Deloitte study: Consumer businesses operate with a false sense of security about cyber risk

More than 80% of surveyed companies have not tested cyber response plans in the last year.

By ·

Consumer products companies, retailers and restaurant businesses may be operating with a false sense of security, according to a new Deloitte study, “Cyber Risk in Consumer Business.”

The study captures input from more than 400 chief information officers, chief information security officers, chief technology officers and other senior executives about cyber risks and response plans affecting customer trust, payments, executive level engagement, human capital and intellectual property.

According to the study, more than three-quarters (76%) of consumer business executives report they are highly confident in their ability to respond to a cyber incident, yet many simultaneously face issues that critically impair their ability to do so.

Among the findings:
● The majority of executives surveyed (82%) indicate their organization has not documented and tested cyber response plans involving business stakeholders within the past year.
● Less than half (46%) say their organization performs war games and threat simulations on a quarterly or semiannual basis.
● One quarter (25%) report lack of cyber funding.
● Roughly 1 in 5 (21%) lack clarity on cyber mandates, roles and responsibilities.

“In the study, we found that just 30 to 40% of companies currently investing in platforms such as consumer analytics, cloud integration, connected products and mobile payments have mature programs in place to address related risks,” said Barb Renner, vice chairman, Deloitte LLP and U.S. consumer products leader. “Many of these technologies involve a broad set of data types that could expose consumers to much more than stolen credit cards and identity theft. Beyond customer data, the risks can range from protecting food safety in manufacturing and supply chains to intellectual property of new products and formulas. Allowing cyber response planning to lag can undercut the upside of investments in advanced digital technologies. It can become a one step forward, two steps back proposition to pursue advanced technologies without equal attention to cyber threats.”

The Deloitte study also found companies may underestimate the importance of consumer trust. In fact, when thinking about potential cyber incidents, consumer product companies surveyed seem to be primarily concerned with production disruptions (48%) and loss of intellectual property (42%), while significantly fewer — 16%— are concerned with tarnishing brand perceptions related to trust.

Many U.S. consumers already express heightened security concerns, with a startling number going so far as to delete mobile applications and avoid websites, which can threaten a critical engagement touchpoint for consumer businesses.

Consider these findings:
● In 2016, roughly 80%  of U.S. consumers felt they have lost control over how their personal information was being used by companies.
● Over the past 12 months, 31% of U.S. consumers deleted applications on their smartphone and 27% avoided specific websites to mitigate their own cyber risk (Deloitte, SSI and JD Power; consumer privacy study presented at Next2017 Conference, May 9-10, 2017).

“News of breaches cannot only threaten sales of a particular product or brand, but can tarnish broader perceptions consumers have toward connected products in general — jeopardizing billions in future sales growth,” added Renner.

“A brand’s reputation impacts consumer trust, but it also dictates brand swagger,” said Chuck Saia, CEO of Deloitte Risk and Financial Advisory. “Brand trust starts at the top and leaders who continually earn the confidence of consumers can walk with that swagger. Taking brand reputation personally and setting the expectation that everyone in the organization does as well can help ensure potential risks to brand trust and reputation are quickly recognized and addressed.”

Another potential risk and reward scenario accompanies the interactions between customers and consumer businesses: connected products. These devices may increase the points of entry, opening the door to cyber breaches that can arise anywhere across the entire connected ecosystem, including consumers and third-party vendors.

Among executives surveyed, 32% are not confident their cyber risk management program is effective in maintaining their strategy to develop and market connected products. Their concerns don’t stop there. Changing regulatory requirements are the top concern of 74% of those who deploy connected products, followed by intellectual property theft (71%) and theft of consumer information (66%).

“People are often allured by the promise of connected products while many consumer products manufacturers, recognizing the potential for additional sources of revenue and market share, speed to bring them to market before competitors,” said Sean Peasley, Deloitte & Touche LLP and cyber risk services consumer and industrial products leader. “With less than one-third of companies believing their cyber risk management is effective when it comes to developing connected products, we believe the principle of ‘security by design’ can be an effective strategy. By embedding security considerations further upstream in the development process, connected products can be more resilient to cyber threats enabling them to not only make it to market, but stay on the market, potentially avoiding costly and time-consuming recalls and regulatory delays.”

Deloitte’s research revealed intellectual property as a top data concern among executives surveyed — second only to financial theft. More than 4 in 10 (42%) of food and beverage executives surveyed are concerned with cyber-criminals trying to steal proprietary product formulation information such as food recipes and product codes. This rising concern over IP theft is generally mirrored across consumers businesses — where IP theft has largely remained in the shadows of more familiar cybercrimes such as theft of credit cards and other personally identifiable information.

Subscribe to Modern Materials Handling Magazine!

Subscribe today. It's FREE!
Find out what the world’s most innovative companies are doing to improve productivity in their plants and distribution centers.
Start your FREE subscription today!

Latest Whitepaper
Solving the Labor Shortage Crisis: The Four Benefits of an Automated Warehouse
Not enough warehouse staff? Finding it difficult to keep up with orders during peak periods?
Download Today!
From the March 2018 Modern Materials Handling Issue
Here’s how one of the world’s largest 3PLs is looking to tomorrow’s innovative technologies, including heads-up display and robotics, to transform its operations today.
Conveyors & sortation: Carrying the e-commerce burden
2018 Productivity Achievement Awards
View More From this Issue
Subscribe to Our Email Newsletter
Sign up today to receive our FREE, weekly email newsletter!
Latest Webcast
Emerging Technologies for Your Distribution Center
Come get an insider's view of the latest technologies for inside your Distribution Center. You'll learn which technologies are being piloted, which are having success and moving from concept to implementation and into production on the maturity scale, and what's coming on the horizon.
Register Today!
NextGen Supply Chain at DHL
Here’s how one of the world’s largest 3PLs is looking to tomorrow’s innovative technologies,...
Trinchero Family Estates: Pallet handling in the vineyard
The second-largest family-owned wine company in the world turns to automated pallet handling and...

System Report: Rocky Brands Sees the Light
Confronting an aging materials handling system and new channels of business with new customer...
Lodge Manufacturing: Distribution Cast in Iron
In a new facility, iPhones and a new WMS allowed cookware manufacturer Lodge to double its business...