The role of IT security in business trust
How much value can be placed on trust in business? "It takes many good deeds to build a good reputation, and only one bad one to lose it," said Benjamin Franklin, and indeed companies go to huge lengths to build and maintain trust relationships with both their customers and the wider market.
The simple reason for such effort is that a trustworthy business is a profitable business. We don't need to read the management textbooks to get this – people buy from people they believe can deliver. It’s why we set so much store by personal recommendation and, should things go wrong, we may avoid buying from the same place again.
Projecting an image of reliability is good for the bottom line - backed up, of course, by actually being reliable. Both products and services should meet or exceed expectations, and customers should not have any surprises about how the organisation behaves. It’s why organisations care so much about ‘customer satisfaction’ – and also why they invest in positive marketing and PR.
Understanding the importance of a good reputation offers useful, additional perspective to how organisations think about IT security. While not all breaches may directly cost money or cause lost productivity, they can damage reputation and therefore, affect profits. However, while companies can spend a small fortune on promoting their reputation, it's unlikely that much of this money goes on bolstering security mechanisms.
Getting the Marketing Department to pay for security measures may be a long shot. Less of a stretch might be to ensure a dialogue between these parts of the business and security decision makers, such that both sides understand how current threats might have an impact on the reputation of the company. Service reliability, customer data privacy or corporate performance are all valid topics for discussion.
Meanwhile, if measures are in place and operating successfully, it is worth telling people about them. Security certifications or compliance with privacy criteria are valid topics to be broadcast by the marketing and PR, with an aim to differentiate against the (less reliable) competition.
What do you see in the market, are organisations doing good things to assure its integrity, or the reliability of its services, or the privacy of its customers? Could IT security perhaps be considered as a driver of profitable business?