitalism is about understanding and addressing the concerns of all of an enterprise’s stakeholders, and consequently the risks of not doing so (though this work is just as valuable in revealing new opportunities, as well). ESG and sustainability both have dimensions of risk mitigation. CCOs are increasingly involved in managing an expanding set of risks like geopolitical issues, supply chain resiliency, employee concerns and government/regulatory interventions. 

Ulrike’s role is prototypical in this regard. Her remit includes ESG and sustainability, as many CCOs’ now do. “Those requirements have hit companies like a tsunami,” she said. “The reporting requirements are immense, but we’ve also set ourselves ambitious targets.” DNV intends to become carbon net positive by the end of 2025. This includes setting a goal to cut staff travel, the company’s main source of emissions, by 35% this year compared to pre-pandemic levels. “We actually managed to reduce emissions generated through travel by more than 50% last year,” Ulrike said. Her team is creating governance processes and guidelines for employees, working with travel agents and airlines to advance and sustain these efforts. 

They’re also engaged in offset projects, and not just planting trees. “We’re doing a project on seaweed carbon capture solutions, growing sugar kelp off the coast of Norway. It captures carbon through photosynthesis just as trees would on land,” she explained. “After around six months the seaweed has captured its maximum capacity of CO2, so it is harvested for processing for carbon storage..” They’re also looking into direct air capture solutions and planning to use 100% renewable energy in their offices. “Only buying offsets is basically greenwashing. We want to be proactive and have a real impact.”

I asked Ulrike about the risks that concern her most, and while the ones above are on the list, she’s sharply focused on cybersecurity. She organizes all of what one would expect of a strong crisis response capability, including drills and scenario planning. Her company has access to sensitive client information and safeguarding it is a top priority. In fact, as this post was being written she reached out about an attack that the company successfully contained, the latest example of this persistent risk and the essential value of crisis communications preparedness. 

Similar to the Google Analytics near-miss, Ulrike is now engaged in an internal debate about her company’s use of TikTok as a channel to reach a younger audience about the energy transition and to attract new talent. As a lawyer she’s got reasonable concerns about how the company’s data will be used, but she also knows the stakes. “I look at my son and I know that we can’t just rely on mainstream media and social channels like LinkedIn and Twitter, that we have been working with for years,” she told me. “We have to accept and embrace the reality that younger generations are on different platforms.”

Ulrike’s global perspective is evident in her love of languages, of which she speaks six and understands at least two more. She loves to travel, especially to Berlin — a favorite city of hers that she believes is underrated. “It’s got artists and startups, and the clubs have no closing hours,” she said. “It’s an amazing history of the reunification of a city.” I appreciated that a communicator would be drawn to a place that was once divided but now exists as a demonstration of the power of bringing people together. 

The CCO as risk manager: Ulrike striving to keep the Leaning Tower of Pisa safe Ulrike enjoying the view in front of DNV's headquarters near the Oslofjord