Late last month, Zeitgeist went with friends to his local theatre to see “Teh [sic] Internet is a Serious Business”. The play, a story of the founding of the hacktivist group Anonymous, was the most well-publicised dawn of cyberattacks on businesses and governments. The organisation, at its best, set it sights on radical groups that promoted marginalisation of others, whether that was the Church of Scientology in the US or those trying to dampen the Arab Spring in Tunisia. This collective, run by people, some of whom were still in school, showed the world how vulnerable institutions were to being targeted online. We wrote about cybersecurity as recently as this summer, summarising the key points in a recent report from The Economist on what was needed to mitigate against future attacks and how to reduce the damage such attacks inflict. The issue is not going away (and in fact is likely to become worse before it gets better).
It was back in January that management consultancy McKinsey produced a report, ‘Risk and responsibility in a hyperconnected world: Implications for enterprises’, where they estimated the total aggregate impact of cyberattacks at $3 trillion. There is much to be done to avert such losses, but the current picture is far from rosy. Most tech executives gave their institutions “low scores in making the required changes”, the report states; nearly 80% of them said they cannot keep up with attackers’ – be they nation-states or individuals – increasing sophistication. Moreover, though more money is being directed at this area, “larger expenditures have not translated into an increased maturity” yet. And while the attacks themselves carry potentially devastating economic impact on a company, their prevention comes at a price too for the business, beyond the financial. McKinsey reports that security concerns are delaying mobile functionality in enterprises by an average of six months. If attacks continue, the consultancy posits this could result in “a world where a ‘cyberbacklash’ decelerates digitization [sic]“. Revelations about pervasive cyberspying by Western governments on their own citizens could well be a catalyst to this. Seven points are made in the report for enterprises to manage disruptions better:
- Prioritise the greatest business risks to defend and invest in.
- Provide a differentiated approach to defence of assets, based on their importance.
- Move from “simply bolting on security to training their entire staff to incorporate it from day one into technology projects”.
- Be proactive; develop capabilities “to aggregate relevant information” to attune defence systems
- Test. Test. Test again.
- Enlist CxOs to help them understand the value in protection.
- Integrate risk of attack with other corporate risk analysis
Given the amount of business and social issues that involve digital processes – “IP, regulatory compliance, privacy, customer experience, product development, business continuity, legal jurisdiction” – there is a huge amount of disagreement about how much state involvement there should be in the degree to which enterprises must take steps to protect themselves. This is an important point for discussion though, and we touched on it when we wrote about cyberattacks previously.
But that report was way back in January, things must have solved themselves since then, right? Last week, PwC reported that corporate cyber security budgets are being slashed, even while cyberattacks are becoming far more frequent. The FT reported that global security budgets fell 4% YoY in 2014, while the number of reported security incidents increased 48%. Bear in mind these are only reported incidents. This is potentially no bad thing, if we’re to go by McKinsey’s diagnosis of too much money being thrown at the problem in the first place. At the same time, it’s not exactly comforting.
Only a few days after PwC’s figures were published, JP Morgan revealed that personal data for 76 million households – about two-thirds of total US households – had been “compromised” by a cyberattack that had happened earlier in the year. Information stolen included names, phone numbers and email addresses of customers. It was also revealed that other financial institutions were probed too. Worryingly, the WSJ reports that investigators disagree on what exactly the hackers did. It was also unclear who was to blame; nation state or individual. Such disagreements over the ramifications of the attack, the identity of the attackers as well as the delayed revelation of the attack itself, illustrate just how necessary transparency is, if such attacks are to be better protected against and managed in the future.
For those in London at the end of the month, The Economist is hosting an event for those who apply, on October 21, examining “how businesses can and should respond to a data breach, whether it stem from a malicious insider, an external threat or simple carelessness”. Hope to see you there.
PSFK this week wrote about a subject Zeitgeist have taken great interest in over the years, that of tech layering over retail to create unique experiences. Our focus on this blog with regard to retail has often been the way that new technologies are disrupting traditional bricks-and-mortar establishments, sometimes for the better, sometimes for the worse. PSFK take data strategy back to basics, pointing out quite rightly,
“To succeed retail brands need to provide what has been called over the years ‘a value exchange’. In others words, to learn more about a customer, we must always provide them something in return. This may manifest itself as discounts and other perks, but what if the reward was simply a better brand experience in itself?”
Earlier this week, as a precursor to the US going crazy for the Black Friday shopping extravaganza (even though The New Yorker tells us everything we know about Black Friday is wrong), Deloitte released new research on the way consumers like to buy their wares. Unsurprisingly, it seems shoppers are now keen for an omnichannel experience. Some of this talk may be a bit premature, or vary by retail sector. Online groceries, for example, though seemingly prevalent, are having little impact on grocers’ bottom lines. In the UK, where the march of online shopping is advanced, grocery shopping online may account for just 5% of sales this year, according to Datamonitor analysis. Select highlights from Deloitte’s report below – which mostly reads like customers are wanting to have their cake and eat it – full report here.
- The high street remains the number one destination for shops, services and leisure, compared to online and out-of-town: 59% use the high street for top-up grocery shopping, 58% prefer the high street for banking services, and 52% for cafés.
- Consumers still want more from their high street, and 73% believe that the consumers themselves should decide what shops and services should be available.
- The omnichannel experience is in demand with 45% wanting free high street Wi-Fi and 1 in 3 wanting to use a Click & Collect service.
UPDATE (13/12/13): The Economist this week published an interesting piece on the closing of UK department store Jacksons, which refused to keep pace with changing consumer demands. Interesting lessons on how to be cognisant of customer insight while trying to remain “authentic”.