The fundamental need of any business is to provide service excellence to customers in order to remain in and grow their business. Without customers, a business cannot not survive. Without a solid reputation for excellence, it cannot grow. If the trust of a customer is lost, you will likely lose the customer. Furthermore, if you lose publicly the trust of the marketplace, even with deep reserves, you will struggle to attract new customers.
The sure-fire way to compromise the trust of your customers is by losing their personal or commercial data or compromising their privacy. There are no second chances following a successful cyber-attack and data breach, and there are no warm-up opportunities. A cyber-attack need only be successful once, with any amount of data stolen, for privacy to be compromised, trust destroyed and uncertainty in a business’ excellence to be questioned – cue exodus of customers. While no security programme is infallible, the harder a business is to hack, the greater likelihood another business will be targeted, and a breach averted. Be easy to hack and you will be. It is no longer a case of if, rather when.
“To retain your customers, an overwhelming degree of trust in your ability to protect their personal data and privacy is expected. Either your data security and cyber security is robust enough or it isn’t. The frequency and sophistication of attacks increases daily – being lucky to date, does not correlate to being lucky in the future.”
What is the importance of excellence in privacy and security?
Excellence is defined as the quality of being outstanding or extremely good. Once a customer is contracted, excellence in the acquisition of other customers does not concern them; conversely excellence in the management and security of their affairs very much does. If asked, any customer will state that on an importance scale of 1 – 10, the value they place on their privacy and security is 10.
Yet presently, only a very small number of businesses allocate specific budgets and resource to cyber security, and often the IT department will be expected to do what they can for cyber with an already under resourced IT budget. Conversely, businesses will allocate large sums into their marketing, business development and sales functions to continue to attract new customers.
So, with maintenance of trust and protection of personal data and privacy being at importance level 10 why do most business fail to apply the corresponding focus on customer privacy and security and choose to adopt an: “we’ll be alright mentality?”
Managing cyber security, or cyber risk management, can be a frightening prospect. As a relatively new and technical discipline, it can be daunting for a business without internal expertise to know what to do, where to invest and understand what good looks like. Guessing, piecemeal action and sporadic investment is not an effective approach of excellence to cyber security and will leave gaps in security and a business vulnerable.
Why you need to take a framework approach to your Cyber Risk Management.
The best approach to achieving the greatest resilience is a comprehensive approach to all cyber threats, obviously…. But what does comprehensive look like in cyber security and who decides? A comprehensive approach involves mitigating appropriately each type of cyber threat. To enable the component threats of cyber-attack to be easier to understand and aid management, cyber security has been broken down into individual threat areas. The threat areas are presented as a framework that businesses can use to ensure a comprehensive approach.
There are a number of international organisations across the globe that have established best-practice frameworks for managing cyber resilience. These frameworks have evolved over time and in response to emerging threats, market experiences, academia and industry best practice. The United Kingdom’s National Cyber Security Centre (NCSC) 10 steps to Cyber Security is an example of such a framework.
Why Cyber Security Risk Management is an ongoing commitment.
Once is not enough! Just as today’s cyber security framework evolved over time and in response to events, cyber threats continue to evolve every day. The explosion of Internet of Things devices, artificial intelligence and the prospect of 5G/6G will present ever greater challenges. Like it or not, today’s businesses stand in the middle of a cyber battlefield in a war that is unlikely to end. Cyber risk management must become a cultural consideration for every business. Just as one considers the health and resilience of their body to lead a full and fulfilling life, so now must businesses and individuals alike take constant consideration in their interaction with their digital landscape to ensure they remain resilient to cyber threats.
By Michael Wills, co-founder and chief data officer for CSS Platinum.
 When supporting clients, CSS Platinum use a combination of the UK’s NCSC framework and the United States’ National Institute for Standards and Technology (NIST) Cyber Security Framework to ensure the greatest possible resilience.