As our reliance on digital technologies deepens, companies face a growing array of cyber threats that can compromise the security of their IT systems—and, by extension, the trust of their customers. Today’s threats are more numerous, simultaneous, better organized, and above all, far more agile.
Cybercriminals are now capable of orchestrating highly sophisticated attacks, supported by a thriving underground market offering tools and services for hire. Scams are becoming increasingly effective and inventive.
In this context, adaptability and data protection are at the heart of security concerns in the (outsourced) customer experience sector. This industry has reached a high level of maturity in cybersecurity and cyber resilience. As an intermediary, it plays a key role in implementing robust security policies across the entire service chain and in raising awareness of best practices. However, the rapid acceleration of AI and the growing number of European regulations are adding new layers of complexity.
Behind the Scenes: The Sector’s Realities and Risks
In customer experience, trust—both from direct clients and end users—relies heavily on a company’s ability to protect data. Since the sector involves both data processing and relational services, it faces two major risks: data breaches (often involving cross-referenced data) and service disruptions.
The sector’s increasing digitalization has significantly heightened its vulnerability to cyber threats. Companies must now navigate complex challenges around personal data protection, regulatory compliance, and the prevention of increasingly diverse and sophisticated attacks. A data breach can have devastating consequences—ranging from identity theft and financial fraud to loss of confidentiality—damaging a company’s reputation and eroding customer loyalty.
The growing integration of artificial intelligence (AI) in customer service brings both opportunities and new risks. While AI—especially generative AI—is increasingly used to detect and prevent cyber threats (Gartner even predicts it could help close cybersecurity gaps by 2028), it is also being exploited by hackers. They leverage AI’s agility, scalability, and targeting capabilities to maximize the impact of their attacks.
For example, generative AI can convincingly impersonate a human—such as a bank advisor—posing a serious threat in consumer-facing interactions. Cyber resilience must therefore evolve in parallel with AI to counter emerging threats, regulate its use, and better isolate the data it processes.
European Regulations: What’s the Impact?
Cybersecurity remains a top priority for both the European Union and France. At the center of it all: data protection.
The NIS1 and NIS2 directives, designed to harmonize and secure networks against cyber threats and improve business resilience, have significantly impacted customer service practices. They require the implementation of new measures across the entire service and subcontracting chain. This demands cooperation and transparency among all stakeholders—especially in verifying existing safeguards, monitoring supplier security levels, and raising team awareness.
While these regulatory requirements may seem burdensome, they help build trust between companies and promote secure business practices. However, their evolving nature—driven by the fast-changing threat landscape and technologies like AI—makes them a constantly moving target for customer experience providers. Although the sector has already demonstrated strong maturity in protection and compliance, future regulations must offer clearer guidance on resilience and business continuity, which remain critical challenges.
Best Practices for Building Trust
To maintain customer trust, customer experience providers must lead by example and act as strategic advisors to their partners. Most companies today have stringent cybersecurity requirements and need to rely on certified, resilient partners. Numerous standards and certifications exist to assess and demonstrate the required levels of security.
Cybersecurity is not just a technical or regulatory issue—it’s also a human one. The solution lies largely in training and awareness. In addition to technical safeguards, companies must foster a culture of security by educating teams on legal frameworks, evolving risks, and best practices. Strong IT charters and confidentiality agreements are essential, but a broader ecosystem of awareness and training—integrated into HR systems, for example—is equally important.
In the months and years ahead, special attention must be paid to AI. Businesses must develop real education around its forms, risks, and uses, as its adoption will only continue to grow.
By investing in cutting-edge technologies, adapting to evolving regulations, and—most importantly—promoting a culture of security from within, the sector can strengthen its cyber resilience and maintain customer trust in an ever-changing digital landscape.
By Vincent Dupont, Chief Information Security Officer, Armatis
