This idea that all of your company’s key data could be stolen by hackers is one that executives have dreaded and IT departments have always had to be wary of.
But maybe that’s all about to change, or is indeed already changing, after Vodafone released detailed research that shows that some big companies are now looking at information security as an “enabler of new business opportunities, rather than simply a means of defence”.
The report ‘Cyber Security: The Innovation Accelerator’ says that around nine out of 10 businesses on average believe that improving cyber security would enhance customer loyalty and trust, enhance their reputation in the market and potentially attract new custom. Provisions in this area could also acts as a competitive differentiator to help them win business.
More than 1,400 small, medium-sized and multinational corporations from the USA, UK, Ireland, Germany, Spain, Italy, India and Singapore were surveyed for the report which the telecoms giant believes is groundbreaking.
In fact, Vodafone Group Head of Enterprise Cyber Security Strategy & Innovation, Andrzej Kawalec, is adamant that we now have the first solid evidence that companies are beginning to think of cyber security in a completely different way.
“I think there's really, really important conclusions that we've driven out of this research,” he says. “What we wanted to do was look at ‘what are the links between strong cybersecurity and business decision making?’ What we found, and it came out loud and clear, is that successful growing businesses are the ones which use security to drive their success.
“That means that they use security not in a defensive, protective way, but they use it to enable new business models, new innovations, new markets – allowing their employees to work in different ways – and that, without strong security capabilities, they can't take advantage of that new digital landscape.
“So, we are starting to see evidence, in this report, of a change in how people approach security. That is hugely important because it means that the organisations that are going to win, the ones that are going to be the leaders and be successful, are the ones which use security not just as a reactive defensive capability, but one that can drive their business forward.
“That's a fundamental change in how we think about using data and how we think about enabling it; that's why we're really excited about it.”
But what does Kawalec feel are the major findings of the report?
He says: “There is a direct correlation from security capability and skills to business benefits.
“Cybersecurity will help you change how your business operates and allow you to get better business models, greater employee productivity and increased loyalty and trust from your customers. That's a big, bold statement. People might have tried to make that statement before, but we've evidenced it in the research and the fact we have such high numbers and such consistent responses are what allows us to say that.
“But, balancing that out, was the section which says 41% of organisations say they're actually unsure of who can help them with their information security challenges.
“We've talked about driving growth and innovation. We've talked about security being a force for good and an enabler. However, people are still unsure about where they can best find security help and how they're able to do that.”
There's also an interesting disparity in the report between large organisations and small organisations. On average, 41% said they're unsure about who could help them with information challenges, but that figure rises by an additional 19% when talking about small to medium-sized businesses.
What makes this report so relevant though, is that data, and the safety of it, which has never been as important as it is right now. Most of us are now experiencing large parts of our daily lives in the virtual world and all of the data we produce by doing so is gathered and harvested.
In the business world, how well a company stores and safeguards that data can be a key component of customer confidence. You just have to look at what happened to shares in Sony after its massive data breach two years ago.
According to the report, which generation you come from has a lot to do with how you feel about the issue of data security.
Kawalec explains: “When we started to think about age and its relation to the perception of risk, under-35-year-olds, the real digital leaders of new business, 91% of them feel that security budgets will not only need to rise but that security is a central issue. And these are not digitally naïve teenagers, these are young business leaders who understand the value of data in a digital world.
“Their uncertainty and fear about data loss was much reduced, at 40% – contrast that with over-55-year-olds and their fear of data loss hit 63%.
“So, you see not only an understanding of the importance of security, but also a reduction in the fear that comes with data loss because they're expecting that there is a natural cyber resilience or cyber readiness that they have to adopt. They're not paralysed by ‘oh my goodness, what if we're attacked?’
“I think there has been a danger in the past when we talked about ‘protection’. Protection’ meant protection from an adversary who was dynamic and well-funded and very targeted. But we get caught into that fear, uncertainty and doubt conversation.
“We're not saying ‘if you put the right things in place, you pick the right security partner, the right communications partner, you have an integrated security risk assessment organisation and set of processes’ that you don't have to be fearful anymore. But you can adopt new things.”
Could we be about to see a huge swell of change, then, in terms of how businesses and people generally begin to think about the issue of data security? Kawalec thinks we could well be at that point.
He says: “These are not things we need to be scared of, I think that was something that came out for me. There was a piece towards the end talking about new technology with real insight and about what people can do. There are four steps that we articulate that are really important. First, is understanding your security risk, your data risk.
“Second, is about building a cyber-aware culture and a cyber-aware organisation. Each member is important in that; each member of your organisation, each member of your supply chain.
“There's a section around being able to run operations, predict what's going to happen, protect your environment and detect it. A lot of people are turning to providers like Vodafone to help them with that because it's a really tricky thing across that blended, digital world.
“But the final point was around response and recovering. A lot of people, I think, become paralysed in the event of an attack. They haven't practised their response, they can't understand that initial golden period where you have to understand what's happened and the data that's at risk for consumers.
“You have to engage communications channels, you have to talk to law enforcement and that becomes all-consuming for organisations. There's an interesting movement away from pure risk management and actually for some executives, it becomes a career management issue.
“But the real puzzle, the real point, is not so much the managing of the response, but it's the recovery. How quickly can you get your business back online? How quickly can your customers access the services that they rely on you for? How quickly can you rebuild customer trust and loyalty? Response is one thing, but recovery is vitally important to being resilient and ready to face whatever happens.”
So, how is Vodafone, as an organisation, now going to move forward following the findings of this report?
“We have an ongoing commitment to research in this area,” Kawalec adds. “You'll see a series of deeper dives around the data set we've got and future reports which are going to continue to build on this area and this line of enquiry.
“Not many other people are thinking in this way and I think it's a really powerful future indicator of what's going to happen.
“The second piece is how are we using that internally. I think some of the key findings that we've talked about are now baked into our security strategy, and we see it in a positive light.
“We see that our products and services have security built into them, but we offer enhanced and simple-to-consume security services around that. This isn't about leading with fear, this is about leading with enablement but recognising, ‘yeah there are some areas that we need to do better’.”