There’s a new way of thinking about Cyber security
Cyber security strategies/Posture definitions must align with business objectives, but that’s difficult because most Boards of directors don’t understand security.
Cyber security needs to be a part of the ‘corporate enterprise strategy,’ which means Cyber security needs to be part of what the organisation uses to competitively differentiate itself from other organisations
New Cyber security approaches are moving from thinking about Cyber security as a defensive approach, to thinking about it as a source of competitive advantage. With Boards looking at how to protect, optimise and grow their businesses by sustaining IP, assets and brand, here are four ways to position your cybersecurity strategies for a distinct advantage.
Have a quantifiable risk that you can understand
Just thinking about Cyber security defensively makes it hard to understand the value of security investments. By putting a value on data risks, you can start to think about Cyber security in terms of ROI.
The Board wants to know what an appropriate response is in the context of the business.
Today, the effects of suffering a data breach can include a 6% drop in share price or losing 100,000 customers, as we’ve seen with recent company Cyber-attacks. It can mean spending too much, on too many tools, or not making a move in the market.
By measuring business risks, and outlining security investments in terms of revenue, share price, brand and valuation opportunity, and not just as a cost, you can start to have a better grip on the extent of your Cyber security advantage and ROI.
Whole company involvement, that everyone can be a part of
The number one cause of large security breaches remains phishing, according to the EY 2018-19 Global Information Security Survey of over 1,200 companies. On mobile devices, phishing attacks have increased 85% year on year for the last seven years, so you are still more likely to be made vulnerable by a member of staff opening a rogue email than anything else.
This is often the result of a lack of Cyber security awareness; whether about generic malware, scams related to fake LinkedIn profiles, or hacks on public Wi-Fi.
Therefore, developing a culture where staff at all levels understand how to protect data and systems, including mobile devices, through up-to-date training, drills and regular communication, will help build and maintain a Cyber security advantage.
Cyber policies are vital as a living, breathing reference to help manage a fraught and fast-moving situation, yet these aren’t effective if staff outside of the Cyber function don’t know about them.
Embedding a Cyber conscious culture that heightens awareness and behaviors amongst all employees can help you pull ahead of the competition, instead of scoring an own goal.
Keep to a small window for damage control
The UK’s National Cyber Security Centre (NCSC) recently described a need to act collaboratively and collectively against Cyber threats, urging organisations to raise the bar.
Cyber threats don’t respect borders, jurisdictions or organisational boundaries, and there is a small window in which to minimise the damage.
Under GDPR, the new mandatory 72-hour breach reporting could be too long a timeline in the court of public opinion, and focusing on the first 2 to 5 hours instead could provide a much-needed advantage.
Outlining critical stages of your breach response in the first few hours across functions from IT, security, PR to legal, and identifying at which points to get an external view, could make the difference between a forgiving public or not when you have to appear on Newsnight.
As we start to see more threats and regulations emerge across the world, how businesses come together, under extreme time pressures, will provide much needed collaborative and competitive
Use different approaches for evolving risks
Cyber risks aren’t constant. The nature of the risks are always changing, which means resources to fight them can’t be allocated on a set basis.
Increasingly, Cyber security requires bringing together a wide range of capabilities to deliver business value.
Whether that be through enhancing Cyber resources with new skillsets, leveraging emerging technology from hardware authentication, virtualised intrusion detection, or using AI and machine learning.
With Cyber security increasingly becoming a competitive battleground, that’s all the more reason to start thinking about how your company can build an effective Cyber security advantage.
Cyber and data protection drive customer satisfaction
Many retailers are unaware that they are missing a trick when it comes to customer satisfaction or that focusing on Cyber security and data policies can have a direct effect on customer satisfaction. We asked consumers to rate their satisfaction levels if a retailer implemented several Cyber security and data privacy capabilities.
Strong Cyber security measures increase customer satisfaction by 13% while 40% of consumers would be willing to increase their online spend by at least 20% more with retailers they trust. The report revealed that retailers who can adopt advanced Cyber security measures could drive a 5.4% uplift in annual revenue, they found that the share of satisfied customers increased from 9% to 22% when consumers knew their primary retailer had implemented these capabilities.
Our research shows that consumers are particularly interested in specific capabilities, for example, encrypting stored data and offering a prompt for account passwords have the biggest effect on customer satisfaction.
Consumers will spend more if retailers step up their game
We asked consumers how much more they would spend online if a retailer took these trust-building actions:
- Assurance that their financial and personal information is safe, for example, sending periodic communications about security measures taken to protect consumer data from the latest threats
- Clear explanations about how their personal and financial information will be used
- Assurance that the retailer’s websites and Apps use the most advanced security technique, for example, 256-bit Secure Sockets Layer (SSL) encryption or Transport Layer Security (TLS).
Approximately 40% of consumers would be willing to increase their online spend by 20% or more if their primary retailer gave them these trust-building assurances and competitors did not.
Despite the valuable prize on offer, retailers are not seizing it. We assessed over 200 retailers to see if their actions are in line with customer expectations. The results are not encouraging. Among other things, we found that:
- Most retailers do not focus on the cybersecurity and data privacy capabilities that can boost customer satisfaction
- Consumers want more assurances from retailers than they are getting
- Retailers appear reluctant to inform their customers of data breaches
- Few retailers inform their consumers of a breach before the media does.
We believe that this is a significant missed opportunity that raises a host of questions. What’s the business case for getting this right?
Co-founder & CEO, Edge IT Group