Privacy & Security 2018

Post-Forum Report: Key Takeaways

On September 24 and 25, 2018, privacy and security leaders convened in Washington, DC for Forrester’s Privacy & Security 2018 forum. The forum host, Forrester VP and Research Director Chris McClean, promised that “this conference will be different.” The focus would not just be on the changing threat landscape, new regulatory pressure, and other bad news, but instead on a forward-looking view of how privacy and security leaders can support digital transformation and still meet the needs of their customers.

Over the two days, 27 presentations highlighted unique solutions to issues privacy and security leaders will face today and in the coming years. Here’s some of the dominant themes that emerged:

Customers will be your most important regulators, tying privacy and security to revenue.

Renee MurphyBusinesses must be insights-driven to win, serve, and retain customers. But without careful consideration of your customers’ expectations your company could quickly earn a reputation for being creepy or even downright unethical. Forrester Principal Analyst Renee Murphy (left; click picture for video)  explained that customers are demanding companies align with their values, and a failure to do so could impact loyalty and revenue. According to Analyst Enza Iannapollo (click here for video), companies who adopt privacy as a corporate social responsibility are more likely to meet regulatory requirements and maintain a good reputation among customers. And Principal Analyst Fatemeh Khatibloo proposed the concept of a digital twin, which would to allow customers to explain their various objectives anonymously online, giving brands a clear way to engage with potential buyers based on their specific motivations.

Security and privacy leaders must address new categories of risk.

Jeff PollardBeyond discussion of ethical and reputational risks, Principal Analyst Jeff Pollard’s presentation on the coming data integrity crisis showed how attackers can do massive damage to your business just by altering your critical sources of truth – your data.
Senior Analyst Nick Hayes’ talk on digital risk showcased how attackers don’t even need to be in your network to do damage; they can utilize external data and assets to damage your reputation, IP, and more.

Greater sharing of information will help us more safely adopt new technology.

friedmanDr. Allan Friedman (left), a director of cybersecurity initiatives at the US Department of Commerce, explained how the security industry and the government can work together for better security outcomes. He highlighted efforts like the NTIA's vulnerability disclosure program template as a way the government is helping improve security for all parties. He also mentioned a clear need for information sharing and software composition transparency to address risks in emerging technologies.

The security industry needs to broaden its talent pool and foster diversity.

Dr. Alissa Johnson, CISO at Xerox (left), and Forrester Research Director Stephanie Balaouras had a particularly powerful conversation about the state of the industry’s staffing shortage and diversity crisis. Johnson highlighted cybersecurity’s marketing problem; how we need to do better job generating interest in the field by rebranding the conversation, altering language in job descriptions, and proactively attracting the talent that isn’t finding its way into the industry. She noted that diversity encompasses more than just gender and race; it means unique backgrounds, thought processes, and strengths. Balaouras argued that the problem is self-inflicted, saying “don’t complain about a staffing problem when you’re only recruiting from half the population.”

Attendees were encouraged to continue these conversations with Forrester analysts, event sponsors, and each other between this event and September 2019, when the Forrester Privacy and Security Forum returns to Washington DC.