We’re now very familiar with the negative consequences of a security breach – along with the immediate fallout there is also declining revenue, damaged reputations, missing assets, regulatory fines and litigation, and decreased productivity. Much less is said about the positive side of improving your cybersecurity.

With increased consumer expectations and ever-greater levels of digitization, businesses need to shift their thinking away from simply reducing their security risk. Now, they need to consider how a more proactive approach to cybersecurity can actually deliver real business value.

Greg Bell, US leader at KPMG Cyber, says organizations can create new business opportunities by reframing their approach to cybersecurity as a business driver. “In too many industries, information security is still seen as a technology risk to be minimized instead of a business issue to be optimized.”

Once perceived as just an IT issue, businesses are now waking up to the fact that cybersecurity can provide a strong competitive edge for businesses who get it right. In fact, one study of high-growth businesses found that they expected to see an average of 6.7 significant financial benefits from improving their cybersecurity.

Here are four ways that optimizing your website security can help you stand out from the competition and drive growth.  

1. Win new customers and enhance customer loyalty

Smart businesses are now using strong cybersecurity and privacy as a selling point. A survey by Vodafone found that 89% of businesses believe strong cybersecurity will enhance customer loyalty and trust. The same percentage think that security is a competitive differentiator that will help them win customers from competitors who can’t offer the same assurances.

“In the online world of today trust is the new currency for businesses.” Hans Nipshagen, Regional Sales Leader Web and Security, Akamai Technologies

Across every sector taking your cyber health seriously is fast becoming an essential requirement for new – and existing – customers to do business with you. With IBM’s The Harris Poll reporting that 60% of global consumers are more concerned about cybersecurity than a potential war, it should come as no surprise that consumers increasingly value companies that prioritize safeguarding their information. When done right, cybersecurity builds trust, increases customer satisfaction, and can help you win new customers.

On the other hand, consumers have little interest in dealing with businesses that have suffered from security breaches. A study from KPMG revealed that 8 in 10 consumers would be wary of, or never buy from a carmaker again, if it experienced a hack. Data from a Capgemini study backs this point up, with 66% of respondents claiming they’d stop or drastically reduce transactions if they learned from the media that a retailer suffered a data breach. It’s clear that consumers don’t want to buy from businesses they cannot trust to protect their data – no matter how slick their product is.

Brand loyalty can no longer be relied on. A single security breach, one instance of mishandled personal data, or an overlooked vulnerability that later comes to light can be the tipping point for them to turn to a more security-savvy competitor. Yet implementing cybersecurity capabilities has the power to increase a key success metric for nearly all businesses – customer satisfaction. According to the Capgemini cybersecurity study the number of satisfied customers more than doubles if a retailer implements cybersecurity and data privacy capabilities.

While avoiding jeopardizing your revenue opportunities and retaining customers is reason enough to invest in good website security, an additional advantage of increased consumer confidence in your cybersecurity is being able to command a higher price point for your secure product/service. 40% of Americans are willing to switch from their existing service to one that offers cybersecurity protection as a feature. Even more interestingly, more than a quarter (26%) are even willing to pay more for such a service.

How can you do it? Consumers who perceive your site as secure are more likely to do business with you – and that gives you a competitive advantage over other, more security-lax businesses. 78% of respondents in The Harris Poll survey said a company’s ability to keep their data private is ‘extremely important’. Despite this, just 20% said that they ‘completely trust’ organizations to maintain the privacy of their data. That’s a gap that security-savvy businesses should be looking to fill.

More than three-quarters of consumers now rank cybersecurity as a top-three factor when choosing a product – that’s just behind product quality and availability and ahead of attractive pricing and brand reputation! Tap into this sentiment by promoting your strong stance on data protection. Some effective ways to communicate that you’re serious about security include:

  • Talk about cybersecurity. Start a conversation around your cybersecurity capabilities that includes addressing consumer privacy concerns, explaining how personal information will be used, and stating how you’ll protect that data. There’s no reason why trust can’t become a core brand attribute for your business.
  • Install a Secure Socket Layer (SSL) certificate. 18% of shoppers have abandoned a site during checkout because they don’t trust it with their credit card information. For online retailers, ensuring security certificates are in place can convey a stronger sense of trust and lead to more conversions. Installing an SSL certificate makes it more difficult for cybercriminals to intercept payment information.
  • Convert your website(s) to HTTPS (hypertext transfer protocol secure). This measure proves that you have authenticated your domain with the proper certificate authorities.
  • Add visual security clues to your site. According to a Baymard Institute study, the average user’s perception of a site’s security is largely determined by their gut feeling. So, incorporate visual ‘security clue’ elements like trust badges, reassuring copy, and visual styling to improve your visitors’ perception of your site’s security.

2. Present an always-on website

Distributed Denial of Service (DDoS) attacks involve a hacker using a large network of infected systems to flood a company’s servers with malicious traffic. This usually causes the targeted website to slow down, crash, or go offline. DDoS attacks also deny legitimate access to a website, cutting off a business’s revenue stream while their site is out of action.

Organizations shouldn’t overlook the profits they could miss out on if their site is targeted in this way. A single attack can bring business to a standstill and lead to weeks of disruption to business operations afterwards. The average cost of this sort of downtime? $5,600 per minute, according to Gartner.

According to IBM, downtime not only disturbs the flow of a business’s operations, it also reduces its competitive advantage: “Today, digital business channels represent a greater market share and can drive revenue generation. Apart from revenue and productivity losses, customers do not tolerate downtime. They will quickly abandon a business and use a competitive firm to meet their needs.”

In the worst-case scenario, a business may not survive the downtime and reputational damage caused by a DDoS cyber-attack – 60% of small to medium-sized businesses end up closing down within six months of suffering a data breach.

How can you do it? A business that takes steps to protect itself from cyber threats is much more likely to reduce the impacts to productivity that result from an attack. With proper planning, you can reduce the downtime your business experiences from cyber-attacks and attract customers looking for a more secure alternative to a breached competitor with the advantage of your always-on site experience.

  • Scan your website continuously. When it comes to DDoS attacks, prevention is better than cure. Most exploits towards web applications and websites involve seizing the opportunity provided by unpatched vulnerabilities present on your website. Avoid making yourself an easy target by investing in anti-malware software to scan for and prevent them.
  • Create an incident response and recovery plan. When it comes to a cyber-attack, every second counts. A clear incident response plan ensures that your business has the required resources and processes in place to efficiently get your website back up and running after an attack.

3. Reap the SEO benefits

To protect searchers and encourage businesses to prioritize their website’s security, search engines, including Google, list Hyper Text Transfer Protocol Secure (HTTPS) as one of their SEO ranking factors.

HTTPS works by encrypting sensitive information such as credit card numbers, passwords, and usernames while they are being processed on a site. Wherever possible, Google will send searchers to HTTPS-authenticated content, rather than HTTP content. In fact, since 2018, Google Chrome will flag any website not using HTTPS as insecure.

Gary Illyes, Webmaster Trends Analyst at Google, said that the company’s HTTPS ranking boost may serve as a tiebreaker when the quality signals for two search results are otherwise equal. So, having HTTPS can mean the difference between placing on page one or page two of Google. In other words, it makes bad business-sense not to do it. 

On top of that, websites can be blacklisted by search engines for being malware-infested. That means lower visibility and up to a 95% drop in organic traffic that could be hard to recover from.

How can you do it? Move ahead of your search competition and avoid the (potentially permanent) damage of SERP blacklisting by following a security-friendly SEO strategy.

  • Enable SSL encryption across every page of your website. Some businesses only put HTTPS on the pages that need it, but search engines serve results on a page-by-page basis—not by your whole site. Your individual pages won’t get a boost from SSL if they’re not served over HTTPS.
  • Always update website plugins. One of the most common causes of compromised sites and therefore, tanking search rankings, is outdated Content Management Systems (CMS) and plugins. Google’s top recommendation for dealing with site hacks is to prevent them from happening in the first place, so to avoid malware warnings ruining your site experience, safeguard it by using a scanner that detects and patches vulnerabilities on an ongoing basis. It’s also important to routinely check for and install updates and patches and remove plugins that you no longer use.
  • Carefully track the expiry dates of website security certificates. An expired website security certificate can send your pages tumbling down the rankings. Yet, according to a Ponemon Institute study 71% of organizations don’t actually know how many certificates their site has and 55% have experienced four or more certificate outages in the past two years alone! The best way to avoid unencrypted data caused by lapsed certificates is by using an automated certificate management solution that alerts you to expiration deadlines.

4. Set – and meet – business partner security standards

It’s not just consumers that care about security and privacy safeguards. Partners, investors, and suppliers increasingly demand to see website security assessments before entering into a partnership or signing a contract. Business partnerships can be an effective growth mechanism, but they also provide an ideal environment for third-party data breaches.

Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute, says, “Considering the explosive growth of outsourced technology services and the rising volume of third parties, companies need to take control of their third-party exposure and implement safeguards and processes to reduce their vulnerability.”

With nearly half (47%) of IT professionals in a Security Magazine survey admitting they are not confident in their business partners and suppliers’ security, and a security failure prompting 86% to consider terminating a contract with a supplier,
there’s a competitive advantage to be had for organizations with strong cybersecurity policies and processes. Having these standards in place ensures your business can apply for new and lucrative contracts and partnerships that mandate a certain degree of cybersecurity.

Naturally, these standards should also apply to your organization’s dealings with business partners. Remember, if your business partner isn’t secure, you’re not either. A reminder of what can go wrong when third parties don’t follow cybersecurity best practice is the 2017 ransomware attack that targeted a Netflix post-production business partner. It resulted in the streaming service’s upcoming series of Netflix’s Orange is the New Black being shared online by the hacker.

How can you do it? Meeting and managing business partner security standards takes a two-pronged approach.

  • Enforce business partner cybersecurity best practices. Assess all prospective partners, consultants, agencies, suppliers, and vendors for good cyber health. You should also implement ongoing security reviews to ensure they continue to meet new and changing security requirements.
  • Establish yourself as a trusted business partner. Demonstrate your commitment to good cyber hygiene by creating and adhering to a corporate cybersecurity policy. It’s also important to be transparent about the steps you take to protect sensitive data.

Ready to talk about website security?

Strong cybersecurity ensures the competitiveness of, and ultimately, the long-term survival of your business. With 69% of executives seeing the main purpose of cybersecurity as reducing risk rather than a strategic advantage, there’s a lot of room for improvement. While cybersecurity is a huge and complicated field, gaining a better understanding of your website’s vulnerabilities is a good place to start. Book a 1-1 meeting with our website security experts today to learn how we can help your business benefit from stronger website security.