In the first half of 2022 in the US there were nearly 1,400 publicly reported data breaches impacting an estimated 157 million victims. That in itself would seem to be a pretty effective advert for revisiting and enhancing data security strategy. But it’s not the only one. Security should be about more than risk mitigation. There’s also a positive case to make, that improving security posture can actually provide a platform for business growth. The key is to find the right strategy, and the right partner.
In September alone we read stories of numerous big-name companies caught out by data thieves. Among them were a subsidiary of pharmaceutical giant Johnson & Johnson, where threat actors may compromised a database impacting over one million customers. Then there’s the work of new ransomware group Ransomed.vc, which has weaponized the threat of GDPR fines to pressure victim organizations into paying up. Both Airbus and credit giant TransUnion had data stolen by a threat actor who claimed to be working with the group.
However, for boardrooms and IT leaders, cybersecurity should be about more than mitigating the risk of such events occurring. In a PwC survey last year, over half of CEOs polled said they view security in the organization in the context of growth-related objectives. A fifth said the number one mission is “to establish trust with our customers with respect to how we use their data ethically and protect their data.”
By building a security-by-design culture, with effective collaboration between business, tech and cyber teams, and then communicating its impact, organizations can go a long way to driving customer trust, loyalty and satisfaction, says the World Economic Forum (WEF). This stands to reason. If customers feel their personal data is being respected and taken care of, they’re more likely to stay with a company, and deepen their relationship with it. And the better security is handled inside the organization, the more confidence business leaders will have to roll out innovative new services to further enhance the customer experience.
Cybersecurity can go further still in boosting strategic growth. Consider compliance. Security is often cited in this context as a way to mitigate the risk of big fines and tarnished reputation. But there’s a different angle. Compliance can also open the door to new markets. If compliance and security tams do their research, they should be able to pick out the national or regional laws and industry regulations which govern local firms in a target market. And then align their own security and compliance strategy with these rules.
In some cases, this will be less arduous than it seems at first. Adherence to frameworks like ISO 27001, NIST CSF or SOC 2 can provide a useful foundation which might cover a large share of the requirements stipulated by local laws. And in some cases, laws are similar to existing ones elsewhere: there are many in the Middle East and North Africa (MENA) region, for example, that ape large parts of the EU’s GDPR. The key is to do that regulatory policy research painstakingly and plenty of time ahead, so that the appropriate security controls and policies are put in place before it’s time to expand.
In this respect, data-centric security should be a key pillar of any growth strategy. By protecting customer data at source, organizations will help to build trust and loyalty, and reduce the chance of regulatory action—which in turn means enhanced reputation and more money to spend on growth. Strong data protection also helps to keep IP and trade secrets safe; another essential pre-requisite for growth.
However, not all security solutions are created equal. It’s important to find a provider that can continuously discover and classify enterprise data wherever it is in the organization, and no matter how frequently it is moved about – including across multiple cloud environments. It should also offer different data protection options, including format-preserving encryption and tokenization – the latter enabling data to still be used by the enterprise without compromising on protection.
That is the power of comforte’s Data Security Platform. It’s not just about preventing things from going wrong. It’s about creating the right environment for things to go right.