What Would Happen if We Didn’t Think of It as Data…?
What level of “digital trust” is there in your company? To put it another way, how confident are your customers, employees and partners that your business will safeguard what THEY have entrusted to YOU?
As the battle intensifies to protect the confidentiality, integrity and accessibility of digital information, one thing is clear: companies large and small who do not make digital trust a priority will not be around in the future. In today’s world, cybersecurity is not only an expectation, but a demand from those who make your company possible.
Time for a Commercial Break
Take 60 seconds and watch this commercial from Acura:
It is not a commercial about the elegance, comfort, or price of Acura’s luxury line of cars. It is a commercial aimed at increasing their customers’ trust by focusing on the safety and security of what is most important to them. They drive this home with their tagline “When you don’t think of them as dummies, something amazing happens.” And it’s a great way to publicize that they are “The first luxury brand to be awarded top safety ratings across its entire model line.”
In short, what they are saying is this:
“You can trust us because we’ve made the security of what’s important to you a priority to our business and we’ve got the awards to prove it.”
What if We Didn’t Think of It as Data?
Companies that aren’t seriously investing in cybersecurity technology and training are still looking at their data like a car company might look at a crash test dummy – just something to be used for making business decisions – instead of information they have been entrusted with from other parties (be it customers, employees, or business partners) to protect.
In March 2016, HfS Research and Accenture surveyed 208 enterprise security professionals across a range of geographies and vertical industry sectors. Their results were just released in the report “The State of Cybersecurity and Digital Trust 2016.”
The key objective of this survey was to learn how cybersecurity threats are perceived and countered within the enterprise, with a goal of understanding the state of cybersecurity and the steps the enterprise should take to foster digital trust throughout the extended enterprise.
One of their notable findings was that “While 54 percent of respondents agree or strongly agree that cybersecurity is an enabler of digital trust for consumers, 36 percent believe their executive management considers cybersecurity an unnecessary cost.”
Question: “Would you feel confident in entrusting what is important to you with the companies of those 36% who don’t believe their executive management make the security of it a priority?”
If enough answer “No” to this question, what will inevitably happen to that business?
The Threat Grows Bigger But The Budget Grows Smaller
These security professionals were also asked about their concern for the future of cybersecurity threats. See their response to the following question:
How concerned were you during the prior 12 months of the following threats and how concerned are you moving into the coming 12 to 18 months? (responses citing Major or Critical Threats only)
Note that they saw all threats as increasing. Compare this outlook, however, to how well positioned they find themselves to handle threats:
How prepared are you [your staff] to handle each of the following?
Question: “With whom would you rather entrust your business?”
One last telling response from this survey was to this question:
Which of the following are the biggest inhibitors to your organization’s security provision? (single biggest inhibitor)
Of course, budget is always going to be a limiting factor for any business initiative. However, that, along with the lack of the Corporate/ Executive Level making it a priority, doesn’t bode well for those companies in the face of an increasing cybersecurity threat.
Businesses Need to Change Their Thinking
The problem in business (and cybersecurity) is that we use the impersonal word “data” to describe something of personal value. Just look at how the word “data” is defined:
1: factual information (as measurements or statistics) used as a basis for reasoning, discussion, or calculation
2: information output by a sensing device or organ that includes both useful and irrelevant or redundant information and must be processed to be meaningful
3: information in numerical form that can be digitally transmitted or processed
It’s no wonder that when executive management considers protecting “data” – andbudgeting for cybersecurity – they see it as just another expense (and for some, an unnecessary one) rather than protecting something they’ve been entrusted with to protect.
Consider for a moment how a cybercriminal sees data. To him/her it is simply a commodity with no concern for whom it belongs or how they are affected by what he/she does with it. The table below gives more of an idea about this.
The cybercriminal is only concerned with “Why it’s done.”
In order to build digital trust, businesses must be concerned about “Who is impacted” – to stop looking at “data” as an impersonal commodity and more as an asset that beenentrusted to them by someone.
In addition, businesses need to look at cybersecurity as a way of strengthening their company’s position in the market (just as Acura has done).
Instead of “just another expense,” the security of the information you’ve been entrusted with needs to be one of your core business initiatives.
As the Accenture/HfS Research report states, “State-of-the-art in cybersecurity is anapproach, a mindset—not an implementation or technological end-state. It evolves and adapts as the value of assets shift and the type or level of threat changes.”
If a company is to remain viable and competitive in the near future, executive management needs to “quit looking at it as data” and see their digital information as a valuable asset whose loss or destruction impacts others. If your company cannot be trusted to keep it safe, it will be given to one that can be.