Foreword

Welcome to the latest edition of the Deloitte Consumer Review. This edition focuses on cyber crime and security for consumer businesses.

The potential for cyber crime has grown dramatically over the past few years as cyber criminals constantly adopt more profitable, effective and efficient tactics. Cyber crime is on the rise, not only in the number of attacks but also in its severity. In the UK cyber crime costs businesses £34 billion per year, including £18 billion from lost revenue.* In our experience, organisations are still unprepared to deal with different types of attacks and are at best aiming to mitigate the risk, rather than preventing attacks in the first instance.

At the same time, major technological developments are challenging the way businesses compete and operate. Businesses' digital activities continue to grow due to the digitalisation of operations and functions. Not only are businesses collecting more data they are also becoming increasingly dependent on it for their day-to-day operations. In a world where cyber crime is becoming ever more attractive, businesses are exposed to more security risks than ever before.

Our research shows that as a result of the increase in cyber attacks, consumers are becoming more distrustful about how secure their data really is when sharing their personal information with businesses. This lack of trust provides an opportunity for businesses to act transparently and reassure consumers that their data is safe with them. Businesses need to be explicit not only in how they secure consumers' data, but also in the benefits to consumers of sharing their data and in giving them the choice about how their data is used.

Together, these issues illustrate why cyber-security risks have become a priority for leaders in business and why now is the time to act to ensure that effective cyber-security measures form part of the business strategy.

We hope this report gives you the insight and data to enhance your understanding of the opportunities and challenges in your sector, and welcome your feedback.

Executive summary

The more data a business collects about its consumers and the more sensitive that data is, the greater the data's attractiveness to cyber criminals. With businesses becoming more and more dependent on data to manage their operations, the risks of cyber crime can only get greater. Although consumers tend to get caught in the middle, they are not always the prime target. Some criminals want to benefit financially; others want to damage a company's reputation. This makes the risk of cyber crime not just an IT issue but a business issue as well.

While boards are becoming more aware of cyber risks they are still struggling to comprehend the full impact a cyber incident can have on their own organisation and strategy. To overcome this, businesses need to develop an integrated approach to cyber security with board- level accountability, one that links business objectives to security priorities and helps to create a common language between technologists and business leaders. The approach needs to be set at the top, with the board, CEO and the CFO setting the governance and organisational structure and ensuring all employees understand their role in preventing cyber attacks. Business leaders need to incentivise collaboration, and consider creative ways to raise awareness across the organisation through activities such as war-gaming, to help create the right security culture.

Businesses need to take the lead in fighting cyber crime especially when considering their consumers' experiences and attitudes to cyber crime. Our research shows that consumers are experiencing a growing level of security breaches, particularly around fraud and theft. There is also a certain degree of scepticism, even cynicism, among consumers regarding corporate motives and practices around the collection and use of personal data. Indeed our data points to a decline in consumers' trust in the ability of businesses to secure their personal data and use that data appropriately.

As a result consumers are taking more control over securing and sharing their data, and are increasingly willing to withdraw consent if they do not perceive the right protections are in place. Compared to our research results in 2013, the proportion of consumers that 'did nothing' following a cyber-security breach has dropped significantly.

Our research also suggests, however, that businesses may be over-estimating not just consumers' comfort with sharing their personal data, but also the extent to which consumers are satisfied with what they are receiving in exchange for that data. Customer experience will be the primary basis for competitive differentiation in the next few years. This presents an opportunity for consumer-facing companies to develop strong cyber-security strategies that can generate a competitive advantage, including reassuring consumers and acting transparently about how personal data is managed and used.

Cyber-security risks will only intensify as businesses focus their investment on acquiring more analytics tools and basing more and more of their interactions with consumers in the digital space. While the amount of data accessed and shared across an ever more complex network increases, companies need to sharpen their focus and ensure they protect one thing: the trust of their customers – consumers and businesses alike. In both instances businesses need to make sure their customers are totally confident that their data is managed and used in the most secure way possible.

In summary, data usage and security practices are not just about risk mitigation, they are also a potential source of competitive advantage.

To continue reading, please click here.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.