Cyber Risk and the Consumer Goods Industry
Over the last few months, we’ve spoken with multiple consumer goods companies to discuss the most impactful opportunities in the digital age and the unique cyber challenges each of them faces in delivering their brand promise. Demand for great digital experiences has grown exponentially and speed and security are top of mind for CIO’s, CISO’s and digital transformation officers at every stage of their digital transformation journey.
A large consumer goods company is a complex dense forest filled with millions of living and non-living things – nested and intertwined with each other. Many of these companies have a global presence across regions and countries with hundreds of brands, dozens of large business units, and thousands of partners. These firms run in a decentralized mode, empowering every part of the business to capitalize on extraordinary digital opportunities—inspiring consumers, enabling partners to create innovative business models, and continuously looking for growth through mergers and acquisitions.
The security challenges of a multi-channel consumer goods company are akin to a forest ecosystem – a collection of complex interdependent parts. Many brand interactions are done through a mobile phone, desktop or connected device. Payments are made online, customer service is handled on web chats, and voice or face-ID is used to verify credit card payments – each enhances customer intimacy while at the same time expanding the attack surface.
A naturalist moving through a forest appreciates the flowers, moss, trees, air, water, and soil – each individual components that make this complex ecosystem so beautiful. The same applies to an omni-channel digital business strategy. The challenge is that security has been an afterthought in building the ecosystem. Most security teams are absorbed in the immediate priority of securing an individual business unit or channel and security teams have limited oversight into the comprehensive ecosystem that impacts the overall cyber risk of the organization. To be successful cyber risk managers must account for the actual Enterprise as a single organism made up of the many intricate components that support this complex ecosystem.
One of the challenges with viewing cyber risk holistically across the business is that data that drives customer intimacy is not centrally created. Personal identifiable information (PII) is amassed through several campaigns with countless partners and with various channels creating a web of complexity for security teams that are tasked with meeting data privacy and regulatory and compliance requirements.
Traditional B2B sales channels have transformed to become Phygital: A large part of consumer goods revenue still comes through business-to-business channels, working with divergent and sometimes competing trade execution models that share sensitive product, packaging, pricing, and promotion details. These channels have transformed to become an amalgamation of physical and digital interactions at every step of the sales journey. Considering the local market nuances and varying degrees of operational and technical controls, it’s challenging for security teams to align cyber risk strategy and data protection controls with the complexities of physical and digital models.
Digital organizations are linked to the larger economy: Digital transformation at the core of the value chain, especially during the last two years of the pandemic, has created remarkable opportunities and an unparallel threat of technology attacks on digital manufacturing and supply chain. These attack not only disrupt the consumer experience, but can have a ripple-effect resulting in a wider crisis. An executive from a large dairy company shared that a cyber attack on a milk production plant could lead to a national crisis, upstream for farmers as well as downstream to the interlinked food industry and end consumers. Are these challenges unique to the Consumer Goods industry? Does a healthcare or insurance company have the same type of cyber risks and potential losses?
We believe that every industry has its own unique nuance – distinctive business models, digital opportunities, partner ecosphere, people and culture leading to specialized security challenges. For example, consumer goods companies have unique manufacturing operations, distributed supply chain partners, sales seasonality, and omni-channel sales and customer engagement models. Managing such complexity at scale and speed in a consumer facing business requires:
- Applied industry wisdom at the centre of the cyber decision-making process
- Re-imagining cyber security strategic pillars with strong industry context
- Extending cyber risk decisions and governance to include a larger set of stakeholders across the breadth and depth of the business value chain
- Intrinsically being aligned with the strategy and implementation of digital transformation programs
- And driving a culture of data-driven decision making.
In our next post we’ll explore Alfahive’s industry-specific approach to cyber risk that aligns the entire ecosystem of risk management for the consumer goods industry.