Steve Durbin is Chief Executive of Information Security Forum. He is a frequent speaker on the Council’s role in cybersecurity and technology.
Trust is at the heart of any business relationship. Consumers will not do business with you and employees will not work with you if they do not trust you. And while trust can encompass a number of elements (including product quality, honesty, integrity and goodwill), security is quickly becoming one of the most important pillars of trust. According to a recent PwC survey, consumers, employees and business leaders agree that data protection and cybersecurity: the most important basic elements of trust.
As issues surrounding data security, privacy, breaches, espionage and misinformation come to the fore, companies are at increased risk of losing both their business and reputation. According to Deloitte, a negative confidence-related event can erode a company’s market capitalization by: 20% to 56% and has the potential to provoke a chain reaction of events that can negatively impact reputation. Worse, given the speed at which information is made available and disseminated on social media, it can be nearly impossible for companies to avoid the dilution of business value and trust in the eyes of their stakeholders.
Conversely, cybersecurity is also an opportunity in disguise. Consumers tend to trust companies that: restrict the use of personal data and respond quickly to hacks and breaches. By following these practices, you can have a positive impact on loyalty, revenue growth, brand equity and employee retention. So, how can your organization use cybersecurity to build trust? Here are five recommendations:
1. Assess trust levels in your organization.
Baseline expectations in the eyes of various stakeholders (including customers, investors, suppliers, and employees) from a cybersecurity and trust perspective. Find out if they understand the existing cybersecurity strategy and if they feel the controls are adequate. See if they trust the organization, its leaders, and its overall strategy from a cybersecurity perspective.
Keep in mind that different groups may have different levels of expectations and priorities. Try benchmarking your findings with industry leaders so you can evaluate your trust-related performance. Then identify critical gaps in expectations and weaknesses to create your overall strategy and timeline to address the issues you’ve discovered.
2. Support your strategy with the right cybersecurity investments.
A strategy without the right amount of investment can lead to sub-optimal results. Estimate the amount of investment needed based on the issues identified, the industry you’re in, the profile of your customers, and the sensitivity of the data you manage. Addressing all trust gaps in one go may not be feasible, so it’s always a good idea to prioritize your areas of focus based on trust drivers and your organization’s cybersecurity priorities. Don’t think of cybersecurity as a cost, see it instead as an investment and opportunity to build trust with your stakeholders.
3. Weave cybersecurity and trust in people.
It is impossible to gain external trust unless you have internal trust. That’s why it’s important to develop a culture of trust, where employees put cybersecurity at the heart of everything they do. Two crucial elements are important here: transparency and training. Transparency means having clear and demonstrable processes that give stakeholders complete clarity about what you do, why you do it and how you do it. It also means being ethical about your practices and being honest about the risks the organization faces.
Companies need to ensure that employees operate with a high level of security hygiene – strong passwords, phishing awareness, multi-factor authentication, regular patching, etc. Ultimately, employees need to feel more confident in the organization’s cybersecurity approach and also understand its long-term value of cybersecurity and privacy, as well as its impact on the business.
4. Never take cybersecurity and trust for granted.
The threat landscape is constantly evolving. As new devices, applications, users and other infrastructure are thrown into the mix, cybersecurity becomes even more complex. Organizations therefore need to have a repeatable, measurable process that ensures they don’t become complacent or overconfident with their security posture. Remember, it only takes one misjudgment, one cyber incident, to wash away all the trust you’ve built over time.
5. Put trust at the heart of cybersecurity.
Business has always been about trust: buyers trust sellers, employees trust employers, companies trust partners. Consumers trust organizations with their valuable data; therefore, it is the responsibility of the organization to ensure that it adheres to that trust. This means designing products and services that are secure by design, making leadership and employees responsible for security, regularly assessing cyber risks, sharing information about vulnerabilities or attacks, and having timely and well-trained processes in place to to limit impact. of cyber incidents.
Trust is not built overnight. It takes time and repeated guarantees. Organizations need to realize that cybersecurity is now a cornerstone of trust between them and consumers. More than ever, organizations need to weave cybersecurity into everything they do. Without doing that, everything will invariably collapse.