There was a tipping point not so long ago in the realm of environmental responsibility for businesses. For some time, curbing emissions and waste was simply something the corporate world did if it had to, in order to comply with governmental regulations and avoid a hefty fine. Now, driven by a few ‘leading-edge’ companies who chose to take the plunge, being ‘lean and green’ is widely agreed to improve profitability and enhance competitiveness.

I now see cyber security – and more specifically, data security – positioned at the edge of a similar tipping point. Driven by the introduction of the General Data Protection Regulation (GDPR) and heightened by constantly evolving demands, consumers are changing their purchasing habits. With this only set to continue, there is every chance we may soon see organisations using data security to seize a competitive advantage.

GDPR: to help or hinder?

In the run up to its implementation earlier this year, the GDPR scare stories came thick and fast, with the majority of exposure playing on fears of enormous financial penalties or reputation-destroying data breaches.

points of light connected by beams of light

While some businesses have undoubtedly been more cautious of the impact of their irresponsible data practices than others have, the regulation has arguably created a damaging approach to security. Many organisations recognise data security as something that can’t be ignored, but still invest in it sparingly and reluctantly.

While it’s not difficult to understand the psychology at play here – it’s hard for any of us to get excited about spending money when we feel we are forced to do so – that doesn’t make it any less of a priority. Think TV licenses and car insurance, for example.

However, the narrative is set to change. There has never been more public awareness around the importance of data security – between the Cambridge Analytica scandal and hundreds of GDPR ‘opt-out’ notifications – the topic has been on our front pages and at the top of our inboxes for a while.

Indeed, data and information security has truly emerged into the public’s collective consciousness as we’ve seen in recent examples such as the reporting on cyber hacking group, Fancy Bear, where the group had tried to steal data from political organisations, including the International Republican Institute and the Hudson Institute think tanks.

A personal interest

Cybersecurity and personal data security has now become so important it’s gone from something consumers simply know about, to something consumers actually care about.

What’s more, we’re increasingly seeing evidence that consumer buying habits are directly influenced by how closely a company will safeguard their personal data. In fact, Gartner recently predicted that by 2021, organisations that protect their customers’ privacy will generate 20 per cent more revenue than those who don’t. So, similarly to environmental issues, data security is shifting from a box-ticking exercise to something that demonstrably drives sales.

IBM has gone even further, with its consumer survey revealing that 75 per cent will not buy from a company – no matter how great the products are – if they don’t trust the company to protect their data. It’s intriguing to see which companies will be the first to truly flip the message to customers. As mentioned earlier, corporations could even harness positive data security practices to seize a competitive edge in the market.

On a business-to-consumer level, we’ve already observed retailers utilising GDPR as an opportunity for innovation and further customer engagement. In an article for Data IQ, David Reed correctly explained, “GDPR is the perfect opportunity for businesses to rethink their approach to data and the enhanced customer relationships and experiences it allows.” We can see that through brands that are using GDPR as an opportunity to innovate and are now benefitting from stronger relationships with their customers, and are now more engaged with their marketing programmes as a direct result.

Ethical incentives

Similarly to the recent war on plastic – which was catapulted into the public view thanks to documentaries by Sir David Attenborough – it could be possible for responsible data use and storage to become mainstream. Arguably, responsible cybersecurity practices could become part of wider marketing plans for companies, especially as we see demographics like millennials who are broadly looking for opportunities to do good in the world, not just financially.

According to not-for-profit consultancy Ethical Consumer, the ethical products and services sector has grown by more than £40bn since 2008, with households spending an average of £1,263 on ethical goods last year. And, what’s to say that in the wake of Cambridge Analytica and other significant data breaches from this year, there isn’t a gap in the market for ethical data marketing? Indeed, there could be an opportunity for driving revenue, trust and engagement with customers, akin to the recommended ban on single-use plastics.

Indeed, the plastics initiative is part of a wider green objective that businesses have harnessed, and as we found with ‘green business’, it only takes one or two trailblazers to revolutionise the course of an entire industry. The same will soon be said about data security, with evolving regulations and industry competition encouraging organisations to think differently about data best practice or risk lagging behind.