It’s no longer up for debate. Security matters to today’s consumers. From Baby Boomers to Gen-Zers, security is top of mind as we continue to see massive data breaches that reveal some of consumers’ most personal data.
But companies are getting mixed signals. While consumers are demanding increased security offerings, they are also demanding more personalized experiences. Paradoxically, this requires companies to collect volumes of data about their customers, from basic contact information to detailed financial history, demographics, buying patterns and even lifestyle choices to build a very personalized and private digital footprint for each customer.
For the executive board, that means dedicating more time to security to ensure companies can keep pace with these seemingly contradictory consumer demands. According to the survey 2019 C-Suite Perspectives: From Defense to Offense, Executives Turn Information Security Into a Competitive Advantage, 72% of executives across industries, including financial services, retail/hospitality, telecom/service provider and others, note information security as a recurring agenda item in every meeting. When executives are reporting customer loss, brand reputation loss and revenue loss as three of the top major business impacts of a security incident, it makes sense why.
What can companies do to keep up with customers’ rapidly changing expectations?
Step 1: Start a Dialogue – and Do It Early
Start talking about your security early. Whether it’s the organization’s own security policies or security offerings to customers, people crave conversation around the security of their personal information.
This can be a hard step to take. Many companies were once hesitant to speak publicly about cybersecurity because it could cause consumers to question their business’ fragility. As a result, leaders can still be slow to take to security messaging in fear that it might draw attention to something they’ve missed.
But ignoring the security conversation is no longer an option. In fact, 75% of companies say that security is a key part of their marketing messaging. While the remaining 25% might think they’re protecting their organizations by leaving security out of the conversation, they’re instead opening an opportunity for competitors to use security as a competitive differentiator and to build trust and loyalty with customers in an increasingly insecure world.
Step 2: Follow Through
Don’t just talk the talk. Your security policies must live up to their expectations. This can be harder to do than it sounds.
For example, digital transformation drove a mass migration into public and private cloud environments. Organizations were wooed by the promise of flexibility, streamlined business operations, improved efficiency, lower operational costs and greater business agility. Rightfully so, as cloud environments have largely fulfilled their promises.
However, along with these incredible benefits comes a far greater risk than most organizations anticipated. While 54% of executives report improving information security as one of their top three reasons for initiating digital transformation processes, 73% indicate they have had unauthorized access to their public cloud assets. What is more alarming is how these unauthorized access incidents have occurred, whether it’s from employee neglect or faulty security policies.
Make no mistake. If customers learn that their data was breached, especially in a way that was avoidable, it will make an impact on your company’s bottom line.
Step 3: If a Breach Occurs, Return to Step 1
With that said, it’s almost unavoidable – many organizations will unfortunately experience a data breach. It’s a matter of time. But what a company does after a breach can matter much more than the breach itself.
It’s key to establish communication lines with both internal and external audiences early in order to effectively communicate if and when a breach does occur. By opening these channels and communicating early and often, it allows you to get your message out quickly and efficiently.
While having those conversations:
- Be open and sincere and admit what happened and accept responsibility
- Provide details and explain how the breach occurred
- Mitigate by offering solutions for impacted users, and if possible, prepare a special offer for the affected audience
- Educate by providing best practices on how to prevent similar issues in the future
- Invite open dialogue by involving clients, industry experts, and even the general public
Leading organizations have already begun to weave security into the very fabric of their culture. This is evidenced through go-to-market secure marketing messages, sharing responsibility for information security across the entire leadership team, creating privacy-centric business policies and processes and making information security and customer data-privacy part of an organization’s core values. The biggest challenges organizations still face is in how best to execute it. Following these steps can help your company get there.
Ron Winward, Security Evangelist for Radware