New technologies enable consumer businesses to compete in an ever-expanding and developing digital market by allowing for easier, more effective customer engagement and by building and strengthening brand loyalty. However, the adoption of the novel always comes with a risk. Adopting the latest business technologies may provide some advantages over competitors, but its very newness provides cybercriminals an opportunity to find and exploit undiscovered security weaknesses. This fact makes consumer business susceptible to losing not only financial assets, but their intellectual property, brand reputation, and customers’ trust. With that in mind, how does a company balance their desire to compete with the risk of losing—essentially—everything?
The 2017 report by the Deloitte Center for Industry Insights, entitled “Cyber Risk in Consumer Business,” sheds light on that question. In the study, over 400 senior executives—e.g. chief information officers (CIOs), chief information security officers (CISOs), chief technology officers (CTOs), etc.—in the consumer products, retail, restaurant, and agribusiness sectors were surveyed and interviewed about the cybersecurity challenges faced by their businesses. It revealed not only the organizational risks that come with adopting emerging technologies but provided strategies aimed towards better balancing the desire to compete in digital markets with the security initiatives that are necessary for protecting against cyber attacks.
Focusing on key areas of concern among consumer businesses, the report identifies and analyzes six cybersecurity factors as well as discusses organizational measures that target these problem areas in order to both protect and strengthen a company’s digital ecosystem:
- Executive-level engagement (or lack thereof)
- Customer trust
- Connected products
- Intellectual Property (IP)
- Talent and human capital
Consumer Technologies: Progress or Problem?
The rapid growth of consumer-based technologies has brought drastic changes to the methods of consumer engagement and has helped to enhance the customer experience. However, as such technologies develop, the opportunities grow, not only for consumer businesses but for cybercriminals as well.
The study focuses on connected products and new payments systems as examples of technologies changing the consumer and cybersecurity landscapes. Connected products can provide a more customized and cohesive experience by storing consumer information, habits, and preferences to make more informed suggestions and decisions, while new payment systems can allow for a more streamlined and user-friendly process by storing payment information (i.e. credit card, banking, etc.). While these technologies demonstrate clear benefits to the consumer, the stored data presents a clear target for cybercriminals.
As consumer-based technologies are further developed and adopted, the value of digital information and of collecting consumer data increases. In response, information databases grow and with it so too does the risk of a data breach. In light of this increasing risk, consumer business must reevaluate and update their cyber management initiatives to better protect themselves and their customers.
Protecting Your Assets
Consumer businesses have always encountered risks in their pursuit of success. Risk is just a necessary component of consumer business which must be overcome. However, new consumer-based technologies have added new risks which companies need to acknowledge and address.
Technologies, such as connected products and payment systems, are readily being adopted. But the risks attached to them are not being addressed as they should. The risk of attack is no longer just someone dressed in black sneaking into the company at night to steal confidential papers, but a cybercriminal stealthily infiltrating the company’s database from his home office three states away (or even from an ocean away). It is not just an armed robber holding up the business to steal from the cash register, but someone intercepting digital transactions and funneling it into their off-shore bank account.
As the study points outs, companies caught unaware and unprepared can lose not only their financial assets, but their customers trust and loyalty, their brand reputation, and their intellectual property. Businesses need to understand that security needs to progress to match the risk. In this cyber age, risk has taken form in the cyber landscape.
No “I” in Team, But There is in Involvement
From the entry-level through to the senior-level, many cybersecurity weaknesses exist in the organizational structure, which can lead to lack of organization coordination and individual understanding, as well as unpreparedness, incompetence, and ineffectiveness. The study discusses the effectiveness of security initiatives when the full structure understands the cyber landscape and is involved in mitigating cyber risk.
The executive-level provides direction and organization within a company. By having executives take a more proactive role in cyber risk management, companies could benefit from better organizational coordination and clarity in regards to an individual employee’s role and responsibilities. By pushing for greater executive-level engagement in cyber risk initiatives, the senior management can better lead a company towards systemic cyber risk understanding and management. The study later discusses the necessity to attract, train, and maintain individuals who are able to efficiently and effectively manager cyber risk and cyber-attacks. Without the human talent to properly execute cyber management protocols, the initiatives set forth by the executive-level will prove to be ineffective.
It’s a Balancing Act
The landscape of consumer business is changing and with it the risks that such businesses face. The Deloitte study’s suggestions, such as implementing wargaming exercises or performing regular vulnerability scans, are aimed towards countering the existing holes in a company’s existing cybersecurity measures. Beyond these security measures, the study emphasizes the need for higher vigilance at all levels and better, more encompassing preparedness. Together these qualities create a cyber network both responsive and resilient. While not fool-proof, the initiatives outlined can help a consumer business establish a better balance between the desire to compete in the market with the necessity of protecting themselves against cyberattacks.
For more information, you can download the full report here: