All Articles Food Consumer products trends and what they mean for your cyber strategy


Consumer products trends and what they mean for your cyber strategy

Emerging technologies are creating opportunities for consumer goods companies to connect with customers and optimize costs -- but many of these technologies can also open the door to cybersecurity threats.

7 min read


Consumer products trends and what they mean for your cyber strategy


This post is sponsored by Deloitte.

Emerging technologies are creating opportunities for consumer products (CP) companies to connect with consumers, provide innovative customer experiences and maximize efficiencies — but many of these technologies also come with cybersecurity risks. A panel of specialists from Deloitte discuss what cyber threats are inherent in consumer products trends and ways companies can combat these risks by building a strong cybersecurity team and building the management of cyber risk into their culture.

Deloitte’s panel of specialists (Clockwise from top right: Challender, Heikkinen and Lewis)

What do you see as some of the primary trends for consumer products companies, and what is their potential impact on cybersecurity?

Many of the top trends affecting CP companies have a corresponding technology component. Often the new and advanced technology that helps CP companies address some of these trends is implemented at a faster pace or without full consideration of the corresponding cybersecurity.  For instance:

  • Connected products: The hyper connected nature of today’s world allows for innovative customer experiences and can give CP companies a competitive advantage. The future success of connected products is dependent on providing customers an interactive experience that is also secure.
  • Manufacturing/operational technology: Reaching for optimization and efficiencies through automation has increased connectivity within the supply chain, and the threat of exposure has risen for system devices designed to monitor and control industrial processes. Increased focus is being given to this area due to attacks that have had significant impacts on the production capabilities of some global manufacturing companies.
  • Intellectual property (IP):  There is increased competition and a demand by the consumer for innovation. IP is at the very heart of the business for CP companies, especially today with changing consumer preferences and even marketing campaigns and how they’re targeting and reaching consumers. The rise of IP theft requires a thoughtful cyber risk approach and focus on identity and data access management.
  • Cost optimization: There is increased competition and pressure from the market for profit improvements. To address this, CP companies are working toward supply chain automation and optimization of other manual processes. In doing so, they must also consider how they are securing and monitoring the new technologies they are introducing to the environment.
  • Consumer trust: CP companies need to consider how consumers perceive they are collecting and handling their customers’ personal information. Consumer perception and trust could drive purchasing decisions and we are seeing regulatory bodies addressing this with a new level of evolving privacy focused regulations that CP companies will need to address.
  • Talent and human capital: Given all the change and technological advances within the industry, there is a need for and a shortage of people with a cybersecurity skillset. The high demand and shortage of talent is making it difficult for CP companies to find the right resources to address these risks.

Given the need in CP companies for top cybersecurity talent, how should CP companies think differently about attracting and retaining top talent?

Resource gaps and skills gaps among cybersecurity professionals are among the biggest barriers to organizations achieving their objectives in this space. CP companies are competing across industries for top talent, including industries with higher margins and/or cutting-edge technology (e.g., technology companies). It is important to understand what motivates the workforce and respond appropriately. Training and development programs and specialized learning programs are some ways to cater to millennial and Gen Z workers. Some companies are also thinking about creative ways to appeal to the workforce, such as creating challenging opportunities, offering flexible working hours or arrangements, casual work environments, commitment to social programs, hot skill bonuses or incentives and cross training skill sets. In addition, some companies are using robotics processing automation and artificial intelligence for some of the more day to day tasks and items that don’t require human decision making, allowing their teams to spend time on strategic initiatives and driving new insights which creates more challenging and meaningful work experiences. Companies that have engrained cybersecurity into their culture and view their cybersecurity team as business partners will more likely have less attrition and be more attractive to candidates.

How can companies start to build the management of cyber risk into their culture?

Executive-level engagement is the first piece of this, and tone at the top and executive leadership awareness and support is essential. CP companies should proactively and consistently message, train and create awareness throughout the organization, making security awareness and cyber risk training a priority. Employees throughout the organization should understand their responsibility in mitigating instances related to phishing, social engineering and escalation if they notice something out of the ordinary or of concern.

What initial steps should consumer products companies take related to cybersecurity?

CP companies should perform cyber risk assessments focused on business areas of most concern but also with an understanding and appreciation for the entire enterprise (e.g., third parties, connected devices). The assessments should be inclusive of all applicable risks including taking a risk-based approach to securing systems (including emerging technologies), monitoring the threat landscape, the internal and external threat monitoring capabilities and the timeframe to identify if there has been a breach. In addition, companies should consider their preparedness to address cyber incidents before they escalate, which may involve some aspect of cyber war gaming. This gives companies a more realistic understanding of how prepared they are to make real time decisions and respond to a cyber-attack. In addition, the cyber team should be included and a part of business decisions that impact investments in emerging technologies and changes in the technology landscape, both to assess the risk associated and determine how to appropriately manage the risk.

Lynne Challender is a cyber risk managing director at Deloitte & Touche LLP with more than 20 years of experience within information security and risk management, 17 of which focused on providing management consulting services to clients in the consumer products, retail, travel, hospitality and services industries.

Kristen Heikkinen is a senior manager at Deloitte & Touche LLP with 10 years’ experience in business and technology risk, focused on retail and consumer products companies. She specializes in large, multi-national end-to-end process risk mitigation and internal controls.

Tyler Lewis is a cyber risk services principal at Deloitte & Touche LLP with more than 15 years of IT experience, 13 of which are in client service providing risk advisory consulting services to primarily consumer products and manufacturing organizations. His experience is focused on leveraging technology in conjunction with business insight and value to improve operational capabilities, governance and risk management.


This article contains general information only and Deloitte is not, by means of this article, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This article is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this article.


If you enjoyed this article, sign up for FMI dailyLead to get news like this in your inbox, or check out all of SmartBrief’s food and travel newsletters as we offer more than 30 newsletters covering the food and travel industries from restaurants, food retail and food manufacturing to business travel, the airline and hotel industries and gaming.