A legitimate concern for customer loyalty and fear of cyber risks can combine in a customer-centric business strategy that protects both the company and its clients. Protecting the customer’s sensitive information should be treated not only as a compliance task needed to complete the audit processes, but as a core responsibility.
The most unpredictable risk for any company, such as cyber breaches or data leakage, can be turned into an added-value strategy and a marketing differentiator that shows customers they represent more than a simple figure influencing the market share.
A recent survey of 1,278 CEOs in nine industries in Australia, China, France, Germany, India, Italy, Japan, Spain, the UK and the US places security as a strategic opportunity to connect with customers, as a vast majority of CEOs are concerned about their customer loyalty, keeping pace with new technologies and the relevance of their product or service in the next three years (86, 72 and 66 percent respectively). Simultaneously, half of the CEOs report they are not fully prepared for a cyber event. Yet cyber security was named by 20 percent of respondents as one of the top five risks - right behind the related issues of third party and supply chain risks. For technology firms, information security edged out all other risks as the most pressing threat.
“Regulations around cyber security could potentially change the commercial and technical dynamics of a global business, as well,” Sai Venkateshwaran, KPMG Partner and Head of Accounting Advisory Services in India says in Global CEO Outlook. “The regulatory focus around defense and industrial protection affects where a company can operate. It’s no longer about meeting regulations to continue operations. These are things that could actually change the economics of doing business in certain places.”
As Malcolm Marshall, KPMG’s Global Head of Cybersecurity, comments, “the most innovative companies have recognized that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed.”
Many CEOs may believe they are well prepared for a cyber event because they have invested heavily in detecting and preventing an attack, says Greg Bell, KPMG’s US Cyber Leader. “You still have to demonstrate due care on prevention,” he says, “But until recently, there has been too much attention focused on prevention and not enough on protection and response.” According to Marshall, “Cyber is an enterprise and operational risk that has a habit of also hitting reputations hard. I think most customers and investors are willing to forgive a company that suffers a cyber-security incident, they recognize that perfection is a difficult goal to achieve.” However, they are much less tolerant of a poor response.
Failure to act decisively when customer, investor and staff interests are at stake can cost a business dearly, and cost senior executives their jobs, the report shows.
Marketing departments can get the upper hand by focusing on the potential results from continuous upgrades of standards in IT security compliance protocols. The cyber arms race can become a differentiator in the market, especially when the customer care focus becomes part of a solid investment strategy designed to protect personal data. In a fully-connected world where technology influences all industries, customers appreciate when companies show commitment to secure any sensitive data and take steps to reduce risks of data exposure.
“Companies under stress from a cyber incident are like families under stress – the strong ones come together and those that aren’t, can fall to pieces under the pressure,” Greg Bell adds.
Following a breach, CEOs can’t focus on operations because they’re distracted by the blowback, says Bell. They may even have to stop part of their operations while they try to remediate the issue. And then they’re dealt with an aftermath of complicated regulatory impacts and lawsuits. The nature of cyber breaches is changing, said Marshall.
“Historically organizations have prepared against data disclosure and breaches of confidentiality. (…) Essentially, we are living through a cyber arms race and what we are seeing is that the bad guys are continuing to innovate. The good guys need to outrun that innovation. (…) Even where companies are aware of breaches that don’t involve personal data, they are often reluctant—or prohibited by law enforcement—to disclose the extent of their losses, says Bell. However, some of the most profound changes include turning cyber preparedness into a competitive advantage rather than a cost, building security into new products and services at the design stage and realizing that cyber security is not simply an IT issue,” the document says.
The cyber race is a main trigger of adding chief information security officers to the decision-making processes and becoming more important in companies’ hierarchies. CEOs and board members face increasing internal and external security risks that could violate customers’ trust and ruin business forecasts, as Business Insights has previously noted.
Three quarters of technology executives expect their companies to spend 1% to 5% of their revenue on IT security over the next 12 months. Security and risk management are the biggest challenges for businesses adopting mobile technologies, the cloud and the Internet of Things.