It seems every day a new report emerges of a disastrous cyber security breach.
Sometimes they happen in the past and remain undiscovered, quietly awaiting their moment to surface. Other times, they are found and buried until it is too late to keep a lid on. In both scenarios, the end result is the loss of consumer trust.
In February 2018, the Notifiable Data Breaches scheme will come into effect¹. It will require Australian organisations covered by the Australian Privacy Act 1988 to notify individuals who may be at risk of serious harm by a data breach – where a reasonable person would anticipate the breach could cause serious harm in the form of physical, emotional, financial, economic or reputational harm.
It aims to strengthen the protections of people’s data, improve organisational transparency and improve consumer confidence that their data is safe. In short, it aims to build trust.
Trust, is something that needs to be earned, and a new report from PwC’s Consumer Intelligence Series, Protect.me: How consumers see cybersecurity and privacy risks and what to do about, takes an in-depth look at just what this means.
What do consumers want when it comes to cyber security and how can companies earn their trust?
The survey and subsequent report lends credence to what is being widely felt by businesses: consumers are losing trust in them. Of the respondents, only 12% said that they trust companies more than they did 12 months ago. Only 17% trust companies more than they did a decade ago. That leaves an overwhelming majority who are losing trust in the companies they interact with.
And while that statistic might be easy enough to dismiss potentially as sour grapes or the whim of the crowd, consider this: 88% say that their willingness to share their personal data is determined by how much they trust a company, and 87% will go elsewhere if they are given reason not to trust a business.
When we consider that only a quarter of the survey participants believe companies are handling their data securely, that’s a lot of business potentially walking out the door.
While many people are willing to give away their personal data in trade if they are getting something of perceived equal value in return, very few – just 15% – believe companies are using data to improve their lives. The scales are not tipped in the customer’s favour.
This is a difficult dilemma, because companies can’t offer a better customer experience without data, and they can’t get data without trust. With 85% of customers saying that they won’t do business with a company if they have concerns about its cyber security practices, it’s time for businesses to make inroads into gaining consumer confidence back.
The vast majority of consumers in the study think that government should be regulating company’s use of data (including when it comes to new technologies). However, importantly for companies looking to be proactive about trust, 92% think that companies themselves should be doing more about data protection.
While the onus hasn’t been put completely on businesses, the gauntlet has been thrown down. Organisations wanting to impress customers with their safety record need to be doing more than what is mandated. Transparent and overt safety controls must be in place, and understandable to customers. Those same customers should, where possible, have control over their personal information too.
As the Protect.me authors note, “the stakes are high. If companies don’t adequately protect consumer data, they risk suffering consequences from regulators and backlash from consumers who say they will take their business elsewhere.”
In the event of a breach, customers also expect more. As the oft quoted soundbite from Cisco CEO John Chambers goes, there are two kinds of companies: those who have been hacked, and those who don’t know they’ve been hacked². Statistically, it’s something an organisation is likely to face at some point in their future and how they react will make all the difference to how many customers will stick by them.
Whether there are regulations in place in a market or not, there are certain things that businesses should be doing to salvage trust. While customers aren’t unified in what they expect post-breach, knowing what happened and how it’s being resolved – including what steps and systems are being put in place to prevent future breaches – are common themes.
Companies must be transparent and immediately responsive. Not only will hiding a breach not work, the damage it will do will be irreparably worse.
The report outlines five actions that companies need to understand and address to ease consumer worry and retain their business:
In today’s digital world we are becoming more and more connected and transacting larger amounts of personal data. This increasing use leads to greater risk.
Without trust that their data is secure, customers will begin to withdraw business, placing it only with companies who have taken steps to not only keep data safe, but which have been clear on what those steps are.
Trust can be earned, and kept, but it takes concerted effort. That effort is now mandatory in more ways than one.
Download the report from PwC’s Consumer Intelligence Series, Protect.me: How consumers see cybersecurity and privacy risks and what to do about, for more details from the survey.
© 2017 - 2022 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details. Liability limited by a scheme approved under Professional Standards Legislation.