The gaming industry is already giving perks out to their consumers for adopting good security practices for their accounts. For example, this past year, Electronic Arts offered a free month of their Origin Access subscription service to encourage users to enable 2FA (two-factor authentication). Epic Games, who develops the super popular Fortnite game, accidentally leaked a $10 credit online that was intended for users who enabled secure login to their gaming accounts.
Why would these gaming companies give away money? Simply put: better account security yields higher profit. Profit is the cost of sales minus expenses and security helps both increase sales and reduce expenses, thereby yielding higher profits. While these tenets apply universally to all industries, the gaming industry in particular quickly realized that implementing better security measures is a no-brainer.
Better Security = Lower Acquisition and Retention Costs
Liftoff, a mobile marketing company, found that it costs an average of $4.37 to acquire a new user, $9.17 to register a user, and $35.42 to get a user to make their first in-app purchase. It’s not cheap to acquire new customers, and a big part of customer acquisition is trust in the brand. By making it easy and secure for customers to sign up for your service, and also help them register and make their first purchase, CAC (customer acquisition costs) will inevitably decrease.
Because consumers are becoming more and more web-savvy, it is increasingly difficult to convert new customers into paying customers. Instilling trust in the brand becomes the cornerstone. According to Edelman research, 43% of US respondents (35% globally) said that trust in a brand has become a more important purchasing factor due to the ever-increasing number of brands that have personal information in their databases.
Organizations can increase customer engagement and trust through implementing frictionless security controls around their sensitive data, which leads to lower CAC while maintaining the lifetime value of a customer and increasing brand loyalty. A security control can be as simple as a password reset workflow or requiring an additional step-up challenge. Good security does not necessarily mean end-user friction: striking a balance between risk tolerance and great end-user experience is key for organizations. Involving the customer in the feedback loop increases trust and customer engagement because they are being educated on how organizations protect their accounts. When customers aren’t informed or engaged, companies can lose customer loyalty.
Customer Retention Costs are also critical to the overall profitability of an organization, and customer security is at the heart of customer retention. According to Gemalto, 65% of consumers would never or be very unlikely to continue doing business with a company that experienced a financial data breach. Given the high costs of acquiring a new customer, companies are incentivized to increase customer retention; one way is to implement better security to avoid the breach of financial information.
Better Security = Lower Helpdesk and Operations Costs
1. Helpdesk Costs
To offer a great customer experience, most organizations have a service desk that handles customer questions or troubleshooting issues. However, maintaining helpdesk staff is expensive. According to BMC, an IT management company, the average helpdesk ticket costs an organization $15.56 per call. Going back to the earlier example: if enabling 2FA for each user account can cut down on one helpdesk call, then Epic Games already gained $5.56 per user account despite giving out a $10 credit.
Incentivizing users now to adopt better security practices leads to lower helpdesk and troubleshooting costs later. Security workflows like requiring identity verification at login, or requiring the customer to “self-heal” through an automated password reset workflow, helps protect against account compromise. Such practices not only educate users on how to protect their own sensitive data, but they also automate remediation that would otherwise require helpdesk mitigation. Including remediation workflows, such as a password reset, reduces an organization’s service desk costs by automating the troubleshooting process.
2. Security Operation Costs
The entry-level salary of a security analyst is approximately $75,000/year. Thus, spending a SOC analyst’s time on security incidents caused by bad alerting configurations is wasteful and expensive. Oftentimes, each security incident requires manual investigation, and at these salary levels, it’s no surprise that security teams are overworked and understaffed. In fact, twenty-seven percent (27%) of SOCs receive more than 1 million alerts each day.
Adding in the software costs of the SIEM, UEBA, and other analytics solutions used to manage and visualize the alerts, one can see that security operation costs quickly become a huge expense. Implementing a security solution such as automated account recovery and intelligent alerting can greatly reduce security incidents and manual investigations, thus greatly reducing operational costs, and helping focus your analysts on more important issues.
Treating Security as a Profit Driver
A security approach that meets the needs of both an organization’s security teams and revenue teams creates stronger cross-functional alignment, enabling companies to more easily achieve their revenue targets. Implementing better security controls leads to lower cost of ownership by reducing expenses and increasing sales. The examples above just begin to tell the story of the cost reduction that comes with better security – a story that redefines security as a profit driver. When organizations treat security as a profit driver, they not only get better account protection and reduction of risk, they also get an optimized customer experience yielding higher total revenue.
We need to walk away from the outdated notion that security controls come at the expense of user experience. Striking the right balance between security and risk tolerance can lead to greater retention, fewer abandoned carts, and ultimately more revenue. Furthermore, security can increase brand trust and loyalty. Long gone are the days when security was seen as an irritating cost center and a hindrance to user adoption. Good security and good UX are not a zero-sum game: online services are simply more profitable when security is baked in.
*** This is a Security Bloggers Network syndicated blog from Castle authored by Monnia Deng. Read the original post at: https://blog.castle.io/redefining-security-as-a-profit-driver/