Executives Are Turning Infosec into a Competitive Advantage

Companies
are more connected to their customers now than ever before.  After spending billions to digitally
transform themselves, organizations have exponentially increased the number of
touchpoints as well as the frequency of communication they have with their
customer base. 

Thanks to digital transformation, organizations are more agile, flexible, efficient, and customer-centric. However, with greater access to customers comes an equal measure of increased vulnerability. We have all seen the havoc that a data breach can wreak upon a brand; hackers are the modern-day David to the Goliaths of the Fortune 1000 world. As a result, we have experienced a fundamental shift in management philosophy around the role that information security plays across organizations. The savviest leaders have shifted from a defensive to offensive position and are turning information security into a competitive market advantage.

Each year, Radware surveys C-Suite executives to measure leadership sentiment around information security, its costs and business impacts.  This year, we studied the views and insights from 263 senior leaders at organizations primarily with revenue in excess of 1 billion USD/EUR/GBP around the world. Respondents represented 30% financial services, 21% retail/hospitality, 21% telecom/service provider, 7% manufacturing/distribution, 7% computer products/services, 6% business services/consulting, and 9% other.

This
year’s report shines a spotlight on increased sophistication of management
philosophy for information security and security strategy. While responsibility
for cybersecurity continues to be spearheaded by the CIO and CISO, it is also
being shared throughout the entire C-Suite.

[You may also like: How Cyberattacks Directly Impact Your Brand]

In fact,
72% of executives responding to our survey claimed that it’s a topic discussed
in every board meeting. 82% of responding CEOs reported high levels of
knowledge around information security, as did 72% of non-technical C-Suite
titles – an all-time high! Security issues now influence brand reputation,
brand trust, and consumer trust, which forces organizations to infuse
information security into core business functions such as customer experience,
marketing and business operations.

All with good reason. The average cost of a cyberattack is now roughly $4.6M, and the number of organizations that claim attacks cost them more than $10M has doubled from 2018 to 2019.

Customers are quite aware of the onslaught of data breaches that have affected nearly every industry, from banking to online dating, throughout the past ten years. Even though many governments have passed many laws to protect consumers against misuse of their data, such as GDPR, CASL, HIPPA, Personally Identifiable Information (PII), etc., companies still can’t keep up with the regulations. 

[You may also like: The Costs of Cyberattacks Are Real]

Case in point: 74% of European executives report they have experienced a data breach in the past 12 months, compared to 53% in America and 44% in APAC. Half (52%) of executives in Europe have experienced a self-reported incident under GDPR in the past year.  

Consumer confidence is at an all-time low. These same customers want to understand what companies have done to secure their products and services and they are willing to take their business elsewhere if that brand promise is broken. Customers are increasingly taking action following a breach. 

[You may also like: How Do Marketers Add Security into Their Messaging?]

Reputation management is a critical component of
organizational management. Savvy leaders recognize the connection between
information security and reputation management and subsequently adopted
information security as a market advantage.

So How Do Companies Start to Earn Back Trust?

These
leaders recognize that security must become part of the brand promise. Our research shows that 75% of executives claim
security is a key part of their product marketing messages.
50% of companies surveyed offer dedicated security products and services to
their customers. Additionally, 41% offer security features as add-ons within
their products and services, and another 7% are considering building security
services into their products.

Balancing Security Concerns with Deployment of Private and Public Clouds

Digital
transformation drove a mass migration into public and private cloud
environments.  Organizations were wooed
by the promise of flexibility, streamlined business operations, improved
efficiency, lower operational costs, and greater business agility. Rightfully
so, as cloud environments have largely fulfilled their promises.

[You may also like: Excessive Permissions are Your #1 Cloud Threat]

However,
along with these incredible benefits comes a far greater risk than most
organizations anticipated. While 54% of respondents report improving
information security is one of their top three reasons for initiating digital
transformation processes, 73% of executives indicate they have had unauthorized
access to their public cloud assets. 
What is more alarming is how these unauthorized access incidents have occurred.

The technical sophistication of the modern business world has eroded the trust between brands and their customers, opening the door for a new conversation around security. 

Leading organizations have already begun to weave security into the very fabric of their culture – and it’s evidenced by going to market with secure marketing messages (as Apple’s new ad campaigns demonstrate), sharing responsibility for information security across the entire leadership team, creating privacy-centric business policies and processes, making information security and customer data-privacy part of an organization’s core values, etc.  The biggest challenges organizations still face is in how best to execute it, but that is a topic for another blog…

To learn more about the insights and perspectives on information security from the C-Suite, please download the report.