Breach of trust: Cybersecurity can make or break a brand
April 12, 2021 1:15 AM
Findings from Infosys and Interbrand suggest that poor brand image and broken trust are added costs of poor cybersecurity
Vishal Salvi, chief information security officer and head of cyber security practice, Infosys
By Srinath Srinivasan
Top brands across sectors and geographies are investing heavily in digital with an aim to improve customer experience. This endeavour necessitates collection of consumer data. In addition, it becomes necessary for brands to safeguard the data that is collected. A significant shift to digital increases the vulnerability of brands online. Vishal Salvi, chief information security officer and head of cyber security practice, Infosys, says, “A decade ago, cybersecurity spends of organisations would typically be 4-5% of the IT budget. In recent years, this has increased to 8-10%.”
Citing a major US retailer’s cyber breach in 2013 which cost $79.5 million in addition to immediate costs, Ameya Kapnadak, chief growth officer, India, Interbrand, says, “Studies demonstrate 65% consumers lose trust in a business in the event of a data breach and 85% of them don’t want to deal with that business again.” He adds: “If, by some quirk of fate, the world’s 100 most valuable brands have to experience a data breach, the collective value they might lose could be $93 billion on the lower end and $223 billion on the higher end. This represents between 4% and 9.6% of their cumulative value.”
According to Salvi, organisations looking to have a successful cybersecurity strategy should begin with a CISO. “The CISO’s role today is a very strategic one. It needs to have a seat on the business leadership table because ‘security’ needs to be built by design and for that to happen, a CISO must be involved in the decision-making process.”
To develop a security strategy, the business goals of the organisation must be considered first. Next, the current and future cybersecurity risks that can impact these business goals must be considered by the CISO. “Once these are identified, a robust security strategy can be designed based on factors that would help counter or manage the risks,” he explains. Beyond this point is creating relevant cybersecurity programmes or a framework that would help execute the strategy.
As suggested by Salvi, certain aspects that may be considered while creating the security strategy could be to figure out the investments an organisation would like to make to remediate and improve its security maturity, what maturity state would it want to reach on a year-on-year basis, what level of commitment does the organisation possess to reach the decided state of maturity, and finally what kind of tone needs to be set within the organisation.
In addition, Salvi believes that automation will aid this cause and help identify outliers and take required actions on them. “Technologies like Security Information and Event Management, User and Entity Behaviour Analytics or various analytical tools have been using several AI and ML models for quite some time. Automation has the ability to collect and correlate security data, detect already-existing compromises, generate and implement protections more rapidly than humans can. In the future, we will see an increase in its usage,” he says.
In order to execute a successful security strategy and secure brand reputation, brands may need to think of aspects like making conversations about cybersecurity common at C-suite level and inculcating a “culture of security”. “Cybersecurity is no longer just the CISO’s remit, it’s also the CMO’s or the CEO’s remit,” says Kapnadak. He urges brands to make cybersecurity a topic that’s central to brand experience, right from the person who manages SEO and PPC marketing to the one who builds the experience for the customer. “Because, only when cybersecurity is in-bred, can it make a difference,” says Kapnadak.