Revenue generation has always been seen, at the C level anyway, as a legitimate solution to the risk from fraud and the hacking community. It still is, according to the latest Experian report.
The thinking is simple: generating more revenue looks great on the balance sheet; investing in fraud prevention does not.
A worrying aspect of the results from Experian is that if you read between the lines, there seems to be a feeling that security is ‘someone else’s problem and revenue generation is what we do best, so let’s do that.’
Revenue generation as a ‘solution’ to security issues is a short term one, to say the least. The issue is that investment in either revenue assurance processes or fraud prevention strategies are justifiable only so long as they are economically viable. You get your revenue leakage or fraud losses under control, and at a certain point, it makes more sense to allow a small percentage of revenue to be lost rather than attempt to plug the hole completely.
As the Experian report points out, only companies in India and Australia are looking to increase their fraud prevention budgets across Asia. A third of the respondents are prioritising revenue generation over putting in place more defences.
The problem with focusing on revenue generation is that you are building up stresses in the future. Particularly with new ways of working, probably a hybrid model of home and office, those stresses are amplified.
More so, when you consider the advances in the dark art of cybercrime during the pandemic. It was bad before, and it has got a lot worse in the last year. Everything from simple phishing attacks to state-level attacks on national infrastructure have increased in volume and sophistication.
A greater focus on revenue generation is simply not good enough.
The question is what to do. One thought is to find ways to incentivise people into increasing the levels of vigilance. One telco, some years ago, came up with the idea of making one person in every department responsible for revenue assurance. The work could not proceed past the door until that person had checked everything added up. And that person was incentivised to make sure it worked. The same could work for fraud prevention if one person was responsible for upgrades, password strength and alerting people to threats.
Generating more revenue is, of course, every company’s focus as we – hopefully – head out of the pandemic. With over 70% of companies across AsiaPacific dramatically increasing their online presence over the past year, that focus will be where everyone is naturally looking.
Somehow, though, the C Level executives need to understand that revenue generation merely covers the cracks. If fraud prevention is not a priority, then there will be trouble – big trouble – ahead.