A few weeks ago, businesses once again woke up to the reality of a cyber attack when the ransomware Petya spread from the Ukraine to the rest of Europe, the US, and even India, crippling several large firms in the affected countries.
One of the victims of the attack is a Fortune 500 food company that saw its manufacturing facilities in Australia and New Zealand grind to a halt due to infected computers that were located half a world away. Earlier this month, that company announced it was expecting its revenue growth to contract by an estimated 3 percent all due to the attack.
This is a stark picture of just how potent and expansive cyber attacks have gotten in such a short span of time. Companies in the consumer business sector may be at heightened risk precisely because of what they are doing to stay competitive: investing in emerging technologies.
Widespread initiatives around consumer analytics, cloud integration, connected devices, and digital payment technology have been helping businesses in the consumer products, retail, restaurant, and agribusiness sectors meet consumer expectations and differentiate their products and services. But with this growing technology footprint comes more complex cyber risks.
A publication from the Deloitte Center for Industry Insights looks at the current challenges facing these companies based on the insights and opinions of over 400 chief information officers, chief security officers, chief technology officers, and other senior executives in these sectors. The research identified these critical areas that consumer business companies should focus on to better manage their cyber risks.
Despite the frequency and severity of cyber attacks, many organizations still have a fragmented approach to managing cyber risks. Since C-suite executives have the authority to direct investments and priorities, they should consider gaining a better understanding of the cyber risk landscape and taking a more proactive role in bridging the gap between perception and reality when it comes to their organization’s cyber prepapredness. At their level, they can establish the right balance between investing in advanced technologies and establishing systems or protocols that will allow them to manage any new risks these new technologies may bring.
Among the consumer business executives Deloitte polled for its report, 25 percent said they lacked cyber funding needed for them to effectively respond to cyber incidents, while 21 percent admitted their organization fell short in clearly defining mandates, roles, and responsibilities when it came to cybersecurity. And yet 76 percent claimed to be adequately prepared for cyber incidents.
Full executive commitment is needed to close that gap, especially since most, if not all, departments are affected by cybersecurity issues.
Organizations in the consumer business sector have a wealth of customer data to mine, and they now have so many options technology-wise to do so: They are using big data analytics to personalize their offerings and drive customer loyalty; they are using connected products to minimize operational inefficiencies; they are offering mobile functionality to create seamless in-store and online buying experiences.
All this technology requires greater aggregation and storage of customer information across an increasing number of touchpoints, putting these organizations under immense pressure to keep this data secure. But this also presents an opportunity to rise above the competition.
Another Deloitte study on consumer privacy revealed that 81 percent of consumers felt they have lost control over how their personal information is collected and used by companies. Brands that invest in cybersecurity capabilities to protect consumer data and build trust stand to gain in this atmosphere of uncertainty.
Brands can communicate the steps taken to keep customer information secure and educate consumers on cybersecurity as it relates to the use of their products or services to establish a reputation for putting a premium on security. They can also make sure that every initiative to develop a new product includes efforts to embed security to protect consumers.
Last year, a leading toy manufacturer introduced an upgraded version of its most popular product – a wi-fi enabled interactive doll that, through conversations with a child, can learn that child’s likes, dislikes, plans for the day; store this data in a cloud; and then react accordingly – and suggest ideas – as it talks to the child based on this information. Imagine what could happen if that doll is hacked.
In an increasingly connected world, consumer businesses need to broaden their approach to cyber risk management beyond simply data protection. One of the ways connected products can be secured is to first assess if the value-addition for a new connected functionality is even worth it. If the value-addition of any given feature does not outweigh the cost of securing the feature, then it may not be worth pursuing.
Brands that already have connected devices should engage actively with their legal team to ensure that customer agreements clearly state both the company’s and the consumer’s roles and responsibilities regarding, for example, ownership of collected data and the actions to be taken in case of a breach. Also, companies need to ensure that data collected by connected products are protected upon collection, while in transit, and when stored in both the device and the data store.
Emerging payment technologies can enable businesses to offer ever more efficient experiences for consumers, and it seems like consumers are finally warming up to these ideas.
New research from Unisys Corp. revealed that one in four Filipinos preferred to make payments under P10,000 using a mobile app. Yet another study projects that the global mobile wallet market, which was valued at approximately $594 billion in 2016, will balloon to $3.142 trillion by 2022. With this growth comes opportunities for cyber criminals to exploit unprotected systems.
The Bangko Sentral ng Pilipinas’s mandate for all banks to transition to EMV chip-based – from the current magnetic stripe-based – cards is one win in the war against cybercrime and fraud, but it isn’t enough. No doubt cyber criminals are already looking to exploit other weaknesses.
Organizations should perform a scoping exercise to map out the life cycle of payment transactions and fully understand both the technologies and business units involved. Vulnerability scans should also be regularly performed to make sure payment technologies are equipped with the latest security patches.
Just as innovative technologies pose challenges to consumer businesses that adopt them, so do they present many opportunities for growth. The key for organizations is to remain secure, vigilant, and resilient amidst these fast-paced developments, not just for their sustainability but for the protection of the millions of consumers who rely on them.
The author is a partner with the Risk Advisory group of Navarro Amper & Co., the local member firm of Deloitte Southeast Asia Ltd. – a member firm of Deloitte Touche Tohmatsu Limited – comprising Deloitte practices operating in Brunei, Cambodia, Guam, Indonesia, Lao PDR, Malaysia, Myanmar, Philippines, Singapore, Thailand, and Vietnam.