Cyber Security Risk, for lack of a better word, is good. It’s the new market equalizer – those who can manage it will have competitive advantages over those who don’t. It’s time to reshape the conversation.
Apologies to Gordon Gekko, but most companies need to change how they think about cyber risk. Cyber executives often don’t talk about risk, feeling more comfortable focusing on technology, or they frame their risk discussions in terms of dooms-day scenarios and dire consequences. At the same time, the senior executives they’re talking to don’t have a strong understanding of cyber security, and do not easily connect cyber security to their strategy, operations, and success. CISOs end up either talking past executives, or scaring them into decision-making.
As a result, many senior leaders, including Boards of Directors, are getting cyber fatigue. They are growing weary of spending money so things don’t happen, listening to presentations that they do not understand, and stressing about threats they cannot see. Cyber executives are caught between growing accountability and exposure, and a lack of support and understanding (for about executive cyber fatigue, see our blog). Lost in all of this is the business value of cyber risk.
On the company level, cyber security is about managing the risks that impact your operations. If you do this well, you can avoid or minimize the impacts of a breach. This makes a lot of sense, and it’s what many savvy CISOs are telling their senior leadership. However, by only focusing on the individual company, they are leaving out the best part of the story. By taking a broader market perspective, they can show how a great cyber program provides competitive advantages.
Everyone in your market is facing similar cyber challenges and threats. Think of it as a mine field that every company in your market has to run through. Every company has a choice, and many choose to believe that threats won’t affect them. So, they take no precautions. However, as companies keep getting hit with cyber breaches, this is getting much tougher to justify to leadership.
The other option is for companies to acknowledge that cyber security is a reality, it is part of almost every aspect of operations, it is not optional, and it will only grow in importance. Herein lies a competitive advantage. Those who are better at detecting, deterring, avoiding, responding to and remediating cyber threats can move more quickly. A strong cyber program provides you the efficiency, flexibility, and speed that your competitors don’t have.
Cyber security is an inherent part of your brand, which means that customers are judging you on your cyber security. How they judge you, is up to you. Cyber security and corporate brands are usually talked about in terms of brand protection or the impacts on a brand in the event of a breach. While these are relevant aspects, cyber security is quickly making its way into customer purchasing criteria, brand loyalty, and market leadership perceptions.
The financial industry are early adopters for this dynamic. That makes sense, since they are prime targets, already have fraud systems in place, and are highly customer centric. A study by Master Card revealed that 95% of consumers expect their bank to have the latest technologies to keep their financial information safe and secure. American Express bought a Super Bowl advertisement to kick off it’s “A More Secure World” campaign, that featured cyber security as part of their core brand.
Financial services are only the beginning. Cyber security is a growing concern across all markets, from retail to construction. Whether you have customers, clients, or consumers, you will need to address their growing expectations about cyber security. Customer concerns are growing from “protect my money,” to “protect my privacy, data, and identity.” As cars and medical devices become more connected, you will begin to see “protect my life” as part of customer expectations.
All of the rising expectations create a unique opportunity for savvy companies. They allow you to help achieve the holy grail of marketing – trust. Developing a close, trusted partnership with your customers is fundamental to brand loyalty and customer engagement. Customers are not only worried about cyber security, they don’t understand it. If you can help them get their arms around it, feel safe, and know that your are actively protecting them, you can create a powerful link to your brand.
A strong brand connection with your customers translates into customer retention, referrals, premium pricing, and cross-selling opportunities. Some industries will even be able to offer specific cyber security products and services.
A good cyber security program is an intangible asset. Intangible assets, although hard to measure, are a key part of market valuation. According to the Commission on the Theft of American Intellectual Property, 70% of the value of publicly traded corporations is estimated to be in “intangible assets.” If you think about it, cyber security is an intangible asset that protects your intangible assets (on second thought, don’t think about it – you might fry your brain).
A strong cyber program will help you with market analysts and prospective buyers. The more you can show that you have a disciplined approach to cyber security, and the more you can show how your cyber program helps you with your operations and branding, the more you will increase your company’s value.
It will also help your acquisition of new companies. You should bake cyber security into your valuation and it can help with negotiations. Some companies even conduct a cyber security maturity assessment right after an acquisition. This way they can identify ways to reduce risk, and quickly increase market value.
Cyber security can be a high pressure, high risk endeavor. However, if you take the right approach, and you reshape the conversation around cyber security, you can turn the risk into rewards.