Consumers preferring retailers’ data security ethics over brand reputation

17 May 2018

| Author: Jay Jay

In the past few years, a large number of enterprises have, because of poor data security practices or because of human error, suffered large-scale data breaches, thereby compromising personal details and financial information of millions of customers both in the UK and in the rest of Europe.

With hackers succeeding in breaching their IT networks with increasing regularity, consumers are now more concerned about the security of their personal and financial information than ever before.

A survey carried out by RSA earlier this year revealed that 55 percent of consumers avoid handing personal data to a company they know to have been selling or misusing data without consent, and over 41 percent of them deliberately falsify data they supply to companies so as to protect themselves in the event of a data breach or companies misusing or selling their information.

As many as 78 percent, or four out of every five consumers, also said that their buying decisions are influenced by how certain companies handle consumer data. What this means is that if a firm suffers a massive data breach, it will lose the trust of a large number of consumers who would not be comfortable with dealing with the firm anymore, thereby destroying the firm’s business prospects.

Consumers prefer security credentials over brand reputation

A new survey carried out by Capgemini has revealed that a vast majority of consumers in the UK (79 percent) choose retailers based on their cyber security credentials and 40 percent of consumers would be willing to increase their online spend 20% or more if their primary retailer gave them certain assurances which built their trust.

Such assurances include enhanced security of in-store devices such as kiosks, the safety of websites and apps, the safety of stored personal or financial data, and transparency around the use of such data. In fact, people value cyber security credentials of retailers more than their brand reputation, discount offers or loyalty programmes, and even refund and replacement offers.

Consumers surveyed by Capgemini said they want retailers to take specific actions to improve their cyber security and data privacy such as encrypting stored data, having a clear and transparent data privacy policy, giving consumers control over what data the retailer can store and for how long, using PIN and chip cards instead of swipe and sign ones at stores, implementing fingerprint-based authentication on websites or apps, and using advanced anti-malware tools at stores or servers for online shopping.

In the UK alone, 39 percent of consumers told the surveyors that they would increase their spending by at least 20 percent if retailers assured them that their personal and financial data collected by them are safe with them. Similarly, 38 percent consumers said they would increase their spending if retailers explain to them how they are going use their personal and financial information, and 37 percent consumers would increase their spending if retailers assure them that their websites and apps use the most

advanced security techniques.

“Globally, we found that the share of satisfied customers increased from 9% to 22% if consumers knew their primary retailer had implemented these capabilities. Retailers can

secure a competitive edge over competitors by positioning themselves as safe custodians of customer data,” Capgemini noted.

Retailers missing a golden opportunity

Despite a majority of consumers preferring retailers based on their cyber security credentials, Capgemini noted that retailers do not appear to be focusing on the cybersecurity and data privacy capabilities that can drive customer satisfaction.

For instance, less than 50 percent of retailers have fully implemented encryption of stored data, have a clear and transparent data privacy policy, or have given consumers control over what data they can collect and store, even though these factors top consumers’ list of priorities. While 70 percent of consumers want to be assured that their financial and personal information is safe, yet only 44% of retailers are taking this step.

The firm also observed that retailers are reluctant to inform their consumers about data breaches. While 57 percent of retailers suffered data breaches between 2015 and 2017 and 40 percent of them suffered breaches that led to the loss of customer data, only 21% of consumers had heard their primary retailer’s name come up in relation to a security or data breach.

“Most consumers (66%) say that they would stop or drastically reduce transactions if they learned from the media that their primary retailer suffered a data breach, regardless of whether consumers’ data had been compromised during the breach. However, only 31% of retailers say that they reached out to their customers to inform them of a data breach in advance of the media,” it said.

“I think we (as retailers) have a decent-sized target on our backs. It’s about access and visibility. People can see our products and services and the exchange of money for those goods, and they understand the scale right away. And coupled with the collection, storage and processing of our customer data … this is a large risk and our biggest vulnerability,” said Tyson Martin, Chief Information Security Officer at the Orvis Company.


UK businesses to receive unprecedented data requests following GDPR rollout stored personal details of 37mn customers in “plain text”

Source link