July 7, 2025

327 - Cybersecurity Remediation

Numerous companies have eagerly adopted some form of AI into the Customer Service process, but what most of them have systematically neglected is the blade of the guillotine hanging over their heads now, cybersecurity remediation.

For context, cybercrime is the 3rd largest market in the world, on schedule to top $10.29 trillion USD annually this year, per Statista's figures. Cybercrime is also the largest industry to widely adopt and substantially benefit from "GenAI", as neither BS nor a lack of security are significant problems for it.

Cybersecurity remediation is rarely easy or simple, and companies like Microsoft gladly make it very literally impossible, as they evidently no longer desire customers. One of the common points of failure is systematically blocking access to any real form of customer support, such as requiring someone to log into an account before contacting support. This is obviously impossible if the problem is account access, and yet that level of stupidity in CS systems architecture has become extremely common.

Remediation following cybersecurity breaches was much rarer in the past, but the need is exploding today, and an erased email will break every poorly designed account that was connected to it. For example, if a system offers only a single form of 2FA and no means of remediation if and when that one method is compromised, be it an erased email, stolen phone, country-level blocks, or any number of other factors, then it will invariably turn into a nightmare that your former customers will likely remember for decades, darkly overshadowing every future thought at the mention of your company.

2-Factor Authentication is one essential ingredient, but it is less than worthless if a cybersecurity incident on another platform renders some of your user accounts completely inaccessible. If you fail to implement multiple options for account restoration in your architecture, then the added burden falls on your Customer Service. If you make that Customer Service inaccessible to the very people who need it most urgently, then you no longer have a business.

Microsoft: A customer service experience designed to send you in circles, where nobody has the authority or access to help, or they do but they refuse to do so even when it violates their contractual obligations and various laws. If it was the Olympics of bad UX, they'd set world records and take home the gold.

Calendly: They'll basically tell you to f**K off if you didn't pay them before they f$%&ed up their own systems. Its a "policy" nothing personal, they're equal opportunity dirt bags.

Eventbrite: A system that prevents you from accessing customer service without logging in, and if logging in is the problem for any reason, well, you're f$%&ed. However, if you make a new account and get ahold of their customer service in chat they do genuinely work hard and competently to resolve the issue (anecdotally, in my experience). This is an example where a good CS agent can save a company from terrible systems architecture.

Those who neglect systems architecture, especially for the high-stress and high-stakes UX case of cybersecurity remediation and corresponding customer service (or lack thereof) demolish their own companies from within. The negligence itself is often demonstrably illegal, and like any literal imploding building, if you realize you're in one and see the timer on the wall, disarm it if you can, or run and don't look back.