Cybersecurity doesn’t just safeguard bits and bytes; it underpins the very trust customers place in digital services.
Global dependency on digital technology and the rising expectations for high-quality customer experience (CX) have made cybersecurity a linchpin of customer service excellence. Businesses must continuously fight to protect their customers’ data and preserve the integrity of their reputations as new threats emerge.
In his dual roles as Head of Information Security and Data Protection Officer, Mike Ignacio brings a first-hand perspective to this challenge. With over a decade of experience, Mike’s work helps to ensure we adhere to data security and privacy regulations while protecting our partners and customers, so who better to explain the connections between cybersecurity and great CX?
Meet Our Subject Matter Expert
Michael Oliver Ignacio, Vice President, Information Security and Data Privacy
Michael Ignacio is a seasoned IT professional with over 20 years of experience in the BPO, Telecoms, Government, and financial institutions. He is a certified DPO, Comp TIA CysAT, Lean Six Sigma Green and Yellow belt, CMM oracle 8: PL/SQL Programming, Developer and Database Administrator. In 2022, he was recognized as the Best Data Protection Officer of the Year (BPO Sector) by the Information Security Officers Group (ISOG).
We sat down with Mike to find out more about the impacts of cybersecurity on CX, the intricacies of data protection and privacy in the business process outsourcing (BPO) world, and some of the most memorable battles he has helped win against malicious actors.
Data Protection, ROI, and Client Trust
How significant is data protection and certification for establishing trust with your clients? Could you share insights from your role and experiences within Inspiro?
Mike: Protecting data is absolutely critical in the BPO sector—it’s at the core of everything we do. Our main goal is to make sure our cybersecurity efforts fit with what our business and our clients need—not too tight that it chokes us, but not so loose that things slip through. Finding that balance keeps things running smoothly while also protecting what matters most: customer trust.
Getting certified, like we did with ISO 27001, is definitely a big win, but it’s really just a sign that we’re on the right track. It’s the hard work and the improvements we make in our processes that really matter. Working towards that certification really opened my eyes to which technologies and methods work best for us. You can have the latest security tech, but you also need to know how to use it properly. That means working closely with every part of the business to understand what kind of data we’re handling, what tech we’re already using, what we’re aiming to achieve, and how we’re meeting the correct standards for both our clients and the law.
How do Inspiro and its client partners quantify the return on investment (ROI) in these security measures?
Mike: We focus on the operational disruptions or fines from data breaches we’ve avoided, not just what we’ve earned as a result. It’s not like other investments, where you’re looking at clear financial returns. Instead, it’s about safeguarding your revenue and boosting your reputation. That’s why one of the main ways we measure our success is by tracking how quickly we can detect a breach and respond to threats.
Securing the backing of our executive management adds another layer of value to our cybersecurity efforts, and we weave these considerations into our overall strategy.
AI is sharpening our detection tools. It makes threat hunting much easier, as its self-learning capabilities allow it to catch threats that might slip past a human analyst.
What strategies would you recommend to businesses for securing such backing from leadership?
Mike: Convincing executives about the importance of cybersecurity starts with breaking down its complexity and conveying how critical cybersecurity is for maintaining customer trust. Given that today’s customers are highly attuned to security matters, meeting a wide range of regulatory and security standards is necessary and expected. These standards directly influence the quality and security of our services.
To get executive buy-in, we must educate our leaders about the existing cybersecurity gaps and the investments required to address them. It’s all about raising awareness. When executives understand the potential impact of robust cybersecurity measures on the organization’s success, they’re more likely to support these initiatives.
New Tech, AI, and Emerging Threats
What specific technologies or methodologies have bolstered cybersecurity at Inspiro?
Mike: We’ve had to rethink our approach with the current shift towards artificial intelligence (AI) and the general global commitment to digital transformation. To stay ahead of the curve, we work hand-in-hand with our digital transformation team to make sure our cybersecurity measures are current and forward-thinking.
Considering the rapid advancements in technology, it’s worth noting that cybercriminals are also using AI for their schemes. To protect our systems and data effectively, we’re adopting the very technologies that pose new threats, essentially fighting fire with fire.
How does Inspiro already utilize AI for cybersecurity? Are there particular strategies that AI enables that notably improve security measures?
Mike: Bringing AI into our cybersecurity toolkit has been a game changer, but it’s not without challenges. Predicting how AI will evolve in the next few months, let alone years, is like trying to catch fog—pretty much impossible.
Still, we started integrating AI into our systems cautiously, taking it one step at a time. AI is sharpening our detection tools, making it easier to spot threats and connect the dots. This precision cuts down on the human errors that often lead us down the rabbit hole of false positives.
AI makes threat hunting much easier, as its self-learning capabilities allow it to catch threats that might slip past a human analyst. It’s exciting to think about the potential here—AI could spot dangers we haven’t even imagined yet.
But with all its benefits, AI’s rapid development feels a bit like we’re living in a Terminator movie. I often joke that we should always keep Murphy’s Law in mind: if something can go wrong, it probably will, so it is best to be prepared.
Beyond AI, how have digital threats evolved, and what emerging threats should businesses be vigilant against to protect themselves and their clients?
Mike: Along with solo hackers, we’re up against highly organized networks of cybercriminals, intricate syndicates, and sometimes, nation-state actors. Instead of figuring out who might target you next, understanding your soft spots—where your business is most vulnerable—is the better first step in preparing for these threats.
Our clients often find themselves in the crosshairs, so we protect their data and transactions by adhering to the latest and most relevant standards while deploying a mix of the newest innovations and time-tested technologies that best serve the overarching aim of safeguarding the business.
Adopting this proactive strategy protects businesses against the increasingly sophisticated and collective nature of today’s digital threats.
Attack Prevention: Success Stories
Can you share an instance where your proactive measures successfully thwarted a significant attack on Inspiro or its client partners?
Mike: The WannaCry ransomware attack in 2017 was a massive wake-up call for cybersecurity professionals. It was a stark demonstration of how quickly things can go wrong with digital threats. Thousands of organizations were hit, millions of computers were infected—it was chaos on a scale many of us hadn’t prepared for.
We managed to hold our ground amid this storm thanks to our incredible IT and security teams, who sharpened their vulnerability management skills to develop a robust, rapid response strategy. We were already prepared to mitigate the impact when the warning came through.
That crisis showed us, in real-time, the value of having a system and a team that can adapt quickly and efficiently to threats, no matter how unforeseen they might be. It was a testament to the strength of our cybersecurity framework and our team’s readiness to protect our operations and clients’ trust, even in the face of unprecedented attacks.
Have your cybersecurity measures ever directly influenced CX, especially in scenarios involving customer interactions through calls, texts, or emails?
Mike: One standout case involved a significant external cyberattack on one of our biggest clients, which brought down its entire infrastructure. Upon learning of the breach, we braced to protect ourselves and maintain operational integrity, severing our digital connections with the affected client. Nevertheless, both organizations had to continue business operations without further compromising security.
Within a few days, we restored service connectivity and ensured all customer inquiries were addressed business as usual. The client was extremely grateful for our ability to quickly continue providing customer service without endangering the security of its data or compromising transactional security.
Selecting security solutions in isolation is one thing but harmonizing our efforts with the business’ goals takes it to the next level. We must ensure a seamless integration that contribute to business growth, avoiding the pitfall of concentrating on risks that may not align with the client’s core business objectives.
Variety of Industries and Geographies
You deal with various businesses across different sectors. How do you get around the complexity of protecting companies in mixed industries?
Mike: It’s not easy to balance. Selecting security solutions in isolation is one thing but harmonizing our efforts with the business’s goals takes it to the next level. We must ensure a seamless integration of security protocols that contribute to business growth, avoiding the pitfall of concentrating on risks that may not align with the client’s core business objectives.
With the many global data protection laws out there, what compliance challenges does Inspiro face, especially considering your wide range of international clients?
Mike: Adhering to global data protection laws is one of those challenges that we relish despite how difficult it can sometimes be. For instance, the Health Insurance Portability and Accountability Act (HIPAA) in the US is highly stringent and validated only through third-party assessments. We had to adapt our Information Security Management program and data privacy controls to meet HIPAA’s exacting standards, so it’s a challenging process.
Regarding technology’s role in achieving compliance, our approach is to adopt solutions that are versatile enough to apply across various industries yet specific enough to address the unique security needs of our clients and the regulatory landscapes within which we operate. Balancing cybersecurity expertise to serve companies globally also involves careful consideration of country-specific regulations.
For example, we initially developed our data privacy management program in response to the European General Data Protection Regulation (GDPR), which introduced a comprehensive set of legal obligations. We often consult with legal experts within and outside our organization to ensure we don’t miss anything.
Social Engineering and the Future of Cybersecurity
With the rise of social engineering tactics by cybercriminals, which exploit human factors rather than technological vulnerabilities, how does Inspiro address these threats?
Mike: We must first acknowledge that technology alone cannot thwart social engineering attacks. To address this, we must focus more on the human elements of cybersecurity, so we’ve ramped up how we prepare our people for these threats with comprehensive cybersecurity awareness among our staff.
We run phishing simulations to see how they react in real situations and provide them with thorough training programs covering cybersecurity best practices. All this allows us to assess and improve our employees’ responses to potential threats, equipping them with the knowledge to recognize and respond to social engineering attempts effectively.
Considering the rapid evolution of technology, what cybersecurity trends or technologies do you foresee as crucial for safeguarding customer data in the next three to five years?
Mike: The future of cybersecurity is undoubtedly linked to the advancement of AI, so the best strategy is to embrace it and utilize its potential to stay a step ahead in threat detection, risk assessment, and security event management.
Given AI’s dynamic nature and uncertain future, investing in this technology from its early stages is vital. All businesses can benefit from its ability to enhance their monitoring capabilities and anticipate potential threats more effectively.
At Inspiro, we have already taken this proactive approach, allowing us to shape its development to serve our security needs best. Undoubtedly, our AI adoption will be the best course of action to ensure we’re well-equipped to protect our clients and their data against emerging threats.
Safeguard data. Secure trust. Experience digital peace of mind with Inspiro.