Data Breaches = Reputation Killers!

No one can have failed to notice the increasing reporting of large data breaches affecting well-known companies and organisations. TalkTalk, Target, Sony, Experian, and even the Bundestag, the data breachlist goes on – as well as many lesser known organisations and online retailers.

If you thought this trend is just a reflection of an increased awareness of data breaches in the media, or because reporting of incidents has become more regulated, think again. Statistics show that data breaches are on the increase, becoming bigger, more frequent, and more far reaching.

As our lives become increasingly digitalised, with more and more personal data being stored by organisations and companies, it is inevitable that this becomes a greater and more lucrative target for criminals.

Consumers are naturally worried. Justifiably they have concerns over identity and financial theft, or of data breaches exposing them to further attacks such as telephone scams or email phishing attacks.

The Cost Of Data Breaches To Retailers

The Ponemon Institute in their 2016 study found that the ‘average consolidated total cost of a data breach grew $3.8 million to $4 million’. This benchmark research is of particular interest to those retailers in the DACH region where it was discovered that the average per capita cost of data breach in Germany is $211, second highest to the US’s $217, compared to a global average of $154. The average total organisational cost in Germany is $4.9 million, again higher than the global average.

According to this research the retail industry’s average per capita cost has also increased dramatically from $105 in 2014 to $165 in 2015.

Alongside the financial costs of rectifying a data breach, damage to an organisation’s reputation can be a significant and often unquantifiable cost.

High profile data breaches are likely to make consumers think twice about sharing their card details and personal data with those online retailers affected, and this can make the acquisition of new customers a substantial challenge. It also has the potential to reduce revenues for retailers who rely on collecting specific data to enable the targeting of customers using social and CRM systems.

Affected businesses may initially need to instigate a damage limitation exercise with a PR campaign, and then invest more in advertising and marketing to improve their brand image and rebuild confidence in their services.

Customer loyalty may also be damaged, resulting in some customers taking their business elsewhere. A 2015 global survey by Gemalto revealed that ‘64% of consumers say they are unlikely to do business with a company where their financial or sensitive data was stolen.’ Furthermore, ‘49% of consumers surveyed would consider taking legal action against companies that had consumer data stolen.’

It is clear that when it comes to data breaches consumers feel it is the fault of the brands and companies involved, not that the retailer is an unfortunate victim of cyber crime.

Online retailers and digital businesses affected by data breaches need to address this, first by doing what they can to protect their customers (for example by offering a free credit monitoring service); then through their customer relationship management strategies, offering incentives to keep subscription customers on board, and discounts and offers to entice consumers back to their online stores.

Lessons That Retailers Can Learn From High-Profile Data Breaches

Naturally the first step to keep your reputation in tact is to ensure there are robust cyber security measures in place to prevent data breaches, and by protecting customers’ financial information and ensuring only limited data is kept within the retailers’ remit.

As consumers become more aware of cyber security issues they are increasing looking for signs that their data is protected, and also signs that they might be compromised. Online retailers can provide them with the reassurance needed in the following ways:

  • Trust Badges: Displaying recognisable security trust badges on home pages and payment pages is a vital step in reassuring consumers on the security of a website,
  • Secure Sockets Layer (SSL): Customers look for ‘https’ and the padlock symbol when buying online,
  • Omni-Channel UX Journey: While a mobile website will behaviour differently to the desktop version it is essential that consumers experience a seamless customer journey on both, reassuring them that the website has not been tampered with,
  • Fast-loading Payment Pages: When using a payment service provider the online payment gateway must be fast and responsive so that customers have confidence they have been directed to the correct site, and that their data is secure.
  • Alternative Payments: Offering alternative payments such as SOFORT or PayPal is another effective way to build trust with consumers, allowing them to choose a payment method they already have confidence in.
  • Two step authentication: The online equivalent of ‘chip and pin’ uses a combination of something the user knows, (e.g. a pin or password) with something the user has, (e.g. a token or mobile/smart phone) or something the user is, (e.g. a fingerprint or retina recognition).

Lessons can also be learnt from the way data breaches have been handle by well-known companies. A fast and proactive response that prioritises the consumer’s concerns will limit damage to reputations: a lesson that many recent victims of data breaches may wish they had previously learnt.

Retailers should plan for data breaches, not just in terms of business continuity, remediation etc., but also what steps they should take to protect and restore loyalty and trust, and manage reputation should a data breach occur.

If you want to discuss this further, please feel free to contact us any time.