Remember the times when digital theft meant someone took the watch off your wrist, and stealing your personal information was achieved by going through the old telephone book? The world has changed and stealing information – for resale or ransom – has become a very lucrative business.
With the mid-June 2018 cyber-attack on Liberty Group where the perpetrators held Liberty to ransom by demanding an undisclosed sum – said to be “in the millions” - to prevent them releasing sensitive client data, the insurance giant’s crisis management team went into overdrive while its share price hit some turbulence.
Noting that Liberty is not the only data breach that has hit South Africa recently, Wayne Borcher, COO of SSA, warns that it won’t be the last. “Everyone is at risk and we all know this, so the organisations that show potential customers the initiatives they are taking to prevent or reduce the impact of data breaches are going to be seen to be the ones to do business with,” says Borcher.
Most organisations think about data security as a way to stop threats, but in today's digital economy they should be thinking about data security as a strategic advantage that not only protects, but also enables new business value.
“Because the threat landscape is growing almost as quickly as security measures can be coded, it’s the digital version of ‘survival of the fittest’ out there,” says Borcher. “It also means organisations that implement the best security measures are possibly less likely to be hacked – or, at least, more likely to notice a breach quickly - and can therefore gain valuable advantage over competitors.”
While organisations must continue to work diligently to protect valuable data and assets, to achieve growth, the biggest opportunity comes when they make data security a foundational component of their digital strategies.
Making your initiatives known
The risk of data loss affords organisations a tremendous opportunity to stand out in the marketplace by letting your clients and potential clients know the steps you are taking to keep their data as secure as possible in this climate.
So, you can simply comply with regulations - or you can turn you robust security and privacy protection into a reputation-boosting differentiator. Imagine your customers telling others, “Well, at least I know my information is protected and secure.” If you choose to adopt this competitive differentiator, consider this caveat: Many of the businesses succumbing to being compromised were actually meeting regulatory and contractual requirements, so your organisation’s informed view of the true risks should raise the bar. To seize this brand-differentiating opportunity, SSA offers three suggestions:
- The biggest security mistake many companies make is thinking that protecting customers and the company’s private information is the role of IT. Clearly, it is not. Security must be a vital part of the C-suite’s competitive strategy. It is important to not merely focus on the outside threat - history shows most of attacks and compromises ultimately come from the inside of an organisation.
- Implement four steps to build your security differentiator: Control, defend, monitor and prepare. Note:
- Control your core operations and prioritise those of most value and which are most vulnerable.
- Defend those areas by creating layers of protection. Monitor the places where your business intersects with others, requiring that vendors and other key partners match your high security standard.
- Train employees throughout your organisation with clear, specific rationale and practices that are frequently reviewed.
- The C-suite should appoint a cross-functional compliance or data governance council, charged with answering key questions such as:
- What are our most important information assets to protect, in order of priority?
- Are we using the right combination of internal and external intelligence to prioritise the true risks to the business?
- What regulatory and contractual obligations do we have, with respect to the protection of data that must be met?
- What parts of our business are the most valuable or vulnerable targets?
- What is the current state of our compliance and data protection practices?
- How do the skills of our resources align against what we need to manage today’s true risks?
- What is the most important proof of data and privacy protection, as our clients perceive it?
With this cross-functional, leadership-backed approach to focusing on the real risks that your organisation faces, your employees and clients can become strong advocators of your competitive differentiator – the most robust security possible.
However, Borcher warns that window-dressing in this area would be more damaging to your reputation should you suffer an attack or breach. “Only tell your customers your staff members are security-savvy when they are. The fallout from misleading people about this could be worse than the attack itself.”