Organizations are exploring how to create value and gain a competitive advantage by integrating information security and privacy with their business strategy, according to a 2017 cybersecurity report from PricewaterhouseCoopers (PwC).
Competitive Advantage: Security, Privacy & Usability
The shift in a business models from a one-time sales event to a longer product lifecycle, providing add-on digital services over time drives up customers’ expectations around usability, privacy and security.
That makes these priorities for digital services a must-have for any business attempting to stay competitive in a digital industry.
In a 2016 survey of emerging consumer risks over the next five years, the Traveler’s Risk Index found that 32 percent of Americans are concerned about cyber risk and the Internet of Things (IoT), second to global political and social unrest. Top overall concerns include financial, personal safety, privacy loss and identity theft, mainly related to the threat of bank or financial accounts getting hacked.
Similarly, the same survey found that 54 percent of businesses are concerned with cyber, computer/technology risks and data breaches, among other top concerns about medical cost inflation and increasing employee benefit costs. Another 25 percent feel unprepared to deal with cyber risks.
Business Security Spending Priorities
According to PwC, business spending priorities for the next year include improved collaboration among business, digital and IT (51%), and spending on new security needs related to evolving business models (46%). Another 43% are spending on biometrics and advanced authentication.
Those new security needs include technology like encryption, next-generation firewalls, network segmentation and identity and access management. As Tom Puthiyamadam, Global Digital Services Leader of PwC stated:
Leading companies are integrating cybersecurity, privacy and digital ethics from the outset. And that enables them to better engage with existing customers and attract new ones. Many also see efficiencies in operations, business processes and IT investments.
Multi-Factor Authentication as a Differentiator
The top managed security service used is authentication, at 64 percent, followed by data loss prevention (61 percent) and identity and access management (61 percent).
Respondents reported that advanced authentication (PwC uses this term in reference to multi-factor authentication) technologies have made online transactions more secure, boosted consumer confidence in company security and privacy capabilities, and enhanced the customer experience while protecting brand reputation.
While in the past, many companies implemented multi-factor authentication after a breach, nowadays, most are implementing the technology as a preventative measure to secure access to on-premises, cloud and web applications and services, and as a stronger authentication option for their customers to protect their individual banking, social media, iCloud and many other types of accounts.
Global Data Regulations
In addition to being a competitive advantage, there are data regulatory requirements that vary by each country that are also driving changes in enterprise security.
These include the European Union (EU)’s General Data Protection Regulation (GDPR) going into effect April 2018 that mandates data privacy for EU citizens - noncompliance can result in fines of up to 4 percent of the company’s global annual revenue.
Additionally, many U.S. businesses will need to comply with the Privacy Shield, the successor to the Safe Harbor framework that protects EU citizens’ personal data in transit.
There are regulations across Asia as well - in China, recent laws require technology and financial companies to store data in China, submit to security checks and help the government with decryption if requested. South Korea’s Personal Information Act (PIPA), updated last year, has penalties that can amount to nearly $90,000 USD and/or 10 years in prison.
Hong Kong’s Personal Data Privacy Ordinance also sets rules for collecting and handling personal data across borders and to third parties, enforced by fines of over $100,000 USD and five years in prison. A new framework called the Cyber Fortification Initiative requires banks to meet certain security requirements, with major Hong Kong banks to complete evaluations of their cyber risk resilience by mid-2017.