May 18 2021

RSA 2021: How IT Leaders Should Respond to Shifting Consumer Expectations

Businesses have to scale and secure more digital and hybrid experiences over the next decade, says Forrester.

For businesses, and especially for IT security professionals, the past decade was marked by constant innovation coupled with increasing risk. And as unique as the 2020s will likely be in the details, in broad strokes things will be much the same as in the 2010s.

So argued Laura Koetzle, a vice president and group director with the IT research firm Forrester, speaking at RSA 2021 about post-pandemic business trends that cybersecurity teams need to understand.

“The Roaring 2020s are going to be a lot less Great Gatsby and a lot more adaptation to upswelling of systemic risk, and that’s not just about future pandemics but also political risk, climate risk, social unrest, etc.,” Koetzle said. “The next decade for all of us in information security — and this is not a change — is going to be a ‘may you live in interesting times’ kind of thing. If you enjoy ‘interesting,’ this is the decade for you.”

The Next Decade’s 5 Key Business Trends

For IT security professionals, driving all that interest will be five broad shifts in consumer and employee expectations — each inspired by pandemic realities but far outliving them, while also evolving in a post-pandemic economy. Each one will require businesses to respond over the short, medium and long term, and each carries its own unique security concerns.

Koetzle outlined the following business changes:

  • Customer expectations will shift on the spectrum of safety and convenience. Consumers will exhibit greater risk aversion and a higher desire for convenience simultaneously, producing “a lot of behavior that looks really contradictory,” Koetzle said. For example, most U.S. consumers tell Forrester researchers that they will try to avoid crowds for the next six months, even as they confess a longing to return to stores in person. “This reflects a genuine conflict within consumers,” she said.
  • Businesses will ride the digital engagement wave to create hybrid experiences. As businesses reopen for consumers and workers, organizations will strive to extend and scale hybrid experiences — everything from hybrid workplaces to kiosk-based check-in at hotels.
  • Firms will invest in what was once considered impossible to drive the future of work. Few businesses will return to fully onsite work experiences, but few will remain fully remote. They will have to invest in new solutions to empower and secure workers in constantly shifting hybrid environments.
  • Smart firms will retire technical debt fast and then ride the tech disruption wave. Businesses have accelerated their digital transformations out of necessity since last March, racking up a lot of technical debt as they go. They’ll have to pay down that debt to keep the momentum going — and they will, Koetzle said.
  • Business resilience will become a competitive advantage. Organizations have learned the value of resilience this year, and they’ll continue to focus on business continuity and strive to build redundant and more flexible supply chains.

MORE FROM BIZTECH: Learn what to look for to know if your organization has an insider threat problem.

Businesses Must Secure Emerging Hybrid Experiences

All these changes will bring fresh challenges for IT security teams. For example, as they strive to meet the conflicting demands of consumers — who want to be safe, both physically and financially, while resuming in-person experiences — organizations will have to secure an increasing array of touchless customer experiences.

“My favorite example is from China, where a car company last year was delivering keys to new customers by drone,” she said. “All of you in security will have to secure those new experiences, because they increase your attack surface. If your keys are flying around on a drone, you have to secure the drone.”

At the same time, Koetzle said, security teams will have to “build security and privacy controls that translate seamlessly between digital and physical realms, because we’re going to have people moving through those hybrid experiences.”

Consumers will become less forgiving with digital and hybrid experiences that fail to meet their expectations. At the start of the pandemic, businesses, under great pressure, “rolled out a lot of experiences of various levels of quality,” Koetzle said. “Among consumers, there was a certain amount of, ‘OK, it’s a pandemic, I get it,’ but they are going to quickly become less tolerant of that. You’re going to have ensure that those experiences actually scale, work properly and deliver the same emotional resonance that those in-person experiences did.

What Businesses Should Consider as They Reopen Workplaces

Meanwhile, businesses’ efforts to reopen workplaces will have to be informed by employee expectations for both safety and flexibility. At the same time, they’ll have to replace a lot of temporary measures they installed quickly to secure remote workforces with more permanent solutions that will allow organizations to return to 100 percent remote work if necessary. “That may not be what companies plan to do, but they’ll need that flexibility during the next pandemic or natural disaster,” she said.

Having reconsidered their insider threat protections as they shifted suddenly to remote work, they’ll have to do so again for hybrid environments, she said.  With employees neither fully onsite nor fully remote, many policies preventing insider breaches will have to be revamped.

The good news: According to Forrester research, employers that demonstrated empathy for workers’ challenges during the pandemic can expect to reap dividends now. High-value workers will be more likely to stick around as the job market improves, “and all of our research says that those employees bring more creatively to the table. They’re more invested in the company’s success. That competitive edge will really start to matter as the jobs come back.”

Keep this page bookmarked for articles and videos from the event, and follow us on Twitter @BizTechMagazine and the official conference Twitter feed, @RSAConference.

Getty Images/ Halfpoint