Your brand experience is only as good as your cyber security and many businesses operate with false security about cyber risk.

That’s the bottom line of a recent Deloitte report, which warns customer-facing businesses are underestimating cyber risk.

Retailers, restaurants, and consumer product companies are “operating with a false sense of security.” And they should take better precautions to “mitigate cyber risk during this period of digital transformation.”

Poor Cyber Risk Planning

The Cyber Risk in Consumer Business report is based on responses from 402 chief information officers (CIOs), chief information security officers (CISOs), chief technology officers (CTOs), and other senior consumer business executives collected earlier this year.

The report shows a significant disconnect between what these executives believe about the sophistication of their cyber defenses and operational realities.

Specifically, more than three-quarters (76 percent) of consumer business executives report they are highly confident in their ability to respond to a cyber incident. However, many simultaneously face issues that critically impair their ability to do so.

  • Only 18 percent of surveyed companies have documented and tested cyber response plans involving business stakeholders within the past year
  • Only 46 percent perform cyber war games — interactive exercises that immerse participants in simulated cyber risk incidents — and threat simulations on a quarterly or semiannual basis
  • 25 percent report lack of cyber funding
  • 21 percent lack clarity on cyber mandates, roles, and responsibilities

Ignoring Risks From New Technology

Companies are embracing digital transformation and a host of innovative technologies to enhance brand experience, build customer loyalty, and remain competitive in a digital world.

But their enthusiasm is outpacing their defenses against cybercriminals “looking to expose weaknesses” in digital ecosystems, the report says.

It adds that companies should consider balancing their expanding digital footprints with a growing focus on cyber risk. But it appears few are bothering to do so, undercutting “the upside of investments in advanced digital technologies.”

MarTech Adds to the Problem

Just 30 to 40 percent of companies currently investing in consumer analytics, cloud integration, connected products, and mobile payments have mature programs in place to address related risks, said Barb Renner, vice chairman, Deloitte, and US consumer products leader.

In a statement, Renner noted:

“Many of these technologies involve a broad set of data types that could expose consumers to much more than stolen credit cards and identity theft. Beyond customer data, the risks can range from protecting food safety in manufacturing and supply chains to intellectual property of new products and formulas.”

If not properly managed, rapid adoption of new technologies can open the door to increased cyber risk.

Matters of Customer Trust

Companies surveyed were most concerned how a cyber incident would affect production (48 percent) and their intellectual property (42 percent).

Just 16 percent are concerned with brand reputation, which can take a serious hit in the aftermath of cyber attacks. Increasingly common issues such as credit card fraud and identity theft can devastate customer trust and brand reputation.

The report says many US consumers already express heightened security concerns. A startling number are deleting mobile applications and avoiding websites, threatening critical engagement touchpoints.

Proof of Consumer Backlash

Businesses “may be skating on thin ice” when it comes to consumer backlash from cyber breaches, the report continues. Some 80 percent of US consumers feel they’ve lost control over their personal information.

  • During the past 12 months, 31 percent have deleted applications on their phones to mitigate cyber risk
  • Another 27 percent avoid specific websites to reduce cyber risk

Chuck Saia, CEO of Deloitte Risk and Financial Advisory, said a brand’s reputation affects consumer trust as well as “brand swagger.”

“Brand trust starts at the top. And leaders who continually earn the confidence of consumers can walk with that swagger,” he added. Leadership should take brand reputation personally and set the expectation that everyone in the organization does as well.

That can help ensure potential risks to brand trust and reputation are quickly recognized and addressed.

How to Mitigate Cyber Risk

To capture the business value associated with innovative technologies and the cybersecurity initiatives, businesses should remain secure, vigilant, and resilient.

  1. Be secure: Take a measured, risk-based approach. Manage cyber risks as a team and focus on increased preparedness
  2. Be vigilant: Monitor systems, applications, people, and the outside environment to detect incidents more effectively.
  3. Be resilient: Prepare for incidents and decrease their business impact with proactive planning.