When it comes to punishing brands for insecure data practices, British consumers are ahead of the curve
We talk a lot in security about the damage to brand reputation inflicted by breaches, but what does that really mean in terms of cost?
Surveys have shown that customers will abandon a brand following a major security incident, with companies being judged by both how well they protect data, and how they respond to a breach.
Finance, retail and healthcare organisations are particularly vulnerable to a lingering sales drop when data is hacked, with up to a third of consumers saying they will take their business elsewhere once a company has been breached. In addition, companies that have experienced a breach often find the cost of acquiring new customers goes up.
Now a new survey from PCI Pal on consumer trust and spending habits sheds new light on the topic, showing that breaches continue to impact customer confidence in both the UK and US – but in different ways.
Negative perceptions = revenue losses
Brand reputation suffers a bigger hit in the United Kingdom versus the United States, with 41 percent of British consumers saying they will steer clear of a brand forever after a hack, compared to just 21 percent of Americans.
Awareness and concern after an incident is definitely high in the US, but Americans seem more willing to give companies a chance to make good.
Sixty two (62) percent of American consumers would stop spending with a company after a hack – but only for a few months. Only 44 percent of British consumers said they would do the same.
A third of UK consumers said they would spend less with brands they perceive to have poor data practices, compared to just 18 percent in the US.
There is also a divergence in the way UK and US consumers associate the size of an organisation with its data trustworthiness.
- Fifty five percent of UK consumers felt a local shop would be a better custodian of their data than a large company – with a smaller business being a less likely target for hackers, and more likely to care about its reputation.
- Only 22 percent felt a national company would be more secure as they follow more security protocols.
- In America the complete reverse is true. Only 47 percent of US consumers said they would trust a local shop more than a large retailer.
- In fact, 28 percent felt a large company would be more secure as they have stricter rules and procedures to follow, while 25 percent thought they had more money to spend on security.
Putting the numbers into perspective
There are of course different ways to interpret the findings. You could say that Brits are less prone to react after a breach, but those that do hold onto negative perceptions for much longer than their US counterparts.
Any way you slice and dice the numbers there is a clear warning for organisations that process and hold consumer data. Perception alone can impact revenue and reputation, and UK organisations will have to work longer and harder to mitigate negative perceptions as part of the recovery process after an incident.
PCI Pal believes the arrival of GDPR has raised cyber awareness in the UK, having a tangible impact on how British consumers view the value of their data, and raising expectations in terms of how diligent businesses need to be in protecting it.
And some similarities transcended cultural differences. Both Brits and Americans’ see the retail and travel sectors as risky business when it comes to their personal data.
UK consumers are ahead of the cyber curve
Generally speaking the UK looks to be leading a growing trend in overall awareness and concern about data security – with Americans slowly catching on. With memories of the PPI scandal still lingering, the survey shows that UK consumers are also more guarded than Americans when it comes to providing personal credit card details over the phone.
On the UK side of the pond, businesses clearly need to work a bit harder to make consumers feel secure, and seed confidence about how their personal data is being captured, processed and stored.
The fact is, hacks and data loss are going to be features of the business landscape for the foreseeable future, and a full picture of the costs they impose may not become apparent for months after an incident.
The long-term damage caused by a breach can be mitigated by how well a company reacts, but organisations need to continually assess their security posture – as well as the level of awareness inside the organisation of how sensitive the issue of privacy and data protection has become for consumers.
Getting this wrong, or allowing perceptions to grow that your organisation is a bit lax where information security is concerned, could be a business killer.