As organizations continue their digital migrations, the list of cyber-threats, risks and vulnerabilities grows exponentially. From a more connected workplace to new laws and regulations governing privacy and data protection, keeping up on our ever-expanding digital world can be challenging and expensive.
One method to confront cyber-risk is to adopt a laissez-faire risk acceptance approach – where the costs of prevention seemingly outweigh the consequences of doing nothing at all. In this scenario, a bank or business takes a gamble that a cyber-security incident won’t happen or that they can just pay a nominal one-time fee if it does. In other words: Instead of protecting customer data, investing in streamlined cybersecurity solutions or sealing off a vulnerability, an organization simply opts to leave the door open with the hope that no one comes knocking.
The economics of risk acceptance in cybersecurity
Is risk acceptance the most-economical mindset in the short run? Assuming an organization is not the target of a particularly devastating attack, they might come out unscathed from the initial breach, with nominal fines or nothing at all. For example, if a cybersecurity solution is going to cost $250,000 to protect a $50,000 problem – it might not make initial sense to invest. But when you factor in brand damage, changes in regulations, emerging technology, and subsequent fines and class action lawsuits there are different angles to consider – especially when something big hits.
During the 2017 Equifax acquisition, for example, when a massive breach compromised the personal information of over 140M Americans, or nearly half the country, the Equifax brand suffered irreparable damage and has been ordered to pay up to $700M in fines. This all stemmed from their “failure to take reasonable steps to secure their network.” This breach is one of the worst to ever have happened in the US and, with 13 major breaches affecting mergers and acquisitions deals between 2014 and 2018, it was hardly the only one.
Do you think it was worth it? We don’t.
Customers won’t buy risk acceptance
Issues of brand damage come to the forefront of any risk acceptance plan once a breach occurs – regardless of size. Any customer-centric organization worth its salt knows that customers care about their personal data and do not reward businesses who do not value it enough to protect it. In fact, according to Echoworx data, 80 per cent of customers consider leaving a brand after a breach.
In a nutshell: You can’t afford to sell risk acceptance to your customers.
Instead of gambling with customer data, a true proactive choice involves taking every precaution to protect them with risk-mitigating defenses. Since digital trust and loyalty of customers is rooted in user experience and demonstrated brand assurance of safety, you need to offer flexible and streamlined cybersecurity solutions that work.
With our OneWorld encryption platform, for example, you can protect customer data in transit without affecting customer experience. With support for 22 languages, multiple branding options and configurable sets of encryption policies, our streamlined encryption experience ensures nothing is left to chance – including your customers.
Risk acceptance doesn’t cut it across borders
If you are an international brand, with offices all around the world, you might be boxed out of local markets if you can’t protect your customers. But investing in the bare minimum isn’t good enough either. In order to comply with different privacy jurisdictions, avoiding the potential for hammering fines or being excluded from a market completely, an organization needs to invest in flexible, streamlined and easy-to-understand proactive cybersecurity solutions.
Picture this scenario, for example: You are an organization based in the US which does business in the EU and is looking to break into APEC. From Europe’s General Data Protection Regulation (GDPR) to South Korea’s Personal Information Protection Act (PIPA) to California’s Consumer Privacy Act (CCPA) closer to home, for examples, you are now navigating a whole patchwork of privacy laws. How do you exchange your daily flow of sensitive data between offices?
Until recently, a company might be able to fly under the regulatory radar without encrypting sensitive communications. But more severe interpretations of these laws, like those regarding the GDPR in Denmark, now mean you can’t legally do business in some of these countries without an encryption solution flexible enough to accommodate different jurisdictional demands. That throws a pretty major wrench in any international business plan.
Risk acceptance jeopardizes your digital future
As the saying goes: Ignoring the problem doesn’t make it go away. In the case of cybersecurity, inadequate investment in data-protecting technology can make current vulnerabilities larger, as business grows, or render an organization unable to adequately deal with future issues. And, in the case of mergers and acquisitions, not being flexible enough or set up to move with the technological tide can stall, cancel or, at the very least, lower the value of the deal.
In other words: In a world of every-changing regulations, which are not going away, and new technology, which demands flexibility, if you adopt a culture of risk acceptance, you risk being left in the dust.
As a cloud-based Software-as-a-Service (SaaS) provider, Echoworx provides flexible solutions for organizations looking to update legacy message encryption technology. Many organizations, for example, need to reduce the complexity of their existing legacy solutions, like a legacy PGP system, into a single consolidated cloud-based platform. As a fully managed, infinitely scalable and geo-redundant encryption solution, our OneWorld encryption platform helps organizations get up to speed with secure communications and be prepared for whatever changes are around the corner.
Risk mitigation is simple – yet effective
Investing in comprehensive data-protecting cybersecurity solutions for risk mitigation, as opposed to acceptance, is not a compromise for today’s customer – it’s an expectation. They expect airtight security for their valuable personal data – something they can get with or without your brand. The solution is easy: you don’t gamble with them; you protect them before something happens.
Protecting your secure communications with encryption is an effective way to ensure data in transit stays safe, you can easily adapt to new regulations and you can protect your own valuable company data and secrets. As a tool of risk mitigation, applying encryption to sensitive messages means you do not take chances when it comes to the safety of your data. This is an integral keystone of any merger or acquisition process – something that can affect the ultimate value of your deal.
A path to secure communications with OneWorld
Our OneWorld encryption platform is an important risk-mitigating addition to any customer-centric cybersecurity suite. With multiple flexible delivery methods, available in 22 languages, full reporting and with extensive options to support multiple brands, OneWorld assures your customers that you do indeed value their business and data at every point of their customer journey. And its streamlined user-friendly interface and definable customizable set of encryption policies ensures data protection occupies a central part of any organizational business policy.
By Nicholas Sawarna, Sr. Content Marketing Specialist, Echoworx