In the past good security practices were low on an organisation’s list of priorities. Recent scandals and revelations concerning cyber-crime have made data security and privacy a top priority for governments and industry regulators. Companies that are slack with data security now face significant risks and repercussions. However, the opportunity also exists to turn data security into a competitive advantage.
Tony Smales, CEO of Forticode, highlights, “cyber-crime is fed by data obtained from corporations and government. Legislation such as the General Data Protection Regulation (GDPR) in Europe and the Mandatory Data Breach Notification (MDBN) in Australia, are attempts to solve the underpinning problem of having data continually leaked and used to support illegal activities.”
“For a long time there were guidelines and best practices in regards to data security, but there were no obligations or consequences. Now there are and they are likely to get tougher. It’s about ensuring that organisations take full responsibility and accountability for protecting customer data and how it’s used.”
At the heart of the GDPR is the notion that it is the private citizen / customer who ultimately owns their data, not the corporation or the government agency who has it stored somewhere in a database. Tony comments, “Organisations are essentially borrowing data from their customers and they need to treat it as a high value asset. These controls and associated penalties are designed to make companies become proactive in how they manage data, and also how they manage transparency in the event that a breach occurs”.
Aside from legal liability there are a number of other risks associated with poor data security. In some cases these risks are potentially far more devastating than the penalties imposed by regulatory bodies. The penalties imposed on an organisation by its customers can threaten its very survival.
Smales highlights the following risks for companies that lack proper policies and procedures for data security and as a result, experience a major breach or threat to their customers’ data:
- Customers prefer to deal with organisations they can trust. A breach in data security can destroy the trust customers have with a brand. This damage means loss of business and reduced profits. Australia is such a small ecosystem that customer churn is a primary risk for most organisations. If people can’t trust you, because of poor data security, they will go to competitors they can trust.
- You will not be able to procure insurance or premiums become prohibitively expensive. Leaving the company exposed to further risk.
- The potential impact of associated fraud. Organisation A loses a customers email and password details. Those details are then used in a subsequent fraud event with Organisation B. We can expect to see legal test cases where the insurer for Organisation B will litigate against Organisation A.
The opportunity for business
If the greatest risk associated with breaches in data security is from damage to reputation, the greatest opportunity lies in building a positive reputation around protecting customer data. Brands that go above and beyond the minimum standards and guidelines will build trust with their customers. As Tony Smales points out, this will also make your organisation less of a target for cyber-criminals, further reducing the likelihood of a breach.
Smales says, “I often recommend two approaches to be done in parallel. First, is to exceed the guidelines. Don’t aim to just achieve a standard, aim above as it makes you a less attractive target. Second is to question what is collected, generated and stored. If you don’t need it then don’t collect it or keep it”.
A report conducted by Vodafone in 2017, revealed that 73% of the respondents believed strong security created new business opportunities, and 89% said improving their security would increase customer loyalty and trust.
As growth in the digital economy continues to escalate, the strategic importance of data security will grow significantly. New threats and scams are constantly appearing. There again it presents itself as an opportunity for organisations to differentiate themselves and stand out from their competitors.