When companies consider the value of cybersecurity awareness training, they often focus on avoiding the crippling direct costs of a cyberattack: disrupted operations, lost business, and the possibility of being forced to pay a ransom. It makes sense that these potential costs are top of mind, as they’re rising each year and affecting a widening array of companies. However, companies should be thinking about their cybersecurity responsibilities in an even more fundamental and comprehensive way.
Companies bear responsibility for the security of their customers’ sensitive personal information and the integrity of their business partners’ data. Supply chains are extremely interconnected, which is why third-party data security is a major priority. And companies aren’t just responsible for the cybersecurity of their partners and customers – they’re even responsible for keeping the country safe. State-sponsored cyberattacks have been on the rise for years, and rapidly emerging technologies like AI are going to make them even more common.
These are all reasons why it has never been more important for company leaders and their employees to be responsible digital citizens. By building a cyber-aware workforce and making data security a core responsibility of every person, companies will earn consumer trust, ensure that they’re meeting regulatory and legal obligations, and prevent cybercriminals from inflicting severe financial and reputational harm.
Earning and keeping customers’ trust
Data breaches and other cyberattacks are constantly in the headlines and are a significant source of anxiety for consumers. At a time when 86 percent of Americans say data privacy is a growing concern and over two-thirds are worried about the amount of data businesses are collecting, it’s clear that companies need to proactively address that fear.
Considering the fact that the vast majority of data breaches involve a human element, the best way to show customers that you value their privacy and security is by implementing a robust CSAT program and building a culture of cybersecurity. The majority of consumers say companies that have suffered a data breach should deploy security measures such as encryption and multi-factor authentication (MFA). While this is a good start, it’s critical to remember that cybercriminals have many ways to get around these measures. For example, they can use a strategy called MFA fatigue in which they inundate employees with authentication requests until one is finally accepted.
There’s a huge gap between the level of trust executives believe consumers have in their companies and the trust they actually have: 87 percent to 30 percent. Companies need to take decisive action to narrow the gap, and when it comes to the widespread alarm over increasingly ominous cyberthreats, CSAT is integral to building consumer trust.
The universal benefits of responsible cybersecurity
The concept of digital citizenship is useful because the duties of citizenship also come with privileges, and there are powerful mutual incentives to prioritize cybersecurity. Companies will have greater access to valuable consumer data if they collect and use it carefully. Overwhelming majorities of consumers say they’re more likely to do business with, recommend, and remain loyal to companies they trust. When that trust is violated, this loyalty evaporates for almost three quarters of consumers.
End-to-end cybersecurity awareness is vital for maintaining relationships with supply chain partners. Cybercriminals are capable of breaking into secure networks by infiltrating third-party vendors and service providers, which means deeply interconnected supply chains are often only as secure as their weakest links. For example, the massive SolarWinds hack was likely caused by a third-party breach. It’s no surprise that the National Institute of Standards and Technology (NIST) cites “third party data storage or data aggregators” and “poor information security practices by lower-tier suppliers” as two of the top supply chain risks.
While this means companies should limit the amount of data they share, identify partners with strong cybersecurity protocols in place, and help existing partners improve their security posture with tools like CSAT, it’s important to remember that trust goes both ways. Companies will forge healthier long-term relationships with suppliers, service providers, and other partners if they demonstrate that they take cybersecurity awareness seriously.
Expanding the concept of digital citizenship
When companies are responsible digital citizens, they earn and maintain customer trust (which enables data collection and analysis), improve relationships with partners, and stay compliant with all relevant laws and regulations surrounding data management. As the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) indicate, these laws will only become stronger in the coming years.
Digital citizenship means recognizing the role the private sector plays in securing the digital ecosystem for all. Companies are on the front lines of the fight against cybercrime and state-sponsored cyberattacks like never before: companies guard extremely sensitive health data, financial records, and countless other forms of information that cybercriminals and other bad actors are desperate to get their hands on.
Companies are even responsible for keeping the country safe from hostile foreign governments. To take one of the most alarming examples: Microsoft reports that the proportion of state-sponsored cyberattacks targeting critical infrastructure doubled from 20 percent between July 2020 and June 2021 to 40 percent between July 2021 and June 2022. A sprawling network of companies oversees much of the nation’s critical infrastructure, so this is a case in which digital citizenship is in perfect alignment with actual citizenship.
The need for digital citizenship has never been stronger. This isn’t just because responsible data management and cybersecurity awareness are crucial for securing consumer trust and preventing costly cyberattacks – it’s also because these practices keep employees, customers, and all their fellow citizens safe.
Dr. McAlmont is CEO of NINJIO Cybersecurity Awareness Training, and is one of the nation’s leading education and training executives. Prior to NINJIO he served as President of Career and Workforce Training at Stride, Inc., had a decade-long tenure at Lincoln Educational Services, where he was President and CEO, and also served as CEO of Neumont College of Computer Science. His workforce and ed tech experience is supported by early student development roles at Stanford and Brigham Young Universities. He is a former NCAA and international athlete, and serves on the BorgWarner and Lee Enterprises boards of directors. He earned his doctoral degree in higher education, with distinction, from the University of Pennsylvania, a master’s degree from the University of San Francisco, and his bachelor’s degree from BYU.