Rising rates of inflation and uncertainty around interest rate increases are just two of the macro trends causing business leaders (including cyber leaders) to recalibrate their 2022 strategies. Retail and consumer products company leaders face additional market forces that will require cyber leaders to understand how to respond to vulnerabilities that may result from these trends.
1. Growing consumer demand for personalized experiences
Many consumer and retail organizations are making significant investments in technologies (e.g., Big Data, Analytics, AI / ML) to enhance the consumer experience which requires an increased focus on creating more value for the consumer by expanding the way personal data is used (e.g., personalized marketing and shopping experiences). This has resulted in large-scale collection and consumption/usage of consumer data, which significantly raises the stakes (consumer trust, regulatory fines, public confidence) in the event of a breach.
It isn't a question of IF, but WHEN a breach will happen. In recent years, we've seen cybercrime continue to rise as bad actors identify new vulnerabilities and ways (e.g., Log4j as we saw in Q4 2021) to compromise organizations for financial or information gain. The FBI reported a 69.4% increase in cybercrime complaints in 2020, while the UN Security Council stated cybercrime was up by 600% due to Covid-19.
Many cyber leaders need to reassess their cyber strategy for 2022 and see this as an opportunity to work with other cross-functional leaders so there can be holistic alignment of the cybersecurity, privacy and data ethics programs with their organization's overall business strategy.
2. Shifting focus towards Environmental, Social and Governance (ESG)
ESG and sustainability are hot topics across many boards partly due to the elevated focus by consumers, investors, the broader capital markets, and governments. A global survey by the National Retail Federation (NRF) in 2020 shows that nearly six in ten consumers are willing to alter their shopping habits to reduce their environmental impact, and eight in ten respondents said that sustainability is “essential” for them. Many capital investors/funds have revised their investment models and now consider the ESG score of an organization before making investment decisions. Cybersecurity is now regarded as a key ESG concern, falling under the “Social” pillar, and this has led many cyber leaders to take their organization's ESG program seriously.
Many cyber leaders will need to find ways of not only linking their cybersecurity programs to their organization's overall ESG program but also maximizing the cybersecurity contributions to the overall ESG score.
Cybersecurity leaders can capitalize on this momentum to mature their cybersecurity programs and elevate visibility internally within their organization.
3. Disruptions in the supply chain
The record shortages in products caused by supply-chain disruptions have led to many organizations simplifying and investing heavily in their supply chains. Based on a Microsoft survey done in 2020, 90% of retail, consumer goods companies planned to modify their supply-chain networks in response to the fallout from COVID-19. While the nature of these modifications could involve implementing new technologies or engaging new third-party organizations, it is for certain that the cybersecurity function has a role to play in managing the associated supply chain cyber-related risks.
Cybersecurity leaders should reevaluate their cyber programs and ensure it is adequately embedded across other third-party related functions such as Procurement, Legal, Compliance, Risk Management, Accounting AP/AR, etc.
4. Shortage of Talent
The U.S. Bureau of Labor Statistics reported in January that the inflation rate rose to 7.5% which represents the highest in 40 years. One of the many reasons attributed to this increase is the chronic shortages of workers (including cybersecurity talent) which have led to rapid increases in labor costs for employers. According to the ISC Cybersecurity Workforce Study, the global cybersecurity talent shortage is more than 4 million people. We also saw many cybersecurity employees change jobs for seemingly better opportunities in 2021 as part of the Great Resignation.
There are some specific responses you should consider as a cybersecurity leader:
- Find creative ways to attract and retain talent
- Reevaluate your 2022 cyber budget and increase as necessary to better compete for the limited talent pool
- Consider engaging more MSSPs by outsourcing some of your less strategic program capabilities (e.g., SOC operations, Threat and Vulnerability Management)
- Consider recruiting talent in lower cost locations
Considering the challenges ahead, the last thing organizations need to do is take a "business as usual" approach. The message here is clear - cybersecurity leaders should take some time and reassess their 2022 strategies and initiatives to account for these four trends impacting their industry.