Many organizations will be heading into 2023 with some amount of trepidation. Rising interest rates and inflation coupled with a cost of living crisis in many countries have increased the risk of global recession as growth slows sharply and consumers rein in spending. Geopolitical uncertainty only adds to boardroom jitters. Against this gloomy economic backdrop, few may think of cybersecurity as a potential source of growth, but if managed and deployed correctly, it could actually help to drive competitive advantage over the coming year.
Despite often being seen as a block on innovation and growth, security can actually achieve the reverse – reducing the cost of compliance and breaches, and helping to attract new customers. Many tech companies already look to differentiate based on their security and privacy posture, but the truth is that any company could do the same.
Why trust matters
One of the biggest sources of competitive advantage is customer trust. In an age of 24/7 business operations and digital everything, it can be hard won but easily lost. According to PR multinational Edelman, which produces an annual Trust Barometer report, trust is the “ultimate currency” – a foundation enabling firms to take responsible risks and recover quickly, even if they make mistakes.
PwC finds an even stronger link between trust and business success. Its report on consumer intelligence reveals that 91% of consumers are likely to buy from a company that does something to gain their trust. Even better, 88% would actively recommend that firm to others, 83% would defend them, and 60% would be more likely to share information about that company on social media.
From trust comes competitive advantage. So how can security get organizations there?
How security can be a differentiator
Put simply, if all companies were doing cybersecurity well, it would be a difficult thing to differentiate on. But they’re not. The truth is that most organizations are not, objectively speaking, “secure”. They also:
- Don’t really ‘get’ security or how to do it effectively
- Don’t understand their risk profile and what kind of threats and malicious actors they’re exposed to
- Invest too little in security
By therefore taking even moderate steps to improve their security posture in 2023, organizations can do much to stand out from the crowd.
The data-centric security difference
There are various ways to enhance corporate security. But not all will achieve optimal results. For example, focusing on perimeter defense may stop some threats, but it won’t help if threat actors steal or brute force employee credentials, enabling them to waltz past intrusion prevention controls. Similarly, endpoint detection and response (EDR) tools, while an improvement on what has gone before, can be sidestepped by hackers with the right know how.
This is why it makes sense to begin any security refresh with the most important asset an organization holds: its data. By applying strong protection directly to that data, wherever it resides, organizations – as well as their customers, partners and regulators – can be assured that even if it falls into the wrong hands, it will be rendered unusable.
This kind of data-centric security, which automatically and continuously discovers and classifies enterprise data, and then applies encryption or tokenization to it – offers several ways to differentiate:
- It can build trust with customers, which leads to more sales and stronger loyalty
- It helps to mitigate the financial and reputational risks associated with major data breaches. A typical breach now costs nearly $4.4m on average, but data-centric security could shave over $250,000 off this cost, according to IBM
- It helps to preserve digital transformation initiatives by ensuring projects aren’t derailed by breaches, and lengthy and costly investigations
- It can drive innovation: for example, format-preserving encryption enables firms to use cloud-based analytics tools to extract business insight without compromising on security
- It will help to bolster business continuity
- It can accelerate compliance efforts whilst also reducing their cost. Strong encryption helps to place data out of scope when it comes to PCI DSS, for example