Investing in cyber security

As superannuation funds and other financial organisations seek to further leverage digital channels, Matt O’Keefe and John Havers write that they need to be prepared to appropriately invest in cyber security. 

Not many executives get excited about investing in cyber security. They do it because they have to, to reduce risk – but this is an asymmetrical investment, with almost no upside when cyber security works well, and significant negative attention when it doesn’t! But what if it could be used to attract and retain new customers, and build new business? 

Typical cyber security discussions are about locking down data access, keeping out hackers, and protecting against a myriad of external and internal threats. But to pursue the business opportunities driven by the digital/mobile/data revolution you need to invite people “into the store” to access and share information. 

That is not about locking down data access. It is about unlocking the information needed to become more intimate with customers – getting to know customers, digitally, to understand their needs to serve them better. It is also implicit that you will respect their wishes – managing the “three Ps”: Permission, Preferences and Privacy – all part of what we call Consumer Identity Management. 

For many organisations, that is a difficult road to go down. For many trusted advisers that the chief executive or board members might turn to, the first instinct is to say no, it can’t be done, or that it would be too risky. That’s understandable: traditionally their role has been to keep people out of the organisation’s information systems. 

With the rise of FinTech, however, there are new threats and opportunities which make the technology capabilities that underpin digital business strategies vitally important to the success of wealth management organisations. These include capabilities around digital identity, data analytics, customer preferences, and privacy. 

In the wealth management supply chain, customer relationships are often in play, with financial product suppliers, trustees, and financial advisers all playing important roles. In the digital economy, traditional supply chains will be disrupted by services offering superior customer engagement or product offerings supported by digital innovation. 

Through the eyes of a digital disruptor, wealth management offers attractive margins to target, potentially dissatisfied customers, scale (with compulsory superannuation), potential for globalisation, and a product and service offering that has innovated minimally and reluctantly. Innovative new businesses see the potential to exploit consumer information and turbocharge their growth. To compete – and not become digital dinosaurs – incumbent organisations need to understand and engage with the digital economy, and mature their own capabilities. Effective understanding of the digital identity of your current and future customers – their Consumer Identity – is a core foundation competence. 

Almost every organisation holds customer information they could leverage if they had the right capabilities. Often the first step is giving the CEO the ammunition to say to their security people: “We can respect privacy and security, we just need to use our information security tools for a different purpose. We can use them to share information, provided the consumer has control over the process, for their own benefit.” 

As consumers we’ve all had relationships with a vendor – a local shop or a car dealer – and felt disappointed when a familiar face leaves. We value those relationships because we know that we will get better service and won’t be pestered with the wrong offers. When we do get the right offer we say, “Great, I like that”. 

It’s the same in the information economy, except that it’s digital identities and data. A financial aggregator, for example, might see that you have a large sum of cash earning low interest. Or that someone has three credit cards and a personal loan that could be consolidated. An affiliated peer-to-peer lender might be able to structure offers to give both of you a financial benefit. They could say, how would you like to be getting eight per cent on that cash instead of three per cent - or how would you like to only pay nine per cent on that credit card debt? 

Yes, there are challenges, such as the ethical treatment of customer information. If a company can analyse an individual’s behaviours – even their psychology – then what are the ethical boundaries around using those insights?

A panellist on a cyber security panel discussion at the recent CeBIT Conference suggested that organisations need to build their digital literacy skills around good ethical decision-making, and we think that’s a good approach. 

It’s a very interesting discussion to be able to have. “Able to have” being the operative words, because if you’re not able to use your knowledge and analysis of customers and engage with them openly on that basis, then the discussion will probably remain only hypothetical, and someone else will. 

In the next five to 10 years we think the Australian wealth management sector will consolidate with fewer, larger organisations, including new players with fast-growing digital businesses that will steal market share. But we also see opportunity for incumbent organisations, leveraging their existing trust relationships and rising to the challenge. 

For both new and old players, cyber security and privacy safeguards with a focus on Consumer Identity Management – combined with old fashioned business sense – are the keys to knowing customers in the digital world and building the competitive advantage to survive and prosper there. 

Matt OKeefe is Partner in KPMG Australias Technology Risk practice while John Havers is Director of KPMG First Point Global. 

Recommended for you



Add new comment