Yet, when it comes to handling data, organisations seem to be prioritising profits over consumer expectations and concerns. With customers becoming more educated about the value of their data and cyber risks associated with sharing it, this approach may be damaging to businesses.
The need for digital transformation is pressing and has found favour with business leaders across all sectors. While the upsides of transformation - incorporating new technology and data strategies for growth - are evident, the potential risks may often be overlooked.
Further, digital transformation activities are outpacing cyber security efforts at many organisations, exposing a potential misalignment between consumer expectations and concerns, and the organisations’ ability, and even intent, to meet those expectations.
KPMG’s Consumer Loss Barometer report surveyed over 2,000 consumers and 1,800 chief information security officers (CISOs) globally, to check what consumer expectations are and how CISOs intended to respond in the event of a breach. We found that 69 per cent of consumers reported concerns about their technology being compromised while 37 per cent of consumers reported having their financial information compromised. On the other hand, two-thirds of CISOs say they prioritise financial loss and reputational risk over the impact on customer trust.
This brings us to the broader question: Do security professionals really know what consumers want?
Here is where the survey identified a mismatch between security executives’ priorities and those of consumers. More than a third of consumers would want the company to prove it had fixed the issue; however, only eight per cent of security executives would prioritise providing such proof. Conversely, only 24 per cent of consumers would consider it a priority to receive an apology, but approximately half of the security executives surveyed said they would prioritise providing one.
These findings suggest the necessity for companies’ security leadership to first understand end-consumers’ needs, essentially transitioning from a back-office function to become a core element of the consumer experience.
The central question that security professionals may want to ask themselves is how do their actions contribute to the trust ecosystem? They must demonstrate intent to keep the customer informed about the issues as they break and implement speedy and lasting solutions. We found that even if a cyber incident occurs but is handled sensitively and in a manner that reinforces consumer trust, it can actually strengthen the trust ecosystem and improve a company’s ability to retain consumers.
Global CEOs are increasingly acknowledging that robust cyber defences are critical to building consumer confidence. Over half of the global CEOs surveyed by KPMG for its most recent CEO Outlook report said that a strong cyber strategy is critical to secure trust with their stakeholders. This figure was even higher (68 per cent) among UAE and Oman CEOs, where corporates are aligned with governments’ cyber security strategies. They are also aware that a cyber attack is now a case of ‘when’ not ‘if’.
The current gap between customers’ and security leaders’ expectations and priorities may therefore be perceived as a significant opportunity for forward-thinking organisations to integrate cyber security into their business transformation agendas, putting trust at the heart of the relationship. Achieving this would require a relook at the role of cybersecurity in the organisation, extending beyond the traditional IT function where experts are hired not only on the basis of their data security skills, but also their business skills.
(Timothy Wood is the associate partner and head of cybersecurity at KPMG Lower Gulf)
The views and opinions expressed in this column are solely those of the author and do not necessarily represent those of Muscat Daily or Apex Media Publication