For the greater good, would you inform consumers about your approach to security?

Over the past few years, it has become easier to make better choices. As consumers, we are becoming more informed. For example, we now know more about how less packaging, more whole foods and more ethical purchases can benefit the world. It is by no means a perfect world, but when choosing to engage with a product or service, there are many sources that help us to know the practices of companies over a spectrum of ethics, worker conditions and environmental impact. Based on the data (a lot of it now in handy smartphone apps), we can make informed (to an extent) decisions on what to buy, who to do business with or where to invest.

Many companies are forthcoming with some information about how they are protecting the environment. But what about how businesses are protecting us? As consumers, for a long time, we have placed our money, information and sometimes our livelihoods in the hands of household brands – trusting that they have taken steps to protect us. There are numerous cases where we only become aware of the protection practices of a company when something goes wrong – like a data breach. There have been enough data breaches and security incidents in recent years to know that even some of the most trusted, lifelong brands are not immune to cyber-attack – even when they have made their best efforts to have controls in place. 

A growing number of organisations are dedicated to being resilient to cyber-attack. Many care enough to invest in tools and build great teams of experts to continuously assess and mitigate the risks the organisation is up against. These teams work around the clock to protect our data despite the fact that if they are the target (political or otherwise) of a cyber-attack, it’s unlikely that any amount of tools or experts will stop it occurring completely. But organizations with a focus on security will minimize the chance of this happening, and have a better chance of recovering quickly.

The point is, while some big brands advertise their fraud detection abilities or their two-factor authentication offering, it’s rare that cyber security teams and controls are spoken of outside of industry forums. Most organisations don’t want to be seen as spruiking about their ability to defend against attackers – targeted or opportunistic. But informing doesn’t have to be spruiking. And while its hard to measure, would customers be more attracted to organisations who are honest about their security investments in people and controls (in the same way that ethical or sustainable practices attract those who value this approach)? Could being forthcoming about your security teams and practices be good for business? It’s not about publically confirming compliance and it’s not about marketing. Maybe, it’s about giving consumers choice based on the positive steps your organisation is taking to better secure your services. Could your commitment to security help improve consumer choice?