CX Leaders Are AWOL From the CISO Hack Discussion – Customer Relationship Strength Defines Your Ability To Survive

From a recent Chief Information Security Officer (CISO) conversation about the importance of a bullet proof Customer Management system I thought I would share.

What is? an Experience Operating System and ?how does it relate to hacking?

Customer Experience, Customer Experience Management ?and its associated topics of Customer Relationships, Loyalty and Brand Perception are critical ingredients in every element of modern business.

The best organizations recognize the need to systematize this and build bullet proof customer relationship management that will survive competitive threats and both internal and external challenges.

An approach that can be best expressed by the McorpCX Experience Operating System (or XoS)

What is?a CISO, why is she important and what does that have to do with our XoS and bike riding?

A key business challenge today is the possibility (likelihood!) a company will suffer a hack which can eviscerate revenues, profitability and decades of customer trust.

The responsibility for ensuring organizations are protected fomr that and respond well when it happens belongs to the CISO (Chief Information Security Officer) or head of Cyber Security.

The importance of the role is clearly evidenced by the SEC July 26, 2023 publication rules for cybersecurity compliance and disclosure which now informs annual reporting for public and many private companies

As a bike rider I love the statement “bike riders are either talking about their most recent crash or heading towards their next one .. make sure you have the right gear!”

My CISO colleague says the same is true of hacking ?.. “attempts are guaranteed .. successes are less likely but growing exponentially .. minimizing impact is critical.”

“so as we prepare our 2024 cybersecurity SEC statement we are deeply concerned about the impact of a hack on our customer relationships, ongoing revenue, profitability and stock price”

“which means we need to know how bullet proof our Customer Management System or what you call an Experience Operating System is by segment, market, product to manage such an event”

What are the basic types of hack and what are some examples?

Simplistically there are two types of hacking (for us non CISO normal people):

Ransom attacks – accessing and locking out your systems until you pay to unlock them such as:

• The current CDK Global. Hack - the leading B2B SaaS software solution provider of auto dealer systems is working through what appears to be a ransomware attack.
• The hack that arguably brought this whole thing to business consciousness, the SolarWinds hack of 2020.
• B2B and B2C impacts of Change Healthcare (now part of Optum ) who reportedly paid $22m to hacker BlackCat to unlock their systems.?

Data Theft – where a hacker steals your data, usually customer information, often to sell to other bad actors.

• The T-Mobile T-Mobile security breach in 2021 cost the company $350m in 2022 in customer payouts, with another breach in 2023? affecting 37 million customers
• In Feb 2024: a 美国银行 data breach at Infosys McCamish Systems , a vendor, stealing sensitive personal customer information.
• Also in Feb 2024 in France Viamedis and Amerys hacks exposed 33m French residents’ sensitive personal information
• And of course the mega-hack that brought this to all of us the 2013 雅虎 2013 breach affecting 3 billion user accounts not discovered until 2016.

So how do we understand how strong or weak our customer ecosystem organization is in a hack and what to do about it?

With hacking a high probability in most organizations and CISO and Cybersecurity leaders tasked with officially declaring how strong the organizational muscle is to manage hacks.

CX leaders must be heavily engaged in assessing and strengthening the organizations customer relationships and loyalty especially in hack risk mitigation

The best way to do this is to put a CISO expert and a CX expert in the same room and run through some basic questions, and McorpCX's Experience Operating System (XoS) keys are a useful framework:

1. Strategy & Vision - How does our CX strategy inform our or our partners hacking plans?
2. Alignment and Accountability - Who in our organization is responsible for doing what with our customers in the event of a hack (e.g. communications, testing, verifying impact)?
3. Customer Understanding – What is the impact on each of our customer segments, how at risk are they etc?
4. Design & Innovation – How are our experience design and innovation capabilities optimized to account for this? (e.g. in the CDK hack auto dealers have returned to processing car sales on paper !)
5. Experience Measurement – Are our business systems set up to measure and understand the impact of a hack on our customers, their relationship with us and for us to act quickly?
6. Business Processes – What are our processes to manage our way through a hack and what changes do we have to make? (a favorite is a company dedicated to the messaging and texting on their customer app, the app was shut down by a hack, scrambling to call customers they realized they didn’t have accurate phone numbers in their Salesforce system)
7. Technology, Digital & Data – How robust are our technologies in protecting both us and our customers from the effects of a hack and helping us and our customers through one if it occurs?
8. Culture – And then of course how customer centric is our culture. Do we have a culture of openness with our customers, do we even remember to worry about them when we are panicking and organizing internally?

So what do I do?

If you are a CX leader and you haven’t heard from your CISO, pop your head into her office and mention this.

And if you are a CISO and you don’t have “a bullet proof Experience Operating System” on your audit checklist I would pop your head into your CX Leader’s office.

And finally you want to chat more about it then send me a message (or ring me or send a carrier pigeon if your systems are down!).