Customer-centric business strategies should focus not only on satisfying clients’ needs and delivering the best products or services in the market but also on securing the sensitive data of those who trust buying from you. Managers know how difficult it is to earn customers’ trust and how easy is to lose it by committing a major mistake such as exposing all their habits.
Most articles in the business media place the customer in the middle of all activities, plans or strategies the C-level suite undertakes. A customer-centric strategy means not only design of quality products and services considering customer needs and optimizing how the company interacts with its customers, but also protecting customers from all physical or technological risks. Knowing that 2015 brought 38% more security incidents than 2014, businesses started embracing a more collaborative approach to cybersecurity – as analysts say, it is no longer a matter of if such a breach will happen, but more a matter of when it will happen and what you can do to detect such breaches faster, remediate the effects, and analyze what occurred to avoid a similar incident in the future.
Until now, businesses have focused on delivering high quality products at a competitive price and staying ahead of the competition. Then, they started tracking their activity and developed special tools to provide special post-purchase experience – customer-care departments, loyalty & retention campaigns and targeting for different buyer personas. However, recent incidents have shown that major security breaches are more likely to occur, and that many thousands, or even millions, of customers may have personal data exposed, or become subject for blackmail as a result of ransomware attacks.
In the seven largest breaches discovered in 2015, hackers stole more than 193.4 million personal records. Following breaches at health insurance companies such as Excellus BlueCross BlueShield and Premera Blue Cross, as well as the breach at VTec (one of the world's leading supplier of corded and cordless phones and electronic learning toys) personal information of 32.3 million users was exposed, including names, birth dates, social security numbers, member identification numbers, bank account information, passwords, IP addresses, download history, home addresses, ID and driving license information. Excellus BlueCross BlueShield had hackers gaining access to its information systems since December 2013, while Premera Blue Cross attack started in May 2014. For many months, or even years, hackers had access to their customers’ data, including access to sensitive information. The VTech breach was the first cyberattack that targeted children’s data.
Security researchers forecast that new vectors of access to company information systems will be exposed to hackers in coming years as more companies deploy sensor-based devices connected to their networks and machine-to-machine technologies. This type of equipment typically lacks the fundamental security safeguards of traditional enterprise IT, exposing a larger surface for threat actors looking to penetrate their systems and exploit data, or just to disrupt operations and compromise the integrity of products and services. Forward-thinking companies are beginning to see the need for improved common privacy and cybersecurity standards that can protect businesses and customers, and help earn user trust. IoT stakeholders would have to create and adhere to a privacy framework that addresses issues such as tested security controls, a common data format, policies for collection and use of customer data and appropriate disclosure controls.
Companies should invest more to secure their infrastructure and protect their employees and customers’ personal data, even if it brings no immediate return-on-investment or immediately visible positive effects. Internal and external security risks can ruin customers’ reputation and jeopardize their business forecasts. Showing, with more than just words, that you manage a forward-thinking company that cares about its customers could be a great differentiator from your competitors.
Companies are increasingly aware of the possibility that a security breach will occur, presenting risks also to their reputation. What we see in practice is that, every time a known player in a particular industry is breached, the following week (not month!) other companies in the same industry start to look for new security solutions, on a global scale. Large US-based companies, most of which are listed on a stock exchange, react faster than others, being sensitive also to events in Europe such as the media breach of a known TV station in France or hackers being responsible for keeping on the ground for several hours the planes of a reputable airline as they breached one of their operation system; following such events similar companies in the US start to asses an improved end-point protection solution for their virtualized server environment.
News of all these events contributes to increased public awareness, with more and more people better understanding the security threats and the general information security landscape. As a result, these people, who are also customers, better understand what companies can do as due diligence to protect their data, generating demand for better information systems security solutions. It is no surprise then that, when such companies ignored industry standards, or didn’t take all necessary precautions, we will see their reputation plummet and their CEOs resign.
Another interesting aspect is the increased demand for security solutions for the data centers, an environment in which not a long time ago, information security specialists were considering protecting at the perimeter, as well as by scanning traffic. Demand for in-depth security, with each server (either physical or virtual) having a performant protection agent, as well as with solutions to analyze incidents and correlate logs and information from different parts of the organization, is also seeing an increase. This is even more important for organizations relaying their customer operations on virtualization and cloud technologies, where security breaches could affect their customer service and revenue. Every time such global providers of cloud services are out of service for as little as a couple of hours, the incidents make the news, even if the services are sometimes free of charge for customers. Companies offering platform-as-a-service or application-as-a-service solutions to business customers on a global scale, with service level agreements in place, can simply not afford to ignore best-of-breed protection solutions for their hybrid cloud environments as they will lose money for every minute of service not available.
In brief, security industry today is an interesting place to do business as there is increased demand for reputable solutions due to the increased number of threats and information on public breaches. On the other hand, both security providers and companies servicing their customers face increased responsibility, since our lifestyle involves (with no sign of going backward) keeping personal and sensitive data in the cloud. As customers become more knowledgeable about the information security standards that need to be implemented, there is also increased risk to companies’ reputation and, ultimately, their business result if such standards are not respected.