Three steps for meeting consumers’ contradictory expectations
It’s no longer up for debate. Security matters to today’s
consumers. From Baby Boomers to Gen-Zers, security is top of mind as we
continue to see massive data breaches that reveal some of consumers’ most
personal data.
But companies are getting mixed signals. While consumers are
demanding increased security offerings, they are also demanding more personalized
experiences. Paradoxically, this requires companies to collect volumes of data
about their customers, from basic contact information to detailed financial
history, demographics, buying patterns and even lifestyle choices to build a
very personalized and private digital footprint for each customer.
For the executive board, that means dedicating more time to
security to ensure companies can keep pace with these seemingly contradictory
consumer demands. According to the survey 2019 C-Suite Perspectives: From
Defense to Offense, Executives Turn Information Security Into a Competitive
Advantage, 72% of executives across industries, including financial
services, retail/hospitality, telecom/service provider and others, note
information security as a recurring agenda item in every meeting. When
executives are reporting customer loss, brand reputation loss and revenue loss
as three of the top major business impacts of a security incident, it makes
sense why.
What can companies do
to keep up with customers’ rapidly changing expectations?
Step 1: Start a
Dialogue – and Do It Early
Start talking about your security early. Whether it’s the organization’s own security policies or
security offerings to customers, people crave conversation around the security
of their personal information.
This can be a hard step to take. Many companies were once
hesitant to speak publicly about cybersecurity because it could cause consumers
to question their business’ fragility. As a result, leaders can still be slow
to take to security messaging in fear that it might draw attention to something
they’ve missed.
But ignoring the security conversation is no longer an
option. In fact, 75% of companies say that security is a key part of their
marketing messaging. While the remaining 25% might think they’re protecting
their organizations by leaving security out of the conversation, they’re
instead opening an opportunity for competitors to use security as a competitive
differentiator and to build trust and loyalty with customers in an increasingly
insecure world.
Step 2: Follow
Through
Don’t just talk the talk. Your security policies must live
up to their expectations. This can be harder to do than it sounds.
For example, digital transformation drove a mass migration
into public and private cloud environments.
Organizations were wooed by the promise of flexibility, streamlined
business operations, improved efficiency, lower operational costs and greater
business agility. Rightfully so, as cloud environments have largely fulfilled
their promises.
However, along with these incredible benefits comes a far
greater risk than most organizations anticipated. While 54% of executives
report improving information security as one of their top three reasons for
initiating digital transformation processes, 73% indicate they have had
unauthorized access to their public cloud assets. What is more alarming is how
these unauthorized access incidents have occurred, whether it’s from employee
neglect or faulty security policies.
Make no mistake. If customers learn that their data was
breached, especially in a way that was avoidable, it will make an impact on
your company’s bottom line.
Step 3: If a Breach
Occurs, Return to Step 1
With that said, it’s almost unavoidable – many organizations
will unfortunately experience a data breach. It’s a matter of time. But what a
company does after a breach can matter much more than the breach itself.
It’s key to establish communication lines with both internal
and external audiences early in order to effectively communicate if and when a
breach does occur. By opening these channels and communicating early and often,
it allows you to get your message out quickly and efficiently.
While having those conversations:
- Be open and sincere and admit what happened and accept responsibility
- Provide details and explain how the breach occurred
- Mitigate by offering solutions for impacted users, and if possible, prepare a special offer for the affected audience
- Educate by providing best practices on how to prevent similar issues in the future
- Invite open dialogue by involving clients, industry experts, and even the general public
Leading organizations have already begun to weave security
into the very fabric of their culture. This
is evidenced through go-to-market secure marketing messages, sharing
responsibility for information security across the entire leadership team,
creating privacy-centric business policies and processes and making information
security and customer data-privacy part of an organization’s core values. The biggest challenges organizations still
face is in how best to execute it. Following these steps can help your company
get there.
Ron Winward, Security Evangelist for Radware
Gloss