Trust is vital to winning security investment, says Just Eat CISO
The financial benefits of security are hard to quantify, so emphasise the importance of reputation
A well-rounded cybersecurity strategy is fundamental to survival in today's digital world. The provable benefits of good cyber are difficult to quantify, though, as by definition there won't be anything to show. So how do you secure investment and support from the board?
Kevin Fielder, CISO of Just Eat, is committed to making security part of the business conversation. His approach is not to focus on the financial benefits, but on trust.
Kevin Fielder is Just Eat's first CISO
"A lot of [the financial benefits] are not strictly quantifiable, but it's around how you want your brand to appear. We obviously have a desire to be a trusted brand; our CEO said, ‘We'd like to be a brand you can happily tell your grandmother to use'.
"As a brand, we want our customers and our partners to trust us and to feel safe using us. Obviously, part of that is making sure that we have appropriate security in place to protect the systems that host all of their information."
Keeping customer data safe has always been important, and is even more so under the GDPR. While no record-breaking fines have been recorded yet (Google's £3.8 billion penalty was for an antitrust case rather than data security), the maximum charge could reach as high as £17 billion, or four per cent of annual worldwide turnover.
Your reputation is one of your most important assets, especially in the digital age when word of any misdemeanour - real or imagined - can spread across the country before your CISO has had their Cornflakes. Fielder says:
"I like to think it's a bit like, if you go away on holiday and lock your doors and windows and get burgled, no-one blames you at all; it's a crime, it's sad, it shouldn't have happened. Even if your friends had their stuff at your house and it was stolen, they would still trust you because you did the right thing.
"If you go on holiday and leave your front door open and your jewels on the doorstep, you being robbed is still a crime, but people wouldn't necessarily trust you to look after their jewellery in the future."
Security is there to protect your business and data - and your customers', as well. No matter how good your product or service, securing that buy-in is difficult without a minimum level of trust - "And if something bad does happen, you're still trusted because they know that you've done the right thing, and you did what you should do to protect systems and data," Fielder says.