Consumer Product

Consumer products and retail companies are facing a formidable cluster of unique information security challenges as they emerge from an unprecedented year that presented difficult hurdles to overcome. To overcome these challenges, chief information security officers (CISOs) must do more than just hone their technical skills. They must also improve their communication and creative problem-solving abilities.

Crafting and marketing a compelling business case for adequate information security resources necessitates a thorough understanding of the unique obstacles and emerging trends in the consumer products and retail industries that may pose future challenges, as well as implementing leading practised used by the industry's most effective CISOs.

Regardless of industry, the CISO role is difficult. Although information security leaders are rarely the final arbiters of pivotal cybersecurity decisions made throughout the business, they are ultimately responsible for managing cybersecurity risks. Within the consumer products and retail sectors, information security capabilities tend to become bogged down due to one or more of the following factors:

Following Factors:

Cybersecurity skills are in short supply

Organizations across all industries compete for a limited supply of information security talent. On the other hand, smaller and less digitally mature consumer products and retail companies are at a significant disadvantage when competing for these skills with larger, more data-advanced enterprises.

In terms of IT and cybersecurity investments, the sector has historically lagged behind other industries

This is a concern because attackers increasingly target data that can be easily monetized, such as consumer data held by retailers, and because new data privacy regulations will undoubtedly emerge around the world. Given their low IT maturity, many consumer product and retail organizations are still focused on consolidating their existing systems, which creates new security risks that must be mitigated. Another factor is that cybersecurity expertise on corporate boards in the sector lags behind that of other industries, which may contribute to technology under investment.

Budgets for IT and cybersecurity remain constrained

Consumer products and retail organizations performed unevenly over the last year. During the COVID-19 pandemic, some grew and thrived while others struggled. Retailers with mature e-commerce capabilities outperformed their less advanced peers, while many struggled to adapt to the expectations of newly remote customers. The latter group of companies is understandably hesitant to open their wallets to invest in new cybersecurity skills and technologies, while even some of the most successful organizations are wary given the year ahead.

The omnichannel shift raises security concerns

The pandemic hastened the advancement of e-commerce and the associated shift to omnichannel transactions in many industries, not just retail. Social distancing gave rise to new acronyms such as BOPIS (buy online, pick up in store) and accelerated evolutionary curves, including those within consumer goods companies making the direct-to-consumer (DTC) leap. More customer data flowing through more channels means more risks to data security and privacy. Furthermore, many retailers have increased their adoption of Internet of Things (IoT) devices such as sensors without adequate controls, increasing their business risk.

In addition to overcoming industry-specific challenges

CISOs must keep an eye on several emerging trends that may pose additional challenges. First, as previously stated, new data security and privacy regulations are almost certainly on the way, and some may be broad in scope. Second, digital transformation is just getting started, and its impact on consumer goods and retail supply chains will be significant. Inventory forecasting and communication with value-chain partners will be automated within a few years. Third, as in all industries, consumer products and retail companies are expanding their collaboration with third-party cloud and technology vendors. This increased reliance increases the importance of third-party risk management activities related to data security and privacy.

Despite this tricky mix of challenges and contingencies, leading CISOs are advancing cybersecurity by taking concrete steps such as:

Advancing Cybersecurity By Taking Concrete Steps

Using business terms to communicate information security

We find that the most effective CISOs we work with communicate information security issues in business terms. They initiate discussions by highlighting how cybersecurity risks affect the business and the bottom line. These CISOs remind their colleagues that cybersecurity management is a business responsibility, not solely the CISO's.

Making a presentation to the board

When compared to those who leave board-level cybersecurity reporting to the CIO, CISOs who have the opportunity to speak directly to the board tend to garner more support and larger security budgets. CISOs in the most advanced information security programmes typically present to a board committee on a quarterly basis, a skill that can and should be honed.

Cultivating relationships with the C-suite

Successful CISOs cultivate trustworthy, collaborative relationships with C-level executives. Einstein uploaded up to get together with COOs are often in charge of supply chains, which are a major source of cybersecurity risks. CMOs have used advances in data analytic and customer experience management to propel technology investments. Leading CISOs have also collaborated closely with chief human resource officers to develop novel approaches to recruiting and retaining information security professionals.

Establishing a recruiting programme

Establishing on-campus recruiting pipelines is one of the security community's talent management innovations. While new graduates from a growing number of university cybersecurity programmes are in high demand, it's important to remember that this talent segment requires polishing, most notably through exposure to difficult business dynamics in real-world situations. Some CISOs have also developed innovative professional development programmes aimed at retooling their companies' IT talent with cybersecurity skills.