The 2023 National Cybersecurity Strategy is a momentous document that will have a lasting influence on the global digital ecosystem. One aspect of the strategy’s intent is to “reimagine cyberspace” as a tool to improve trust in the United States’ democratic institutions. This is a sentiment echoed by the December 2021 Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government and underscored in the President’s Management Agenda, which seeks to “deliver excellent, equitable and secure federal services and improve the customer experience.” Trust is a core underpinning of all these documents because cybersecurity and customer experience (CX) are deeply intertwined.
Given concerns about balancing security and functionality, CX and cybersecurity are often viewed as competing priorities. However, CX can never be effective without the foundation of trust that cybersecurity provides. That trust is built by consistently delivering mission-critical services while protecting the citizen’s privacy, data and personally identifiable information (PII). Conversely, cybersecurity tools will not be embraced unless end users find them intuitive. As such, the mindset of the entire IT community, public and private sector alike, must shift to consider CX and cybersecurity interdependent counterparts rather than a hindrance to one another.
Two heads are better than one
To ensure secure service delivery, cybersecurity and CX professionals are encouraged to collaborate when developing IT solutions. Ideally, input from both parties should be present throughout the entire lifecycle of either a cybersecurity or CX implementation, but staffing shortages and resource constraints can, at times, inhibit comprehensive, consistent integration.
Cybersecurity officials often implement strict controls and policies around systems, whereas CX professionals prefer systems that are easy to use. Incorporating the inverse perspective during development is likely to benefit the ultimate product and help strike this delicate balance. As such, proactively engaging both viewpoints up front would save significant time and cost for participating agencies.
Therefore, agencies should invest in training and education programs for employees to forge a robust cybersecurity culture that addresses the reciprocal relationship between security and CX. Additionally, in alignment with the National Cybersecurity Strategy’s advocacy for increased public and private sector collaboration, agencies may seek to partner with organizations that can provide access to significant cybersecurity and CX expertise and resources.
Leverage emerging technology to optimize digital services
Another reason to foster collaboration between these two specialties is the benefit of designing relevant levels of security and user experience into every system, service and website. User feedback helps ensure cybersecurity protocols are not becoming an obstacle to CX, and vice versa. To determine the optimal level of security, end-user input is invaluable because it allows IT professionals to understand how solutions are performing and enables them to recognize when adjustments must be made to balance the scale of security versus functionality.
Human-centered design (HCD) — the practice of involving user feedback in the design and development process — can help technologists identify how best to achieve the government mission of trustworthy, accessible service for all Americans. HCD should extend beyond just the design and development phase because when feedback is continually monitored and measured, it’s easier to ensure that digital government services align with citizen needs and expectations.
Data-driven insights can help achieve this objective. Data collection, management and AI/ML-enabled analysis illuminates the answers to imperative questions regarding how users engage with CX or cybersecurity solutions. With real-time data insights, technologists can make informed decisions quickly, so issues are resolved promptly, and citizen service is bolstered.
Data is also valuable to track the performance of a given tool or platform over time. Similarly, innovative technologies for identity management and authentication can help IT managers keep track of who needs access to which system and when, essentially allowing them to prioritize cybersecurity practices based on risk assessment and elevate CX whenever possible.
Yet another layer to keep in mind is the employee experience (EX) when using a CX or cybersecurity solution. Federal employees are the backbone of our government — no initiative can be successful without their participation and passion. Cybersecurity tools, processes, and practices must be intuitively designed so that federal employees embrace them. Time-consuming, difficult or ineffective tools will understandably frustrate employees, and they’ll likely try to find a way around them, which can pose cyber vulnerabilities. Therefore, EX, as well as CX, should be addressed when designing cybersecurity tools.
If the technology community emphasizes the relationship between CX and cybersecurity, and acts accordingly, significant improvements will be witnessed on both fronts. It’s apparent that the federal government considers both areas to be tantamount, given their correlation to improved citizen trust in the government. Both directives are essential to the vision of a secure, prosperous digital ecosystem as described in the National Cybersecurity Strategy, which has become a necessity in modern society.
Kynan Carver is cybersecurity lead for the Defense market at Maximus.