Cybersecurity and your firm
Why the customer data locked away in your IT systems could be the key in your firm’s future
With all that we read about information security and privacy – with a constant and increasing stream of news about emerging cyberthreats and hacking exploits – it might come as a surprise that cybersecurity can help build a business, as well as protect it. Until recently, it was difficult to get business people excited about investing in cybersecurity. They did it because they had to, in order to reduce risk.
But now security investments can also be used to attract and retain new customers, and build new businesses. Typical cybersecurity discussions have been about locking down data access, keeping out hackers, and investing to protect against a myriad of threats. But to take advantage of the business opportunities driven by the digital/ mobile/data revolution, you need to invite people “into the store” to access and share information.
That is not about locking down data access. It is about unlocking the information needed to become more intimate with customers – getting to know customers, digitally, to understand their needs to serve them better. It is also implicit that you will respect their wishes – managing the “three Ps”: permission, preferences and privacy – all part of what we call consumer identity management.
This switch in thinking about cybersecurity mirrors the rise of tech start-ups like Uber and Airbnb, and the rapidly emerging fintech sector. In the digital economy, traditional value chains are being disrupted by services offering superior customer engagement or product offerings supported by digital innovation.
There are very few industries left today where innovative or disruptive new businesses are not already exploiting consumer information.
To compete against them, businesses need to engage with the digital economy and mature their own capabilities. Effective understanding of the digital identity of current and future customers – their consumer identity – is now a core foundation competence. For many businesses, the threats and commercial opportunities enabled by technology are larger than the cyberthreats that motivated earlier security investments. The technology capabilities that underpin digital strategies have now become vitally important to business success.
These include capabilities around digital identity, data analytics, customer preferences and privacy. The alternative is to become a digital dinosaur, like all those video, music and book stores and domestic travel agents that used to exist before the internet moved their businesses online. Developing that competence, however, often requires a change in culture.
For many of the trusted advisers that management might go to for help, the fi rst instinct is to say no, it
can’t be done. That’s understandable: traditionally the role of IT professionals, for example, has been to keep people out of the business’ information systems.
As KPMG’s Guy Holland wrote in a recent article, A framework for the age of disruption: “Business leaders may be so impatient to implement a new system or digital experience that they decide to disintermediate the IT department and deal directly with agencies and suppliers. This is fraught with danger, both in terms of integration and strategic alignment, and also from a risk management perspective.”
A better approach is simply giving managers the ammunition to say to their IT people: “We can respect privacy and security, we just need to use our information security tools for a different purpose. We can use them to share information, provided the consumer has control over the process, for their own benefit.”
Almost every company holds customer information they could leverage through digital channels if they had the capability to do it in the right way. And almost every business has employees that are already familiar with these channels via their own experience as consumers. Even if the capabilities are not enabled yet, there is probably latent demand to use them.
Once enabled, the conversation stops being about the technology. It becomes about how companies can get down to business in a changing world.
Knowing your customer
As consumers we’ve all had relationships with a vendor – a local shop or a car dealer – and felt disappointed when a familiar face leaves. We value those relationships because we know that we will get better service and won’t be pestered with the wrong offers.
It’s the same in the information economy, except that it’s digital identities and data. On your Facebook profile, which is publicly available, it might indicate that you like certain sports or cultural activities. You might like to go to music festivals in Byron Bay, for example. A company you have a relationship with can use that information to structure offers that give you a commercial benefit. They can say, “There is a concert in Byron Bay next month, would you like a 20 per cent discount on accommodation?” Robust data analytics that can deliver insights into individual customers are a crucial part of that. As KPMG’s John Teer wrote in his article, Technology’s profound impact on the investment industry: “Providing timely, relevant, engaging and personalised information and education about the choices available to an investor will become as important – if not more so – than the underlying product.”
Uber has demonstrated that the same principle holds true in the taxi industry. Unlike the taxis it competes with, Uber tells you everything you need to know: where your Uber is, when it will arrive, what your trip will cost, your driver’s details, and the ability to rate your service. For Uber’s customers, the value of this information more than compensates for the fact that they don’t get to ride in conventional taxi.
Yes, there are challenges, such as the ethical treatment of customer information. If a company has the ability to analyse an individual’s behaviours – even their psychological makeup – then what are the ethical boundaries defining how those insights can be used? One of the panellists on a recent cybersecurity panel discussion at the CeBIT Conference in Sydney suggested that organisations need to build their digital literacy skills around good ethical decision making, and we think that’s an excellent approach.
To be in the game, businesses need to empower staff with the technology tools, including consumer identity management, data analytics, cybersecurity and privacy safeguards. After that, building digital literacy skills and applying old-fashioned business sense are the keys to knowing customers in the digital world and building a competitive advantage.
John Havers is a director at KPMG First Point Global; Matt O'Keefe is a cybersecurity partner at KPMG