​Money pit to money maker: Making privacy and security a competitive advantage

CIO Strategies: Spending money on data security and privacy can help you business, not hinder it.
Written by Mark Samuels, Contributor

Secure your iPhone and iPad: Change these iOS 11 privacy and security settings now

Businesses that do not prioritise data security are set for a rude awakening. A prefect storm of ever-increasing cybersecurity risks, heightened customer expectations and fresh regulatory requirements mean executives must invest in digital defences.

At analyst Forrester's recent Privacy and Security Europe event speakers highlighted how successful organisations prioritise data privacy and use it to establish competitive advantage through information security.

1. Make privacy and protection core to your business strategy

Industry experts often portray cyber security as bottomless money pit, into which businesses can dump huge amounts of cash for little visible return. However, Akhilesh Tuteja, global cyber security practice leader at KPMG, says companies that invest money in privacy are more likely to be successful.

Chief executives believe brand reputation is the number one factor impacting growth, higher than economic change or new technologies, according to KPMG research. What is more, almost three quarters (71 percent) of CEOs see an investment in cyber security as an opportunity to innovate and create new opportunities for revenue growth.

"In the digital age, senior executives are beginning to recognise that trust is a strategic differentiator," says Tuteja. "The fastest way to get fired in your business is a data breach. As a CEO, you might get fired after a year of bad performance - you'll have six weeks at most after a security breach."

The establishment of trust is also about more than executive self-preservation. Trust, says Tuteja, has a direct impact on the bottom line. Businesses that enhance customer trust are more to likely increase sales and profitability.

"Reputation in the digital world is tough to build," says Tuteja. "If you break the trust of your customers once, they'll never come back again. You must have privacy and protection front and centre because the loss of trust is a big risk."

2. Use the establishment of digital security as a competitive advantage

Natasha McCabe, head of digital business transformation and change at Royal Mail, says the delivery market is changing rapidly. She points to innovators like Amazon Prime, high street retailers such as Argos accepting deliveries for customers, and up-and-coming specialists that deliver to lockers or homes with precise time slots.

So, how does a 500-year-old organisation respond to change in its core market? "It's a challenge," says McCabe. "We're undergoing a huge transformation - information is the lifeblood of what we do and we have to innovate."

IT-led change at Royal Mail has involved embedding security across all areas of digital transformation. "We've had to re-think our security strategy," says McCabe. "We're shifting from a focus on systems to the vital data that resides within them. We have a chance to embrace digital security and use it as a competitive advantage."

McCabe points to digital developments in several key areas. The organisation has embraced a multi-supplier environment to provide better service and more resiliency. It has also established a secure cloud strategy and embraced Agile, particularly for prototyping and iterative development.

"We're aiming to be a digital-focused, customer-minded business, that's moved from a command and control approach to an agile and flexible organisation," she says. "We want to embed the right approach throughout the business. And we can now trial the next big thing safely and securely in a controlled manner."


Businesses that do not prioritise data security are set for a rude awakening.

Image: Sergey Isaev

3. Recognise that effective data privacy is a team sport

Laurent Christoph, experience strategist at Lloyds Banking Group, says executives must stop focusing on regulations and technology - the future of privacy, he says, starts with people. While laggards concentrate on staying compliant, the best companies stay ahead by paying attention to their customers.

Christoph has pioneered developments in his own bank by running focus groups on privacy with clients. Customers are well-informed regarding data use but are unsure of the implications of legislation, such as the forthcoming General Data Protection Regulation.

High customer expectations, says Christoph, make it tough to design the future of security, but these elevated client demands also help increase stakeholder interest in privacy. Christoph says his strategy team, which is currently undertaking experiments and research, is now set up to investigate customers concerns around data privacy during the next three years.

"We're thinking about the future of customer problems - and it's a real team sport," he says. "We've assembled a team of privacy stakeholders that are working outside their day jobs. The people who are willing to explore these options are also in your organisation. They just need to be brought together."

Christoph advises his IT leadership and business peers to identify the most customer-centric people in their organisations. He suggests bringing these people together and finding out how they can collaborate to improve the business view of the customer. Then, he advises peers to experiment.

"Doing is better than thinking - prototyping solutions and finding out how your customers might respond is the best idea," says Christoph. "Creating a strategy for privacy is also an iterative process. You might not get it right first time but you need to start working on privacy and you need to keep developing you approach."

Also: IT leader's guide to the threat of cyberwarfare | IT leader's guide to reducing insider security threats

4. Create cross-department privacy working groups

Fatemeh Khatibloo, principal analyst at Forrester, recognises there can be a disconnect between marketing teams, that tend to focus on short-term financial gains, and IT departments, that are more concerned with the long-term view and the protection of customer data.

Khatibloo refers to this disconnection as a privacy language barrier. "Security and privacy organisations spend money to save money - they want to prevent data leaks and media outcry. Marketing are spending money to make money," she says.

The good news is the gap can be bridged. The best organisations make privacy a core value. These firms constantly think about ethical data collection and management. "They have fundamentally changed the way they operate," she says.

The creation of cross-department privacy working groups is key to success, says Khatibloo. These groups should include experienced individuals from customer experience teams, marketing organisations and product development departments.

"The metrics we have for measuring privacy are often when things go wrong," she says. "Doing privacy better is a win/win - you're mitigating risk, while improving the quality of customer experience by using their information in the way they want."

Previous and related coverage

Shore up your defenses: Budget extra for an IT audit in 2018 [Tech Pro Research]

With the odds of a data breach on the rise, companies should consider increasing their IT audit budget for 2018.

Cybersecurity as big a challenge as counterterrorism, says spy chief

Online security now as big a job as surveillance and counterterrorism, says GCHQ boss.

Why legislation could be a double-edged sword for IoT security [Tech Pro Research]

Will security legislation create a safer IoT environment or will it just be a burden on device manufacturers and consumers? Here's a look at the pros and cons.

Read more about cybersecurity

Editorial standards