The information security world isn’t known for its optimism. So it is perhaps unsurprising that when Airbus UK Chief Ian Goslin made a statement at last month’s Farnborough Airshow about embracing collaboration in the interest of the greater cybersecurity good, it raised mixed reactions.
Goslin’s statement that while Airbus and Boeing are cut-throat commercial rivals, “in cybersecurity we collaborate with them completely…” works on the logic that individual failures have sector-wide repercussions. As the “engagingly fast-spoke Welshman” puts it, “if either of us is compromised it has a massive impact on the whole of the industry”. But the truth is, failure by one doesn’t always hurt all. A study taken a year after the infamous TalkTalk breach found that the telecoms sector remained pretty steady, and that TalkTalk was associated with 60% of all cybersecurity content related to the sector, five times more than its closest peer.
In the legal industry (where breached firm DLA Piper is still singly remembered as “that law firm that got hacked”) it is impossible to ignore the fact that the cybersecurity of your company can lose – or win – you business. Wall Street Banks have been demanding that the law firms they work with demonstrate a strong security record for years, and increasingly there are reports of prospective clients sending 60 page questionnaires to prove their credentials before they get the business. “it’s an ongoing nightmare”, gripes one law firm’s IT Director. But in a ruthlessly competitive landscape, how you protect your most valuable business asset – your clients’ data – is a way to set you apart.
And if the banks are pitching their third parties against each other to prove their cyber-strength, they are holding themselves to the same standards. In his recent letter to shareholders, JP Morgan Chairman and CEO Jamie Dimon stressed that:
“I strongly believe that data privacy and security should be a way in which we and other businesses compete to serve customers.”
Competition is part of any free market, and if cybersecurity is to be recognised as a real business issue, we will need to accept that it is also judged as a business enabler. But that doesn’t mean that businesses need to jealously guard cyber strategy secrets, or even to avoid collaboration with their competitors. Instead, why not make your cybersecurity success stories your greatest credentials? Increasingly, end-users are turning to case studies as proof of success when making procurement decisions. There is no reason why they shouldn’t practice what they preach with their own clients, especially when, in the case of banks and law firms, they are already asking.
Goslin’s call for greater information sharing and collaboration was sound. The conclusion that this somehow excludes cybersecurity as a competitive differentiator is over-simplistic. You can put your cards on the table, but still hope that they’re better cards than the other players’. Or, as one legal industry CISO puts it, “collaboration is so important, and we talk and share advice with other law firms all the time. But if I can still prove I am better than the law firm down the road, that’s great, because that’s what is now going to get me the clients”
In today’s market there is scope for organisations to be both collaborative and competitive, and commercial motivation to have the best security can only feed higher overall standards. And if a loss for one equals a loss for all, individual wins can surely only mean good news.
image credits: https://financialtribune.com/articles/economy-business-and-markets/54868/what-next-for-deals-with-boeing-airbus