Between 30% and 40% of companies currently investing in platforms such as consumer analytics, cloud integration, connected products and mobile payments have mature programs in place to address related risks.
Many of these technologies involve a broad set of data types that could expose consumers to much more than stolen credit cards and identity theft. Beyond customer data, the risks can range from protecting food safety in manufacturing and supply chains to intellectual property of new products and formulas.
Allowing cyber response planning to lag can undercut the upside of investments in advanced digital technologies. It can become a one step forward, two steps back proposition to pursue advanced technologies without equal attention to cyber threats.
The grim outlook comes from the Deloitte “Cyber Risk in Consumer Business” study which also reveals: more than three-quarters (of consumer business executives report they are highly confident in their ability to respond to a cyber incident, yet many simultaneously face issues that critically impair their ability to do so.
• The majority of executives surveyed (82 percent) indicate their organization has not documented and tested cyber response plans involving business stakeholders within the past year.
• Less than half (46 percent) say their organization performs war games and threat simulations on a quarterly or semiannual basis.
• One quarter (25 percent) report lack of cyber funding.
• Roughly 1 in 5 (21 percent) lack clarity on cyber mandates, roles and responsibilities.
The Deloitte study also found companies may underestimate the importance of consumer trust. In fact, when thinking about potential cyber incidents, consumer product companies surveyed seem to be primarily concerned with production disruptions (48%) and loss of intellectual property (42%), while significantly fewer — 16% — are concerned with tarnishing brand perceptions related to trust.
Many U.S. consumers already express heightened security concerns, with a startling number going so far as to delete mobile applications and avoid websites, which can threaten a critical engagement touchpoint for consumer businesses. Consider these findings:
• In 2016, roughly 80% of U.S. consumers felt they have lost control over how their personal information was being used by companies.
• Over the past 12 months, 31% of U.S. consumers deleted applications on their smartphone and 27% avoided specific websites to mitigate their own cyber risk
Another potential risk and reward scenario accompanies the interactions between customers and consumer businesses: connected products. These devices may increase the points of entry, opening the door to cyber breaches that can arise anywhere across the entire connected ecosystem, including consumers and third-party vendors.
Among executives surveyed, 32% are not confident their cyber risk management program is effective in maintaining their strategy to develop and market connected products. Their concerns don’t stop there. Changing regulatory requirements are the top concern of 74% of those who deploy connected products, followed by intellectual property theft (71%) and theft of consumer information (66%).
Deloitte’s research revealed intellectual property as a top data concern among executives surveyed — second only to financial theft. More than 4 in 10 of food and beverage executives surveyed are concerned with cyber-criminals trying to steal proprietary product formulation information such as food recipes and product codes. This rising concern over IP theft is generally mirrored across consumers businesses — where IP theft has largely remained in the shadows of more familiar cybercrimes such as theft of credit cards and other personally identifiable information.