Security & Privacy by Design: A Cultural Revolution and a Matter of Corporate Social Responsibility for Tech Firms

For years, many technology firms have treated security and privacy matters as an afterthought. It was at best a necessary evil related to regulations and compliance; at worst, something you would window-dress on the day in front of those few clients who would ask the question.

It was seen as something boring and expensive, at odds with functionality and preventing innovation and agility.

Of course, with the convergence of IoT, Big Data and Cloud technologies, the cards are now dealt quite differently, and many tech companies – large and small – are starting to realize that they are going to have to adjust their mindset to survive, or make the most of the times ahead.

The convergence of those technology streams generates countless use cases in all industry sectors and has the genuine potential to transform our lives – and create trillions of dollars of economic value. But it also requires a type of hyper connectivity that multiplies attack surfaces exponentially and is highly vulnerable to cyber-threats. “Data” is currently treated by many tech firm as a free limitless commodity, and many of those firms talk about it as if it belonged to them and they could do whatever they like with it. But in practice, they acquire it most of the time through ludicrously one-sided terms of business which nobody reads, and from people – consumers, citizens – who have rights and expectations of privacy. It is only a matter of time until such practices start to be challenged.

The digital transformation of society will never realize its full potential as long as the trust of consumers and citizens is constantly being hammered by data breaches, cyber security incidents and ruthless data monetization by shameless vendors.

Technology vendors who want to stay in the game over the long term must take security and privacy seriously, and turn that into a competitive advantage for the generations of customers who share those values.

It will be a massive cultural shift for many tech firms.

Security by Design” and “Privacy by Design” principles have been established for a long while and they are still at the heart of what needs to be done to move forward:

  • Security features have to be treated, designed and tested as a proper product functionality embedded as early as possible in the way the product works – not as an add-on.
  • The respect of customers right to privacy has to be treated as a key business model parameter – not as something you will compromise on to make the numbers add up.

Whether the current generation of executives, investors, marketers & technologists running those firms is capable of understanding and delivering such shift in values is a key factor: The fundamental need for controls and the ethical treatment of customers at the heart of those principles is probably not something they were taught at business school.

It is nevertheless the ability of those firms to embrace “Security by Design” and “Privacy by Design” concepts that will become the cornerstone of the digital transformation.

Fail to make the move and at best value creation will be reduced by several trillions (between 1 and 3 by 2020 according to McKinsey & Co for the 2014 World Economic Forum); in practice, if it is the trust of the people that is irreparably damaged, it could be the dynamics of the entire digital transformation itself that might have to be re-considered.

With so much at stake, it is becoming a fundamental matter of corporate social responsibility for tech firms to take security and privacy values at heart.


Corix Partners is a Boutique Management Consultancy Firm, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation & Governance challenges.

(This article was first published on the Corix Partners blog on 10th March 2016)

Arrange a Conversation 


Article by channel:

Read more articles tagged: Featured