Here’s a novel idea. What if your organization made cybersecurity a brand promise? What if, instead of driving cybersecurity awareness by highlighting the risk of attack and its expensive consequences, your organization saw your cybersecurity as a reason customers should choose you?
Could your business market its cybersecurity with pride? Few businesses are ready for that today, but outside cybersecurity, turning risk into business advantage is nothing new.
The commercial value of safety for car brands
Today, 1.2 million people worldwide die in car crashes each year. Despite this, we still buy 74 million cars every year.
Death and serious injury are bigger risks than those that usually come with cyber incidents, but car manufacturers now lead ad and PR campaigns with safety as a key feature.
They weren’t always so bold. For decades, while road deaths increased exponentially, car brands dazzled customers with luxury, freedom and engine power. Only in the 1980s did car companies start marketing their defense technology as an integral part of their cars.
Volvo was one of the first car manufacturers to understand the profitable relationship between safety and reputation. They’re now viewed and independently rated as making some of the safest cars in the world. How did they get there? While working for Volvo in 1959, Nils Bohlin invented the three-point safety belt. Volvo chose not to patent it, letting other car manufacturers use it for free and showing they put saving lives ahead of profits. Then in 1987, they produced a bold ad campaign featuring crash-test dummies.
Volvo’s 1987 ad for the Volvo 340
Fear-driven attitudes towards cybersecurity and reputation management echo the car industry’s delay in seeing sales in safety. Fear can lead us to miss powerful opportunities.
Why fear isn’t the best motivator for cybersecurity
Christine Tappolet, Professor of Ethics and Moral Psychology at Université de Montréal, says, “Fear influences what we do by narrowing [our] focus.” That’s great when the threat is known and limited, like when a lion is chasing you.
When it comes to complex, ‘always on’ cyberthreats, a narrow focus brought on by fear may mean missing the bigger picture.
Psychology makes a distinction between two types of motivation: Approach motivation, or being attracted to something positive, and avoidance motivation, or being driven away from something negative. Andrew Elliot, Professor of Psychology at University of Rochester, says, “Avoidance motivation is designed to facilitate surviving, whereas approach motivation facilitates thriving.”
Organizations with a strong cybersecurity culture focus on thriving rather than simply surviving. They go beyond cybersecurity and reach cyber pride. What does that mean, and how do you get there?
From fearing attack to cultivating reputation
“It takes 20 years to build a reputation and five minutes to ruin it,” says US business tycoon Warren Buffet. “If you think about that, you’ll do things differently.”
It’s hard not to respond to the stark reality of cybercrime with at least some fear. Cyberattacks can and do damage business reputations. Customers expect you to keep their data safe and your operations running. If you can’t do that, they’ll find someone who can.
Cyber pride is a new way to look at the relationship between cybersecurity and reputation. It moves your organization beyond a purely defensive position towards celebrating and cultivating its cybersecurity reputation.
What does cyber pride look like in practice?
1. Put your cybersecurity claims to the test
Volvo’s safety reputation didn’t skyrocket because of an ad campaign and a seatbelt design, but because its claims were true. Independent safety ratings back them up, time and again. In 2017 respected independent testers Insurance Institute for Highway Safety named Volvo XC90 the safest car in the world.
Cybersecurity is the same. If you talk the talk, you must walk the walk. Knowing your business is secure will give you the confidence to promote security as a business value. Customers will find out if your claims are all puff because cyber incidents will interrupt their service or leak their data.
2. Break out of the prison of small print
Private policy links sitting quietly at the bottom of web pages hide precious gems you could polish and display. These policies often start by addressing customers’ valid concerns then descend into a torrent of legalese.
Each web page or marketing material needn’t lead with cybersecurity and data confidentiality, but these must move beyond the shadowy prison. Integrate security practices across your business holistically, recognizing privacy as a foundation for business growth.
3. Go beyond following regulation
Regulation shouldn’t be the sole guide of your cybersecurity and privacy policies. To let regulation drive is to make decisions based on fear, rather than seeking ethical excellence. Regulation also struggles to keep up with technological change in business and cybercrime. While you must meet regulations, you should look beyond it, guided by innovation and ethics.
To use cybersecurity and customer privacy to grow your business, don’t just say you care – show it, boldly, at every opportunity. It’s the products you build and the culture of your whole organization. In the same way Volvo didn’t just want to be seen as making safe cars, they wanted to make safe cars, your business can differentiate itself from the crowd with honest, provable cyber pride.