Cyber security: Threat or business opportunity?
With all that we read about information security and privacy – with a constant stream of news about emerging cyber threats and hacking exploits – it might surprise you to hear that security can help you build your business, as well as protect it.
Typical cyber security discussions are about locking down data access, keeping out hackers, and investing to protect against a myriad of external and internal threats. There aren’t too many company executives who would genuinely say they are excited about investing in protective cyber security measures. They do it because they have to, in order to reduce risk.
But what if that security investment could be used to attract and retain new customers, and build new business? It can, and that’s how successful digital businesses are prospering in the digital economy.
To take advantage of the business opportunities driven by digital/mobile, we need to invite people “into the store” to access and share information. We also need to know our customers, to understand their needs and preferences so we can serve them better. If I speak with the CEO of an organisation with a rich store of customer information – a bank or retailer, for example – the conversation is not about locking down data access. It is about unlocking the information needed to become more intimate with customers.
To build greater customer intimacy, we need to shift control of information away from the exclusive domain of the organisation and open it up to customers. That means respecting their wishes – managing the “three Ps”: Permission, Preferences and Privacy – when it comes to sharing information and keeping it secure. That is all part of what we call Consumer Identity Management.
For many organisations, that is a difficult road to go down. For many of the trusted advisors that the CEO or board members might go to for help – such as information technology (IT) or security executives – the first instinct is to say no, it can’t be done, or that it would be too risky.
If you think about IT or security people, that’s understandable. Traditionally their role has been to keep people out of the organisation’s information systems – unless they are trusted employees. Ask them how to attract customers “into the store”, and they might struggle for answers. Of course you would listen to their advice about information security, but you wouldn’t want security to get in the way of a business opportunity.
There are very few industries left today where innovative or disruptive new businesses are not already exploiting consumer information and turbocharging their growth as a result. To compete against them – and not become a digital dinosaur – organisations need to build their Consumer Identity Management capability
Almost every organisation today holds customer information they would like to leverage if they had the capability to do it in the right way. That means having a conversation with the CEO or the board and getting the IT department and the new digital business department working together.
Often the first step is giving the CEO the ammunition to say to their security people: “We can respect privacy and security, we just need to use our information security tools for a different purpose. We can use them to share information, provided the consumer has control over the process, for their own benefit.”
From a consumer perspective, we’ve all had relationships with a vendor – a local shop or a car dealer – and felt disappointed when a familiar face leaves. We all want to have those relationships – we understand that we will get better service and won’t be pestered with the wrong offers. And if we do get the right offer we say, “Great, I like that”. Whatever stimuli you give consumers to buy the right things and have a good experience is generally appreciated. And if it’s not, they can always let you know.
It’s the same process in the information economy, except that it’s digital identities and information. On your Facebook profile, which is publicly available, it might indicate that you like certain sports or cultural activities. You might like to go to music festivals in Byron Bay, for example. A company you have a relationship with can use that information to structure offers that give you a commercial benefit. They can say, there is a concert in Byron Bay next month, would you like a 20 percent discount on accommodation?
Yes, there are challenges. I was on a cyber security panel discussion at the CeBIT Conference in Sydney recently, and one of the topics raised was the ethical treatment of customer information. If a company has the ability to analyse an individual’s behaviours – even their psychological make-up – then what are the ethical boundaries defining how those insights can be used? One of the panellists suggested that organisations need to build their digital literacy skills around good ethical decision-making, and I think that’s a good approach.
It’s a very interesting discussion to be able to have. “Able to have” being the operative words here, because if you’re not in a position to be able to use your knowledge and analysis of customers and engage with them openly on that basis, then the discussion should probably remain only hypothetical.
Understanding and acting on your knowledge of your customers is a key enabler for business growth. Despite what CEOs and boards may be told, this is all within the grasp of any well managed and well advised organisation. All you have to do is ask the right people.