Integrated Risk Management
Through the application of technology and automation, we'll help you manage your risks efficiently and effectively across the entire enterprise.
Identity and Access Management
We'll help you ensure everybody within your organisation has access to the right systems and data, for the right reasons, and at the right time.
Cyber & Application Security
Our experts will uncover security weaknesses within your security design and business-critical applications. Helping you protect your organisation from both internal and external threats.
Bedrock Managed Service
Scalable support and on-demand expertise that seamlessly integrates with your existing operations.
About us
A group of passionate individuals with a shared purpose to help the world's leading companies embrace best practices for GRC and risk management.
Turnkey's strategic partner network consists of selected organisations that complement our capabilities.
Corporate Social ResponsibilityCSR
We are committed to being agents for change through our Climate Action Plan, championing diversity in our workplaces, and more.
Get in touch
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
We have operations in all corners of the globe, so see which office is nearest to you and connect with them.
Webinars & eBooks
All of Turnkey's webinars, guides and other insights available in one place.
Read the latest insights from our experts on GRC and risk management, covering the latest industry topics.
Press Coverage
See all the publications where Turnkey, our experts and our successes have been noted.
Key events
See the key industry conferences on GRC, SAP security and risk management which we are attending.
Case Studies
Client satisfaction is of the utmost importance to us, and we strive to constantly deliver above expectations, going the extra mile at every opportunity.
13 January 2017

Is your CISO now more valuable than your CMO in protecting your brand?

Your CMO has traditionally been the guardian of your brand, nurturing and developing brand value by maintaining clarity, relevance and quality of your engagement with your target market and customers. In these terms, little has changed in recent times apart from the new challenges of adapting to a digital, socially connected economy to engage through relevancy, with immediate feedback loops.

So how is the CISO now relevant?

Until relatively recently, the cost of an enterprise security breach was manageable in the sense that typically it was a commercial risk, relatively contained and traceable with a physical trail, and the value of what was accessed was usually only of value to unscrupulous competitors or activists pursuing a cause. Regulatory fines were painful but affordable. The public’s awareness and concern of such breaches was relatively low and containable with good crisis media management. The issue was not an important factor in consumer brand choice.

Is your brand worth less than a major security breach?

In a democratised digital economy, the value of specific data has increased exponentially. Consumer financial account information, that allows fraudsters to attempt to skim accounts for amounts large and small in the blink of an eye, has spiraled as it is traded around the globe, often generating more money in broker trades than in the direct fraud itself. The constant mutation of attempted fraud techniques means the problem for corporates is unpredictable and many are not yet analysing the risk sufficiently to react appropriately with the correct level of investment in strategic protection. It could be argued that this is the problem that is exacerbating the issue more than the ingenuity of fraudsters.

How much risk are you prepared to take?

The value now at risk is no longer tangible, it has switched to intangible assets and most importantly brand.

64% of consumers worldwide say they are unlikely to shop or do business again with a company that had experienced a breach where financial information was stolen, and almost half (49%) had the same opinion when it came to data breaches where personal information was stolen. 49% percent of respondents said they would take or would consider taking legal action against any of the parties involved in exposing their personal information.*

Therein lies the true risk. Consumers move in tribes, even though their carelessness is often partially to blame (54% are using the same password for all or some of their online accounts), they will not forgive you for your negligence with their data. So, the real risk is unquantifiable and potentially fatal to your enterprise.

What should we do?

Driving collaboration between CISO’s and CMOs may be a smart corporate initiative for many companies to identify and communicate the risk and devise mitigation strategies.

Any major enterprise, managing large amounts of 3rd party data that does not have enterprise security on its strategic priority action list for 2017 may already be a dead man walking.


*according to a recent global survey by Gemalto, titled Broken Trust: 'Tis the Season to Be Wary, which surveyed 5,750 consumers in Australia, Brazil, France, Germany, Japan, United Kingdom and United States.