How to leverage cybersecurity to gain customer trust

Software code on a computer screen. Treating cybersecurity as a strategic tool can help build a digitally-forward organization.

Treating cybersecurity as a strategic tool can help build a digitally-forward organization. Image: Unsplash/Marcus Spiske

Michael Meli
Group Chief Information Security Officer | Managing Director, Bank Julius Baer
Nisha Almoula
Cybersecurity, Risk and Regulatory Senior Manager, PwC
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


  • Financial services are heavily regulated from a cybersecurity perspective, and many organizations have set up robust governance mechanisms accordingly.
  • But to be truly successful, the perception of cybersecurity must switch from being a 'check the box' exercise to being a strategic tool to build trust.
  • Providing customers with visibility into a company's data security capabilities helps build trust in its efforts to manage their data with integrity.

The financial services industry, and the banking sector, in particular, has been heavily regulated from a cybersecurity perspective.

As a result, many organizations within the industry have prioritized aligning their capabilities and establishing strong governance mechanisms to adhere to regulatory requirements, mitigate regulatory scrutiny and manage their associated reputational risk.

However, with the fast pace of technological innovation, for organizations to be truly successful, the perception of cybersecurity must shift from being a ‘check box’ activity to being a strategic tool that can further drive business objectives and build customer trust.

Cybersecurity should be deemed a strategic tool

To dismiss cybersecurity as a threat is to ignore the current reality of banking and with relationships and interactions increasingly online, opportunities to better serve clients in the cyber realm are expanding.

The World Economic Forum (WEF), in co-operation with the National Association of Corporate Directors (NACD) and the Internet Security Association (ISA), published the Principles for Board Governance of Cyber Risk report in 2021.

This report describes the six principles that can help boards of directors with cyber risk governance. The first principle, “cybersecurity is a strategic business enabler”, highlights the need to ensure that organization-wide digital transformation efforts proactively account for cybersecurity considerations and that executive leadership and the board are well informed to actively participate in cyber-related discussions.

In a 2022 PwC survey, when asked how senior leaders frame the cyber mission in their organization, more than half (54%) of the CEOs chose bigger-picture, growth-related objectives from their security team.

Two in five (20%) of respondents stated that “a way to establish trust with our customers with respect to how we use their data ethically and protect their data” was the number one cyber mission choice.

As a result, the power moves to maximizing business value through cybersecurity are two-fold:

1. Building a culture of cybersecurity within the organization so there is effective collaboration between the business, technology and cybersecurity teams.

2. Communicating the impact of the organization’s cybersecurity capabilities to drive customer satisfaction.

How to build a strong culture of cybersecurity within an organization

The messaging to build an awareness of cybersecurity within the organization comes from the top. In order to equip the board to encourage senior leadership to drive cybersecurity outcomes, board members should be included in periodic tabletop exercises to educate the board on their roles and responsibilities to respond to cybersecurity threats. This would make the impact a cyber-attack could have on their business more tangible.

Additionally, as boards receive formal cybersecurity programme updates, they should be provided with key questions to raise to encourage them to challenge their technology, business, and cybersecurity leadership teams to enable risk-based prioritization, communication and decision making, as opposed to compliance-based prioritization.

Following that, the next learning curve will be for board members to gain experience in understanding the implications of the answers they receive. Board members often receive critical input from cybersecurity experts, and therefore, their effective response can support funding decisions, prioritize initiatives, and provide the appropriate executive attention.

Have you read?

It is also essential to build a culture that empowers cybersecurity information security officers to serve as conduits who provide subject matter support to business leaders in implementing cybersecurity requirements, solicit business line feedback to enhance the cybersecurity strategy, and interact not only with technology teams but also marketing and product teams while supporting large-scale digital transformation efforts.

Security team leaders should actively foster collaboration with peer organizations, security user groups, and intelligence feeds to maintain an up-to-date understanding of the evolving cybersecurity landscape and ensure their teams are educated accordingly. Furthermore, all security professionals within the organization should maintain a high level of expertise through continuous role-based training.

How to communicate the impact of an organization’s cyber capabilities

Security team leaders should collaborate to define and publish cyber risk mission and vision statements in alignment with the organization’s overall purpose, values, and objectives, to encompass the company identity and communicate the approach to managing cyber risks to customers.

These statements can serve as the “north star” for the cybersecurity programme and inform the future alignment of programme initiatives to measure and evaluate impact.

When engaging with customers, cybersecurity should be included as a discussion point and offer insight into the organization’s capabilities to monitor threats, analyze long-term cybersecurity impact, and incorporate cybersecurity considerations in customer offerings, in order to build lines of transparent communication with customers.


Given the shift to drive businesses online, providing customers with visibility into the organization’s data security capabilities will establish a sense of increased confidence and trust in its efforts to manage their data with integrity.

For example, when Julius Baer presented the group’s 2021 annual sustainability results, the formal presentation not only included key financial indicators but also included material outlining how continuous technological innovation and operating with a responsible approach to cybersecurity risk management can help the bank to seize digital opportunities and build customer trust.

Take a collaborative approach to cybersecurity to build customer trust

Cybersecurity affects everyone in today’s world, but the topic is often left unaddressed because it is viewed as too abstract, intangible, and cumbersome to deal with.


How is the Forum tackling global cybersecurity challenges?

Therefore, adopting a “we’re in this together” approach and fostering proactive collaboration between business teams, cybersecurity teams and customers will underpin a successful and digitally-forward organization.

Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Quantum computing could threaten cybersecurity measures. Here’s why – and how tech firms are responding

Simon Torkington

April 23, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum