This article was originally published on CybersecAsia.


A recently-discovered deep divide between consumer and corporate perceptions of cybersecurity requires urgent addressing before cybercriminal suck-out occurs.

Getting hit by fraud or identity theft is the top concern for 62% of consumers around the world. For corporates, however, only 43% are worried about it, according to a new survey sponsored by Mastercard and conducted by Harvard Business Review Analytic Services.

This perception gap is dangerous and potentially costly for companies in our hyper-connected world, in several ways. The economic damage of cybercrime is clear and staggering—estimated at US$6 trillion per year by 2021, double the US$3 trillion in 2015. The loss of customer loyalty only makes things worse.

Spending on cyber defenses has been growing by 12% to 15% per year but – by a large margin – the number of incidents and breaches is outpacing the protections being deployed. That points to the need to align priorities and use valuable resources efficiently.

To meet the expectations of consumers, companies must expand and elevate the corporate imperative to invest wisely. The message that cybersecurity is not just an IT issue is the horse that has been beaten to a thousand deaths. But despite the topic being one of the top three global concerns across various industries, there is still room for progress when it comes to cybersecurity investments, reporting structures and authority levels of the CISO in the organization.

To reiterate, cybersecurity must be a responsibility and commitment for everyone, from the boardroom to the mailroom.

Avoiding patchwork solutions

On its own, buying more hardware and software does not ensure protection. For too long, many companies have been trying to layer defenses by adding newer and more granular technology without actually improving their security posture or reducing their risk profile.

The result has been a patchwork of solutions, limited integration supported by an increasingly stretched security team (in coverage, capability and skills set) and reams of raw event data that are difficult to decipher effectively enough to have meaningful business impact.

Rather than continuing to roll over cyber budgets year after year, organizations need to rethink priorities annually and only invest in solutions that provide a measurable return on investment while reducing cyber risk.

The investments that truly yield dividends are equally operational and strategic in lining up tools and processes that:

  • Measure and quantify risk by looking from the attackers’ line of sight and at the exposure points they could exploit.
  • Use that information to drive greater cross-functional alignment and prioritization of internal cybersecurity controls across the business.
  • Regularly assess that all cybersecurity and data responsibility principles are in alignment within acceptable risk parameters.

Companies that expand and elevate their cultural mindset around managing all kinds of data—from consumers, employees, business partners and the organization itself—will enjoy even greater enterprise security.

Data decency and trust are crucial

Beyond cybersecurity, managing data with decency must be the guiding principle for every business as the digital economy grows. Emphasizing the importance of data decency gives every employee a sense of responsibility and every customer a measure of digital trust, which translates into a greater need for contextual application of best practices for both data management and cybersecurity.

The costs of disregarding data decency and failing to prioritize cybersecurity will be high. A breach causes havoc for business operations and continuity but reputation is often the biggest casualty. Regaining consumer trust and confidence – the essence of customer loyalty – can be far more difficult than recovering a compromised database.

As the ecosystem expands with more smart homes, smart devices, smart cars and smart cities, even more gateways will open for hackers to exploit. Inadequate preparations and practices today will be catastrophic to businesses tomorrow.

Beyond the business, cyberattacks can directly harm customers through the theft of their identities, medical records and other personal information. Such breaches of data directly impact simple things such as being approved for credit or qualifying for the best rates on insurance – not just for the customer but also for the company.

Losing customer trust is costly. A global survey by Gemalto shows 64% of consumers say they are unlikely to do business with a company where theft of financial or sensitive data had occurred.

It is clear people will penalize companies that do not meet the highest data and cybersecurity standards. Most executives already know this, with 88% noting that consumer concerns about data usage are already a top consideration in their company’s data practices and strategies, the Harvard Business Review survey shows. Still, just 51% of businesses prioritize security and privacy practices to protect consumer data. That means we will need far more awareness, investment and careful strategic planning to close the gap between what consumers need to feel safe and secure online, and what companies are aiming to provide for them.

These efforts are significant but the rewards of doing the right thing are even greater. Consumers are paying close attention to how their data is collected, used and protected. Their trust is a precious asset that no business can afford to lose.