Thank you for Subscribing to Insurance Business Review Weekly Brief
Through this article, James He, Cybersecurity Director at L’Oréal, explores the evolving cybersecurity landscape and its impact on global enterprises. He discusses the increasing sophistication of cyber threats, the role of AI-driven security platforms, and the importance of proactive risk management in a complex digital ecosystem. He concludes by emphasizing the need for a privacy-first approach, continuous innovation, and strategic collaboration to safeguard data, enhance consumer trust, and drive cybersecurity resilience in the digital age.
Professional Background And Role: A Seasoned Cybersecurity Leader With Expertise Spanning Multiple Industries I have Over 20 years’ security experience in FMCG, Healthcare/ Medical, Financial/Banking, PCI/Smart Card Manufacturing, ICT industries, and specialized in below areas: Product Security and Privacy by design Information Security Security Architecture Risk Control and Management Governance Risk Compliance (GRC) IT Infrastructure Current role and responsibilities at L’Oréal: • Oversee the strategic cybersecurity planning and operation for L’Oréal Greater China. • Overall in charge of cybersecurity compliance, security by design and security operations, for L’Oréal China different IT domain and business divisions. Cybersecurity Trends Shaping The Future: Ai-Powered Platforms Will Enhance Efficiency But Not Replace Human Expertise In terms of trend, since we have massive of vulnerabilities, logs, warnings, alters, etc., which have already overwhelmed the traditional IT security teams, in next generation of the cybersecurity sensing system, we must have the capability of building an all-in-one platform to process and corelate all these events, and quickly sense the situation and respond to the potential breach. More, it should also have the current knowledge of attacking exists in the market externally. “The world is ever changing, there is no bible for cybersecurity protection or management, we need to continue evolving, even challenge and disrupt all our old school ways of working for cybersecurity governance, and find creative approaches to adapt to the new era of the world” One platform with AI capability is the trend, even thought I don’t think AI can replace all top cybersecurity experts to fix everything, but AI will definitely help improve our efficiency. Cybersecurity Threats Facing L’oréal: A Complex Digital Ecosystem Demands Proactive Threat Intelligence And Crisis Readiness Overall, industries’ cyber data security threats are increasing and get more and more sophisticated. Compared to other high-risk industries, like banking, insurance, etc., the risk of Cosmetic & Personal Care industry is relatively low. However, Loreal China is super big company crossing different industries and channels in terms of long supply chain of customer data processing, from E-Commerce platform, Order and Warehouse platform, Logistic and express systems, and even in difference social media platforms, we do face more cybersecurity threats than other companies, that’s why we engaged threat intelligence service to cover all the channels and markets, so as to equip us more advanced or timely visibility of the data risks. Secondly we must have proper contractual requirement with our suppliers/partners. Finally, we must have an executable emergency response process, which must be tested in regular crisis drill exercise, make sure senior leaders can quickly make right decision in the real crisis. Safeguarding Customer Data While Enhancing The Digital Shopping Experience: A Privacy-First Approach To Regulatory Compliance, Data Protection, And Consumer Trust Yes, we build an industry-leading Privacy protection program across all 1st party and 2nd party platforms for regulatory compliance & security fundamentals, to reduce China Cybersecurity and Data protection regulatory risk, prevent personal information and security incident while sustaining compliance, enhance consumer & customer confidence and loyalty towards L‘Oréal. More, recently, we have developed a guideline of PI data retention policy to be rolled out in different counties, each country should implement the PI data retention based on group policy combined with local business specific and regulatory requirement, this is for the purpose combined of privacy regulation, mitigating risks in case of a data breach, and sustainable or green IT ecosystem. To implement these policy into our system to fulfill the requirement, it includes data discovery, data blood correlation, policy mapping, purging, and continues monitoring by embedding PI data retention rules into the system. Last but not least, Under China PIPL, data subject has the similar rights to data controller (Loreal China) as GDPR, such as right to access, right to correct, right to withdraw, right to delete, right to data portability, etc. To enable our data subject to excise these rights through different channels to Loreal China, we have developed an end to end procedures to process these DSR (Data Subject Request). Advice For Aspiring Professionals: Curiosity, Creativity, And Adaptability Are Key To Driving Lasting Impact Keep curious and be creative. The world is ever changing, there is no bible for cybersecurity protection or management, we need to continue evolving, even challenge and disrupt all our old school ways of working for cybersecurity governance, and find creative approaches to adapt to the new era of the world.