New CBI research shows in no uncertain terms that the way a company treats personal data is the top concern for potential customers and business partners.
13 September 2018
Keeping the customer at the heart of cyber security
CBI Chief UK policy director speaks to the CBI's fourth annual Cyber Security Conference 2018.
CBI Chief UK Policy Director Matthew Fell
For more information, see the CBI’s new report: Building trust in the digital economy.
Good morning, and welcome to the CBI’s 4th annual Cyber Security Conference. It’s fantastic to see so many companies here to discuss such a vital issue. Of course, this event would not be possible without our phenomenal hosts at Clifford Chance. But I’d also particularly like to thank our strategic partners: Axelos, BAE Systems, BT, and Nuix. As well as our corporate partners: Adeptis and ComXo. It’s quite a list. But that in itself tells us something. It shows just how seriously businesses are taking cybersecurity.
Now, those of you who know your computer history might be aware that the term “cyberspace” was invented back in 1984 – by a sci-fi writer, William Gibson. He wanted a word for what was going on behind the computer screens that were appearing everywhere, from offices to gaming arcades. Here’s what he came up with:
Cyberspace: a consensual hallucination experienced daily by billions – of data abstracted from the bank of every computer in the human system. Unthinkable complexity in the non-space of the mind.
A bit eccentric, perhaps. He was a sci-fi writer! But not a bad effort. It captures how something that once seemed so magical, we now take for granted. It’s been a big shift in a short space of time. But enough of the history lesson. Today is about opportunity. This morning, I’m going to talk about one of the most fundamental parts of cybersecurity – but one which is often overlooked: how businesses put the customer at the heart of cybersecurity.introduction
Importance of cybersecurity
First, though I’d like to briefly mention why developing a cybersecurity strategy should be a top priority for everyone in this room. And I think there are two reasons.
The first, of course, is that security itself is vital. As businesses increasingly move from the physical to the digital, cybersecurity has become central to a company’s existence.
But the second, and more unexpected reason is that cybersecurity has a direct impact on consumer trust.
Over the past few months, the CBI has been conducting research. We’ve talked to thousands of consumers – ordinary members of the public – about how they engage with businesses, and why. And there is a single fact that stands out above the rest: almost 90% of consumers see data security as the deciding factor when thinking about where to spend their pay-cheque. In other words, responsible data use is the number one reason a customer will stay loyal to your business. And irresponsible data use is the main motive for looking elsewhere. So having a good cybersecurity strategy will actually make your business more competitive.
But it’s not just your business that is at risk. We know that serious cybersecurity breaches harm the way the public sees business as a whole. Think about it – ask any CEO in the country, and they’ll tell you that the fastest route to company extinction is a breakdown in trust. Whether you’ve built a reputation for 2 years, or 200 years – all it takes is a 2-minute cyber-incident to ruin it. And data breaches that undermine public trust in business have a ripple effect across the economy. In a world of scandals – whether it’s pay rows, tax avoidance, or sexual harassment – this trust is more important than ever.
So how can businesses really put the customer at the heart of their cybersecurity strategy?
I think there are three things:
- Timely communication
- Digital leadership
First up, communication. When we think about public trust in data, the question isn’t how good your cybersecurity is. Instead, the question becomes: how well is your cybersecurity communicated to your customers? Think about it. Put yourself in the shoes of your customers and your business partners. In many ways, they’re taking a risk by sharing their data with you. So they want to know it’s being kept safe.
But it’s not just about communication. It’s about timely communication. Because even if your company has the best cybersecurity strategy in the UK, none of that matters if you only engage your customers when things go wrong. The first time a user hears about your cybersecurity shouldn’t be after a breach. In fact, customer engagement needs to happen from day one.
And here’s the test. When you go in to work tomorrow, or next week, or at your next board meeting, ask your teams: “are we using this data in the way the consumer expects?” And “are we actually telling people about this?” Do this, and you’ll go a long way in building up trust - which doesn’t just help your own bottom line - but it improves the public perception of business altogether.communication
The second thing is digital leadership. In other words, cybersecurity has to be a boardroom priority. It can’t be tackled by the IT team in isolation. Cyber awareness is needed at all senior levels. It’s an issue for boards, who determine risk appetite. For CEOs, who do so much to shape company culture. And for CFOs, who can ensure proper funding. In a world where user choice is increasingly varied, and increasingly driven by reputation, digital leadership is more important than ever.leadership
To close, let me return to the thoughts of our sci-fi writer, William Gibson: ‘the future is now’. It’s clear that the reputation of business itself is at stake – so we can, and must, do more. Your customers care. And after all our research, the most obvious revelation, and perhaps the most telling, is that the power to improve the reputation of business - lies firmly in the hands of business itself.
Enjoy your day and have a fantastic conference.