The pervasive digitalization of businesses and workplaces have made cybersecurity a top of the mind recall for most people who use technology at work or at home. For organizations, it has become mainstream and nearly every company acknowledges the need to implement apposite defense mechanisms to safeguard organizational data, assets, and network. However, it’s mostly seen as a hygiene exercise for safeguarding assets and regulatory compliance.
Businesses need to change their perspective
We have transformed into a data-rich society. Today, customers readily share their personal data with brands, but they worry what the brands will do with that data. The shift to remote working has expanded the cyberattack surface. The nature and type of attack have become more sophisticated and insidious. As per the National Cyber Security Centre, 39% of businesses identified a cyberattack in the last 12 months (2021-22).
The first casualties of a breach are the top line sales of a brand. According to an Infosys-Interbrand study, up to €211.83 billion of the world’s top 100 brands’ value could be at risk from a data breach.
Apart from loss of revenue, organizations also face loss of reputation. Cybersecurity now directly impacts the ‘trust’ that customers have in a brand. Studies suggest that 65% of consumers lose trust in a business in the event of a data breach and 85% of them “don’t want to deal with that business again”.
Cybersecurity is not just a competitive differentiator but can increase stakeholder value realization by reducing the risk of various types of breaches as well as employee and consumer lawsuits, and the resulting financial loss. It also helps meet the regulatory compliance obligations as well as stakeholder expectations.
Incidentally, the European region has considered data privacy and cyber security as non-negotiable for its citizens and therefore, businesses face greater scrutiny from the government and the regulatory authorities. Policymakers in Europe have been responsive too with privacy and security regulations and legal frameworks such as General Data Protection Regulation (GDPR) and the NIS2 Directive, which aims for increased levels of cybersecurity in the EU.
Vishal Salvi is Senior Vice President, Chief Information Security Officer and Head of the Cyber Security Practice at Infosys.
Steps to building trust with cybersecurity
Organizations should actively strengthen and market their cybersecurity posture to drive digital trust thereby increasing and retaining their customer base. Here is how they can do it. Have an independent governing body with a robust cybersecurity program: Businesses must setup an independent organization that establishes and governs a cybersecurity program to build trust. The program must follow a standardized approach towards implementation of minimum baseline security controls as well as help in fulfilling client contractual security requirements. A framework that can measure the effectiveness of the program for sharing with clients is highly recommended.
For example, at Infosys, we use i-SECURE or the Infosys Security & Compliance Unified Reporting framework, which is a proactive component of the company’s Information Security Group. The framework is based on industry standard security best practices and is aligned with the company’s information security policies.
Communicate with your customers: Despite robust security measures, cyberattacks do happen. While organizations need to contain the impact of any such incident as quickly as possible, a clear communications plan with timely disclosure to the affected parties and the regulators, the incident management and recovery roadmap, and the future readiness are important steps to keep trust intact.
Get third-party assessments and audits from independent testing agencies: Organizations can also undertake periodic independent, third-party audits to underline the robustness of their cybersecurity infrastructure. They can be good corporate citizens by sharing threat intelligence across the industry ecosystem and proactively collaborating with all stakeholders including the customers, regulators, industry bodies, and even the competition. Doing so will help address cybersecurity threats as a common menace while enhancing their brand reputation and building trust along the way.
Due to rapid digitization as well as factors like the pandemic and geopolitical situations, there has been an increase in cyberattacks in recent times. There have been almost 60,000 reported data breaches in Europe post-GDPR. By positioning themselves as an organization that has embraced a comprehensive cybersecurity strategy and marketing one’s cybersecurity posture, businesses can gain a definite edge in the market.