Information Risk: Balancing the Good and Bad of Data Analytics

Managers like to talk about the power of data and analysis, and the opportunity it gives them to launch new products and reach new customers. But there’s an opportunity cost to any decision, and the growing sophistication of analytical capabilities also makes it more likely that companies’ and, more importantly, customers’ data can be lost or stolen.

Nevertheless, the promise of all that new revenue from data analysis has prompted managers to employ third party vendors to complement internal data sources and processing capabilities, and to identify different ways to combine existing data. The former has opened up companies to new security risks while the latter has left some customers feeling uneasy about the privacy of their data.

Two Things to Avoid

To avoid both these problems, CIOs do the following.

  1. Carry out due diligence on vendors’ supply chains: Companies are now increasingly integrated into complex third-party ecosystems, but not conducting the appropriate checks to ensure their security. For example, an organization could fall victim to an intrusion if it relies on a vendor that outsources part of their solution to a niche third party with lax security controls. Poor security standards across an ecosystem can therefore have trickle down effects to your organization.

    A more holistic review framework needs to be implemented to make sure a company is joining a secure data ecosystem. Instead of simply conducting due diligence on the immediate vendor, information risk teams should look beyond into as much of the rest of the supply chain as necessary (see chart 1). By anticipating risks, encouraging joint solutions to these problems, and communicating the importance of such solutions to business partners, the company will be far better prepared to respond to costly security incidents.

    Chart 1: A shift in managing third-party relationships  Schematic  Source: CEB analysis

  2. Understand customer comfort regarding data and build relationships organically: Many IT teams have adopted a “test and learn” process with data analytics where they combine sets of data in new ways to see if it will tell them something new about their customers, products, or markets. This can involve combining internal and external data sources generated by customers, many times without their knowledge or permission. Without consent from customers, the business case for acting upon the insights that come out of this process is often tenuous and potentially creepy – which isn’t going to help any branding efforts.

    Managers should start thinking about how to use customer data by asking, “Would my customers feel comfortable knowing I have data that could be combined to produce information about their preferences from, say, from social media or data browsing behaviors purchased from data brokers?” Thinking first about customers’ view of data usage and ownership will help managers understand what is and is not appropriate.

    It is also important to remember that customer relationships are built over time. Simply having certain information on customer preferences does not mean it should be acted upon immediately as a way to improve a customer relationship. Finally, if customer data is used, provide examples of how the process works and what the outcome of the data analysis will be to help customers understand what is going on behind the scenes.


Share this Story: