It has become almost routine to talk about the importance of cyber security in an increasingly dangerous environment – but developments in recent weeks have highlighted just how likely and real the threat is.
Both M&S and Co-Op have become high profile victims of cyber attacks which have seriously disrupted their systems. Several weeks on from the initial attack, M&S is still not operating online – customers can only browse, not buy. Co-Op suffered extended gaps on its shelves which are only recently beginning to fill up again. In its annual results press statement, M&S said that it expects disruption to last through June and into July, with a £300m hit to operating profits. More recently, a supplier to several national supermarkets warned that it too had been hit by an attack which would affect its fulfilment of orders.
These are truly serious and alarming developments underlining that cyber security is not just an abstract item on an organisation’s operational risk priority list – it cuts right to the heart of the ability to operate at all and the importance of keeping your customers and employees onboard with the decisions you will have to make.
Obviously, this raises a technical imperative – all organisations must keep investing in their cyber defences, continuously monitor for threats, run regular tests and simulations, and also educate staff on security protocols and best practices.
But for me, as I look at this through a service lens, there are several other lessons that also arise.
Long-term commitment to service builds up customer goodwill
Firstly, it is clear that those organisations that have shown an enduring commitment to high levels of customer service – such as M&S and Co-Op who are regular high performers in our UK Customer Satisfaction Index – effectively build up a bank of goodwill that helps them trade through difficult times. Clearly, there is a risk that customers will defect elsewhere when services or products become unavailable. This will inevitably happen. But businesses that have built up loyalty amongst their customers are likely to suffer this less than others. I have been struck by a number of social media posts that I have seen, for example, urging people to keep buying from M&S or Co-Op and show their support.
A couple of months ago, I wrote in this blog about our Risk and Reputation Report – this also showed the goodwill dividend of the service commitment. What’s more, it showed the extent to which customers care about data privacy and security – with a data breach coming in the top five things customers said would be most damaging to an organisation’s reputation.
Omnichannel models can help organisations keep trading
We know that customers like and indeed expect to be able to do business with organisations wherever and however they choose – whether that’s through an app, online, in-store/in-person, or through another channel such as email or phone. Taking an omnichannel approach is therefore a key component of making life easier for customers and, assuming the channels work well, creating a better customer experience. But with cyber in mind, developing an omnichannel model is also a strong insurance policy because it means there are other options open to customers if one channel goes down. If your business is single channel – are you setting yourself up to fail?
Clearly, however, there are technical considerations here. If systems are fully integrated across channels, there is a risk that an incursion in one place could give an attacker ‘access all areas’ and the ability to bring everything to a halt. Robust security configurations are needed to prevent contagion across the enterprise.
Supply chains and supplier relationships are critically important
My third point is that these cyber attacks are a reminder of how crucial the supply chain is, on a number of levels. Firstly, the supply chain can be a route into an organisation’s systems for hackers if there are entry points from there – so including supply chain in your cyber security framework (and including suppliers in your cyber education and upskilling activities) is simply essential.
Secondly, the cyber incidents we have been seeing have major ramifications for suppliers too, not just the end organisation. A disruption to a company’s operations may mean that they suspend or cancel their orders from suppliers. There is a real risk of suppliers – rather like customers – switching to supply elsewhere in order to maintain cashflow and sales. It could be hard to get these suppliers back once business returns to normal. So the lesson here is that building and maintaining strong relationships with suppliers is crucial as organisations will need their goodwill too. How you treat your suppliers could stand you in great stead in times of challenge – or come back to haunt you.
By the same token, there are lessons for suppliers as well. They too must invest in their cyber security – if they are seen as a weak link, they could quickly be dropped. They also need to cultivate good relationships with their clients, because goodwill and understanding are needed on both sides to navigate through the pain and disruption of a significant cyber incident.
Ultimately, all of this highlights the fact that no business is an island. We are all inter-connected and inter-reliant. The organisations that really come good on a commitment to sustained levels of service to customers and respectful, supportive and collaborative relationships with suppliers and/or clients will be the ones best-placed to withstand and then recover from the scourge of cyber crime which, sadly, is very much with us.
Related Posts
