Experiences shape the way we feel and act. This is why Amazon put customer ease above potential customer data risks when it patented its 1-Click purchase feature. And why the Ritz-Carlton offers highly-personalized service. They know the value of customer experience and have made it central to their business model. It’s time for security and risk leaders to do the same.
If you can improve their comfort and understanding of risk and security, you can help your company move faster
“Today, the battleground for the digital industrial revolution is the customer experience,” said Leigh McMullen, research vice president at Gartner, during the 2018 Gartner Security and Risk Management Summit in National Harbor, MD. “Security should not wreck the customer experience, but it often does.”
He added that, for security and risk leaders, the customer is anyone in their enterprise. Long focused on operational excellence, such leaders must now work to create an effortless customer experience for their business executives. This can mean giving up control, which leads to the nexus of a culture clash.
“Your customers want the effort they put in to match the value they expect to get. If you deliver the wrong experience, they’ll just tune you out,” explained co-presenter Paul Proctor, vice president and distinguished analyst at Gartner. “If you can improve their comfort and understanding of risk and security, you can help your company move faster. That is truly a business value of security.”
McMullen and Proctor identified five things security and risk leaders can do now to create a better experience for their executives.
No. 1: Actually speak to executives about things that matter to them
Talk to business leaders about what’s important to them. Don’t assume you know. Remember, it’s about what they think matters. Ask the question: “What types of decisions do you make every day.” The answer can provide lots of insights. Show them how their business outcomes are directly dependent on technology.
No. 2: Help executives with their decisions through operationally-focused risk assessments
Start with a business process and conduct interviews with the people who execute that process. “Offering executives decision-making in the context of operational outcomes makes these engagements more than interesting to them. It directly impacts the decisions they make,” Proctor said. “You are now helping them do their job.”
No. 3: Create defensibility for your executives
Executives do not directly control technology security and risk. But when things go wrong, they are usually held accountable. They need defensibility. “We have treated security like a dark art for so long that when an organization gets hacked, people don’t understand,” McMullen said. “You can’t guarantee the organization won’t get hacked, so stop selling your executives protection, and start selling something they truly need, defensibility.”
No. 4: Take tech out of your conversations
Your ability to put decisions in terms of business outcomes is critical to your success in a modern risk-based world. Don’t talk about security and risk in only technology terms. Although tech will always be a part of the conversation, your partners need to understand what you’re saying. “Making risk and security more transparent and business-aligned is an absolute requirement,” said Proctor.
No. 5: Move from project to product management
Use product management to change the experience you deliver. Unlike project management, everything is continuous and typically organized around a business process and the IT requirements to support that process.
“Doing these five things will improve executive experience, their perceived value, and result in a better, more appropriately protected organization,” said McMullen.