Dejan KosuticThis article is based on an episode from the Cyber & AI Perspectives podcast. Prefer listening instead? Listen to the audio version below.
Today, I’ll speak about how cybersecurity can create a competitive advantage for companies and how Apple successfully did this.
ISO 27001 certificates can help sales, but a real competitive advantage comes when cybersecurity becomes part of your products and brand — as Apple did.
Do certificates provide a competitive advantage?
Most companies I know of that go for ISO 27001 or some other certificate do so because of sales and marketing — for example, they want to get a new customer, and that customer tells them that they need to get certified if they want to start selling to this customer, or a company wants to keep an existing customer that tells them the same thing, or they want to penetrate a new market segment that is very keen on protecting their sensitive data.
And I’m OK with all that, even if it sounds a little strange that companies want a security certificate not because of security, but because of revenue.
But then those companies say that they will gain a competitive advantage over their competitors because of such a certificate — and I’m not so sure about that.
An example of a competitive advantage
Let’s first see what competitive advantage means — this basically means that you have something that your competitors do not have, and that those competitors find it very hard to get that something because it’s so special. For example, SpaceX, a company that launches rockets into space, has technology that enables these rockets, after they deliver satellites into orbit, to return to Earth and land safely so that they can be reused — this enables SpaceX to drastically reduce costs because it does not have to rebuild these rockets all over again. Their competitors do not have that technology, at least not yet, which enables SpaceX to have much lower prices and much better capacity.
Let’s go back to my point about ISO 27001 certificates — what is preventing competitors from getting this same certificate? Basically, not much — a couple of months of work, and a certain amount of money.
Does this mean that ISO 27001 brings a competitive advantage? Perhaps, but only for a short amount of time.
How Apple uses cybersecurity as a competitive advantage
So, looking beyond certificates, can cybersecurity bring a competitive advantage in the long term? I think yes — some companies are doing this already and are very successful at that.
One of the most well-known is Apple, which carefully integrates cybersecurity into its product design, making it an important part of its brand.
If you’re an Apple fan, like I am, what do you like most about its products? Probably their design, how easy they are to use, and the large marketplace with lots of apps. But many people also like how Apple makes an effort to protect customer data — they were the first to launch advanced biometric authentication and built-in protection against malware, and they don’t even allow governments to access your data — just think about their pushback against the US government, UK government, and so on.
And by the way, most security people I know use Apple products — probably because they are the most secure.
So when you think about it, security is one of the top five most important features of Apple, and as we know, Apple is a very successful company. So, how did they do it? Apple is proactively thinking through how to incorporate security and privacy into their products, and this has become a regular part of their product development, not something that comes afterward. And they also actively push this image of a secure company so that it becomes an integral part of its brand.
What should you do?
So, to conclude, if you want your company to use cybersecurity for building a competitive advantage, you need to push it not only on the operational level, but also on the strategic level.
This means your CISO must be involved in defining your business strategy, and your security teams must participate in every step of your product development. It is not easy, and not everyone can do it — but those companies that do can build a competitive advantage that competitors will find very hard to imitate.
I researched the connection between competitive advantage and cybersecurity during my doctorate, and I have written an article that explains in more depth how this connection works: How to achieve sustainable competitive advantage through cybersecurity.