Is your organisation 'digitally trusted'?

Peter Malan and John Taylor, March 2015

In the race to deal with digital risk, many organisations are doing the equivalent of locking up their systems and throwing away the keys. But is this the right strategy? We argue that building 'trust' is the secret for success in the digital world.

Barely a month goes by without a new headline about a major digital, or cyber, security breach somewhere around the globe.

Recently it was Sony Pictures, with hackers releasing confidential data, including personal information about employees and their families, copies of (previously) unreleased films, and other commercially sensitive information.

In another well-publicised breach, cyber thieves hit Target in the US, stealing massive amounts of credit and debit card information including the names, addresses and phone numbers of 70 million customers.

Boards and senior management are rightly concerned about digital security. A recent survey by PwC found that three quarters of CEOs said it was a key risk to their growth.

But how are businesses responding?

Many boards have traditionally viewed this largely as a technology issue and left it to the CIO to deal with. The technology team then set about 'beefing up' security, often with the unintended consequence of creating systems that are difficult for customers or third parties to interact with. They may be safe, but are they effective?

In a world where digital technology is changing customer behavior and business models at an exponential rate, creating enormous opportunities for growth, digital security is not just a technology issue - it's a business issue.

At the heart of this business issue is the question of trust. Trust is the critical ingredient to enable companies to succeed in the digital economy.

Simply, can your customers trust that you will protect their information and their privacy? Can you trust your supplier's systems to work securely and effectively? Can they trust yours?

Looking at digital security through the lens of trust means you are considering the wider business context in which you operate. You are taking into account the needs of your customers, suppliers and other key stakeholders - the opportunities as well as the risks.

How do you become a 'digitally trusted' company?

Trust is hard won and easily eroded. Ultimately it's about having confidence that you have the right systems, processes and controls in place.

Boards and their risk committees have an important role to play by asking the right questions of management. Too often boards ask 'how strong are our security controls?', when they should be asking 'do our customers and other key stakeholders trust us and how do we maintain this trust?'

Here are some critical questions to determine how digitally trusted your company is:

  1. Have you identified your risk appetite, the key risks and threats to your business? Are your controls 'right-sized'?
  2. Do you know where your data is physically held? Do you know where the 'crown jewels' are (i.e. your most commercially critical data)? What are your key systems and business processes?
  3. With the increased reliance on third parties to deliver services, what controls are in place to be sure those parties are handling data appropriately?
  4. With increasing connectivity (e.g. mobile, social networking) how are you managing the ways customers or third parties access your systems and your data?
  5. How are you ensuring that the right people have access to your core systems and data? How do you know that people (employees, suppliers or customers) really are who they say they are?
  6. How are you meeting the customer expectations from a privacy and data protection perspective, particularly if you are keeping and analysing customer data (i.e. 'big data')? Are you meeting regulatory requirements?
  7. It's highly likely that you will be subject to a digital security breach, no matter how sophisticated your security controls. What's your incident response plan? How will you rebuild trust? Do you know how to respond when your organisation is targeted?

Digital trust is as much about opportunity as it is risk. And it's the companies that are 'trusted' to whom customers will increasingly turn in the digital economy. How does your organisation stack up?

Contact us

Peter Malan
Partner
Tel: +61 3 8603 0642
Email

Follow PwC Australia