Customer Experience: The Missing Pillar of Information Security Programs

Few days back, an information security executive asked for help. He has been struggling with demonstrating “tangible business value” of his information security program. We started our dialog about the company business, revenue sources, key issues, competitors and how he could help his organization turn their customers into their brand advocates.

Any successful information security strategy has to start and align with business goals and objectives. There is no way to create meaningful value if the business goals are not properly understood and taken into account.

There are many opportunities for information security teams to create business value. Every CISO, when thinking about strategy, must seriously consider the value at various levels. For example:

  • Think about making the security program “customer centric” by focusing on Customer Experience (CX) such that the customer “feel great” every time they have interaction with your products or services?
  • Simplify things. As an example, could you reduce a few clicks in the user registration process on your Ecommerce web site so that people don’t abandon the registration before completion?
  • Are there options of using innovation for password-less authentication via federation or other means on your mobile app without compromising security?
  • Can you help create excellent service no matter how customers interact with the company?
  • Is there a way to help your organization identify new data sets to get better insight into customer behavior?
  • Can you securely enable APIs for your B2B partners and fuel automation in the supply chain?

The fact of the matter is that most of the information security teams are not realizing how much business value they can create by making just few adjustments to their approach about business. Having a “seat at the table” during strategy and design can help identify, quantify, and demonstrate value to other stake holders.

Customer Centric Approach

While most of the security programs have a heavy focus on the use of technology, processes, and governance models, very few think about the impact of security controls on Customer Experience (CX). As a result, we frequently hear comments like “security is a roadblock for innovation” or “it is very difficult to work with security teams”.

The missing ingredient of true success of an information security program is the lack of focus on “Customer Experience”, whether internal customers or external ones.

Where are most of the security programs stumbling? They are not focusing on a few key concepts like simplicity, ease of use, reduction of steps to accomplish different tasks, use of innovation in security technologies, and proactively becoming part of business transformation.

Today’s CISOs need to assume the role of Chief Innovation Officer to help their businesses grow and turn their security teams into innovation machines.

Companies like Amazon and Uber are very successful because they make security seamless in such a way that their customers “feel good” after every interaction with their brands. This “feel good” is really the Customer Experience we are talking about and information security has a major role in achieving it.

Hyper Connected Customers 

For today’s hyper connected customers and in an extremely fast changing business environment, CISOs must bring customer-centric approach to their security program so that it becomes a business enabler, earns credibility, and provides a competitive advantage for the business. Small, incremental steps can bring big changes. If you can reduce one mouse click in user registration process, go for it. It may tip the balance such that a user who was about to abandon the registration on your Ecommerce site may turn into you customer. If the lifetime value of a customer is $1000, imagine how much business value you create by adding just few new customers each day who would have otherwise left because registration process was too cumbersome for them.


Imagine if people “feel good” about your password reset process, they will become your brand ambassadors, just like all of us are self-appointed promotors of a few brands we love. Have you ever told any of your friends how awesome shopping at is? That is the essence of a great Customer Experience!


About Rafeeq Rehman

Consultant, Author, Researcher.
This entry was posted in Digital Transformation, InfoSec, Leadership and tagged , , , , , . Bookmark the permalink.

Comments are closed.