EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Creating meaningful opportunities to educate our people and our customers/users on privacy and cybersecurity in the metaverse.
In brief
- The metaverse is transforming the way humans coexist and interact in virtual habitats.
- The metaverse is meant to reflect the multitude of interactions we face in the physical world.
- Because the metaverse is growing and changing in real time, ad hoc risk mitigation won’t be enough to build a meaningful culture of digital trust.
The metaverse is transforming the way humans coexist and interact in virtual habitats unlike anything we’ve experienced before. This new reality is creating unique opportunities for companies and brands to differentiate themselves by embracing the essential element for successful and long-lasting relationships: trust.
That said, how can you strengthen trust across this new dimension of human and consumer interactions? Ground your metaverse strategy in a holistic, privacy-by-design and cybersecurity-by-design approach.
What’s the business case for doubling down on trust in the metaverse?
Trustworthiness — grounded on credibility, reliability and intimacy or self-orientation — has already been pegged as a real value driver for organizations operating in the virtual world. At the same time, we know Canadian organizations typically underinvest in cybersecurity. That disconnect poses a real risk for companies venturing into, or already operating, in the metaverse. It represents a gap that could worsen as the threat landscape expands in line with the metaverse itself
A virtual platform that blends gaming, live events, social and media into a new form of interactivity, the metaverse bridges the digital and physical worlds. And it’s evolving at a remarkable pace. Each new interaction, channel or experience created in the metaverse creates novel ways for people and businesses to interact—and additional ways for bad actors to cause real harm.
What do those risks look like?
The metaverse is meant to reflect the multitude of interactions we face in the physical world. That means the same kinds of threats that exist when interacting in person are also present for customers and other stakeholders who engage virtually in the metaverse. To be clear: these threats extend beyond the traditional — and still necessary — cybersecurity considerations typically associated with online experiences (i.e., protecting personal data). They span a much broader range of possibilities. For example:
- Could a consumer making a metaverse purchase in an online retail store be stalked by another metaverse user who’s been tracking their activity?
- What happens if a user completely absorbed by virtual reality technology trips or injures themselves physically while enjoying a metaverse experience?
- How could bad actors seize on biometric details shared by users through metaverse activities to target someone in real life or steal their identity?
Any organization that ultimately hopes to thrive in the metaverse will need to address these changing risks proactively to build consumer trust and foster the kind of confident consumer interactions that maximize the metaverse’s potential.
How can organizations kickstart efforts to build trust in the metaverse?
Because the metaverse is growing and changing in real time, ad hoc risk mitigation won’t be enough to build a meaningful culture of digital trust. Making real progress will require organizations to take an integrated approach that comprehensively connects the big picture and then deploys privacy-by-design and cybersecurity-by-design effectively across all metaverse interactions.
Asking key questions can help organizations at any stage of this journey move forward now:
1. What aspects of our existing enterprise approach to privacy and cybersecurity should we carry over into our metaverse strategy?
2. How can personal information be used — and abused—in this new digital context and what does that mean for our customers and users?
3. What are our customers’ expectations for the experience they want to have in the metaverse — including those elements associated with data protection?
4. Now that augmented reality devices and platforms allow new ways of interacting in the metaverse, how can we delineate what data will be critical and protect it accordingly?
5. Thinking beyond critical data, what does “personal” information mean in the metaverse? How can we evolve that definition to include biometrics or other factors that will become increasingly relevant in this new dimension?
6. How will we use data and do we have a clear map of the compliance obligations (i.e., how consent must be obtained) in different jurisdictions? What new kinds of data are we collecting and analyzing — for instance, someone’s physical gate, reflected through an avatar — and what kinds of additional protections must we develop as this expands?
7. Should we be adopting privacy selection clauses and options to ensure physical location remains confidential when people are congregating in the metaverse?
8. Does our organization’s code of ethics need a refresh to reflect our commitment to building the metaverse safely — and could this be a differentiator with our customers and clients?
9. Are we looking far enough across our value chain to ensure that safety and security by design are embedded every step of the way? What additional tools, resources or skillsets do we need to measure, monitor and report on our commitment to fostering trust and ensuring safety and cybersecurity in the metaverse?
How are we creating meaningful opportunities to educate our people and our customers/users on privacy and cybersecurity in the metaverse context?
Summary
The metaverse is fundamentally changing the way companies, brands and consumers interact. But the metaverse itself isn’t static. Going forward, machine learning, artificial intelligence, automatic decision-making and other technologies will only create additional aggregated risks, social impact considerations and a need for new controls.
That means it’s important to implement clear privacy-by-design and cybersecurity-by-design approaches now. Doing so with an eye to the future is doubly so. Taking a long-term view can empower you to build the metaverse in ways consumers trust and regulators expect now and down the road.