Customer confidence is the best security metric
How radical transparency becomes a competitive differentiator
Cyberattacks are inevitable: It’s no longer whether you’ll be attacked, but when. That’s why it’s so important to build trust with your customers. What sets vendors apart is how well they protect customer data, keep services reliable, and communicate with customers when something goes wrong.
Trust is particularly important when vendors support mission-critical functions. Blue Yonder, for example, provides supply chain solutions that organizations rely on for everything from retail planning and labor management to warehouse management and transportation logistics. Our customers have to be confident that an attack on Blue Yonder will not stop their trucks from arriving or their store shelves from being stocked.
Building and maintaining trust with customers is not easy. We’re all contending with a rapidly changing technology and security landscape. Beyond combating evolving, AI-powered threats, we need to address vulnerabilities created through dependencies on third-party vendors. Business disruptions caused by attacks or outages can quickly erode customer trust.
As the CSO at Blue Yonder, I worked with my colleagues to create a trust arm within our cybersecurity organization. This trust arm allows us to communicate transparently with customers about how we protect their data, continuously work to enhance reliability, and resolve any issues if they arise. The best practices we’ve learned along the way can help any company interested in embedding trust into their culture and strengthening trust among their customers.
Building trust with transparency
Trust is more than a vague sense that a company is reliable: It’s built with strong cybersecurity and transparency. From the moment that your prospects start exploring solutions, they want to know exactly how their data and apps will be protected. And when something goes wrong, your customers want to be informed immediately.
A lot is riding on trust. Your customers are investing in your business, and they want to know they are making the right choice. If your organization is not transparent, your reputation will suffer and your customers will find alternatives.
In my experience, establishing a successful trust arm requires a holistic strategy that spans people and processes.
People: Assembling a trust team
Consider placing the trust arm within the cybersecurity organization, rather than in sales, marketing, communications, or customer experience. This keeps the trust team in close proximity to the people who are on the frontlines of crises. Trust team members can benefit from the security team’s knowledge and experience, and they can collaborate efficiently when incidents occur.
Meanwhile, the trust team should support sales and customer engagement efforts while fostering internal collaboration across the organization.
Sales support: Trust team members should help account and support teams by addressing important cybersecurity questions from customers and prospects. Those team members can also help train your customer-facing organization, making sure that trust is a key part of your message.
Customer engagement: Working directly with existing customers, trust teams can manage proactive and reactive / incident communications; collect metrics and oversee reporting; and help customers prepare for incidents (for example, by conducting tabletop exercises and testing business continuity plans). Offering workshops also enables the trust team to share best practices while learning more about what customers need.
Cross-functional partnerships: Trust requires one consistent voice during both normal operations and incidents. For example, your trust team might collaborate with marketing to create thought leadership assets highlighting company security’s policies and compliance efforts. The team could also partner with the CSO’s office to enhance internal security awareness. And working closely with communications and legal groups enables the company to provide appropriate responses following data breaches or service outages.
Process: Establishing workflows and policies
In addition to assembling a team, creating the right processes and policies is key to addressing immediate crises and strengthening long-term customer relationships. At a minimum, customers should know how and when notifications will be received.
Ensure rapid incident responses: Even strongly defended companies will experience attacks and outages. When they happen, customers want to see you stop the attack or restart services rapidly. Just as important, they want you to communicate with them quickly and transparently. In the past, businesses notified their customers of serious incidents within weeks or days. Today, customers expect to be notified within hours.
Communicate with empathy: When communicating with customers (during an incident or through a monthly touchpoint with a CISO), lead with empathy. Remember you are in this together: Their challenges are your challenges. Meeting face to face or by video with your customers can help build the human connections that bolster trust.
Foster information sharing: Don’t wait until incidents occur to share information. You could create an internal website to provide employees with cybersecurity information that they need when they interact with customers. Externally, you could participate in CISO councils and produce thought leadership content to share information with peers. This transparency helps improve security over time. It also signals to customers that you take trust seriously.
Refocus on availability: Most security leaders are probably familiar with the “CIA triad” model, which includes confidentiality, integrity, and availability. For too many years, availability has been neglected: Companies haven’t done enough to ensure continuous uptime and resiliency for applications and services. But we’re seeing more outages now, at a time when businesses and individuals increasingly rely on cloud-based services and software. Cybersecurity teams should consider creating an availability leadership position or rethink how availability and traditional cybersecurity functions work together.
Selecting trustworthy partners and vendors
Building trust is a group effort. At Blue Yonder, trust is a key factor when we select vendors and establish partnerships. They should share information about threat patterns and security strategies. And of course, they must offer the technologies and services that you need to keep your organization — and your customers — secure.
We work with Cloudflare in part because the company is recognized as a leader on trust and transparency. We appreciate that beyond offering a broad portfolio of cybersecurity services, Cloudflare openly shares information about threat trends, incidents, and plans to improve resilience.
Making trust a differentiator
Trust is not a “nice to have”: It’s vital in any competitive marketplace. You might have a great product, but if customers don’t trust you with their data and their operations, they will go elsewhere. On the flip side, investing the time and resources for building a trust team can result in a key competitive differentiator. Given the choice between two vendors with similar offerings, customers will choose the vendor they know will keep their data protected and their applications up and running.
There’s no doubt standing up an internal trust arm at Blue Yonder and undertaking continuous efforts to share information about cybersecurity have strengthened how we show up for our customers.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
Dive deeper into this topic.
Learn more about how to build and maintain trust by mitigating risks and enhancing efficiency in the Unified risk posture: A CISO’s guide to reducing risk and complexity executive guide.
Author
Erika Voss — @evciso
Chief Security Officer, Blue Yonder
Key takeaways
After reading this article you will be able to understand:
How transparency fosters long-term customer loyalty
Essential people and processes for building trust
3 pillars for a trust arm within the security organization