Customer: National Registered Investment Advisory (RIA) Firm with offices in 20 US states and over $95 billion under management
- Shrinking new account volume and revenue
- Market perceived competitors as stronger on privacy and security
- Clearing house Compliance required updated risk mitigation standards
- Free Privacy Risk Assessment
- Free External Data Privacy Audit
- Licenses for unsecured data removal service applied to all relevant employees/vendors
- Privacy Trust Badge
- Consent Core
- Improved GRC
- Expanded public commitment to privacy and security
- Expanded new account acquisition activities
- Recapture of lost revenue and expansion of net-new revenue
Challenge: During a year-over-year analysis of new account acquisition, [REDACTED] identified a 4% decrease in the number of new, high net-worth investment clients engaging their private banking services. This decrease represented a loss of as much as $10 million in annual net revenue for the firm.
Executive leadership performed post-mortem debriefs with sales and business development representatives from each territory across the US to determine the factors driving prospects to engage with competitive RIA organizations. One of the most mentioned factors involved privacy concerns among high net-worth investor prospects. Specifically, many of the lost prospective opportunities found a home with one particular competing firm. A firm offering a well-articulated and highly publicized set of privacy management and trust management policies.
Executive Leadership brought IT leadership into the discussion and requested a complete overview of the company’s existing information and cyber security practices. IT leadership detailed best practices the organization was observing for physical security and cyber security to guard against unauthorized data systems access. IT laid out the contours of their cumulative efforts. From onsite security camera and other infrastructure security; to strong passwords/permissions, Identity Access Management (IAM) policies and routine employee awareness trainings; to endpoint security, firewalls, anti-virus and spam filters, and even vendor risk management programs. (Learn more about Privacy Bee’s Vendor Risk Management solution.)
Despite all these common industry practices, the assembled leadership concluded something was still missing. This missing element, they believed, was something their competition was already successfully touting as a valuable differentiator in the marketplace.
Solution: The customer engaged Privacy Bee for Business to help identify shortcomings in their existing approach to privacy and security, and then to deploy a solution commensurate with industry-leading best practices.
Privacy Bee worked with the customer’s IT department to perform critical assessments of the state of external data privacy management practices. It was quickly determined that, in spite of strong cyber security and physical security practices, there was a deficient focus on the role of external data hygiene and management.
Privacy Bee helped the customer CISO perform the Privacy Risk Assessment (PRA) evaluation – a free audit of internal procedures for de-risking the firm against PII-infused spear phishing and other social engineering attack vectors which rely heavily on the exposed external data of the firm’s employees and vendors’ employees. Once completed, the PRA helped determine the accurate Privacy Risk Score for the customer’s operations.
Next Privacy Bee worked with the customer’s CISO to perform the External Data Privacy Audit (EDPA) to identify where all employees’ PII was available on the dark web and clear web – across equities like Data Broker sites, People Search Sites, public sources, social media profiles and more. The free EDPA identified all the privacy exposures and vulnerabilities weighing on the customer’s ability to lower risk of data breaches.
Armed with detailed information on their risk exposure, the customer purchased licenses for all the relevant employees across the organization and Privacy Bee immediately began the process of getting the unsecured data removed from the internet.
In addition, the customer also signed the Privacy Bee Privacy Pledge and was able to add the Privacy Trust Badge to their websites and other web equities. They also engaged the Consent Core service to manage Data Subject Access Requests (DSARs) demonstrating the firm’s commitment to observing privacy legislation and strong Governance, Risk Management & Compliance (GRC) protocols. The enterprise-grade compliance service also helps manage email unsubscribes and other organization-wide consent logging functions which are often used in financial transaction management, electronic trading, proxy voting and other FinServ activities.
Results: Almost immediately, the customer CISO and IT resources gained an expanded perspective on the ways in which data security practices had been forced to evolve. Specifically, they became much more aware of the External Data Privacy attack surface and how it represents the predominant risk to business organizations today.
This expanded perspective was driven by the hard data captured by the PRA and EDPA processes. The PRA delivered quantifiable risk scoring and was used to produce updated Governance, Risk and Compliance (GRC) policies. Coincidentally, the customer’s Compliance function had been given a mandate by the Compliance office of their clearing house that updated GRC would be required. With the output of these two audits, the customer was able to meet the new standards. Moreover, they were able to market these new, concrete data privacy and security policies to new business prospects. They were even able to include this advancement in RFx responses to pension groups, labor union groups and other pooled investment client opportunities.
The EPDA provided clear Cost-Benefit Analysis (CBA), extrapolating the potential financial impact of a data breach across the entire company. It also identified the most and least vulnerable internal departments to help allocate internal resources to the most appropriate segments of the operation. EDPA also delivered financial modeling and forecast opportunities for risk resolution providing clear projections for a significant return on investment into the Privacy Bee for Business platform.
The Cookie Consent and Privacy Trust Badge elements even helped the customer generate a modest net-new revenue stream. Both elements deliver a small commission to the customer when their users become Privacy Bee customers following their exposure to Privacy Bee via the customer website.
Within one year of adoption, the customer reported a reversal in the shrinkage of new accounts acquisition and the associated lost revenue. They also reported a net-new growth in sales prospecting with sales teams reporting categorically positive response among prospects to the new privacy policies advertised on customer web equities and other marketing channels.
The customer was so happy with the results and modest costs of the Privacy Bee for Business platform, they shared their success story with their sister firm which is currently in the process of deploying the solution as well.