sdecoret - stock.adobe.com

Data breaches set to affect future sales

The failure to protect customer data is set to create long-term business problems for organisations in Europe and the US, a survey reveals

High-profile data breaches and the resulting reputational damage is having a direct impact on consumer buying behaviour, according to a YouGov survey of 7,500 consumers in the UK, France, Germany, Italy and the US.

Some 90% of respondents said they were concerned about their personal data being lost, manipulated or stolen, yet nearly half (46%) feel like they have no choice but to hand over personal data in return for products and services, according to the survey commissioned by security firm RSA.

Monetary theft (74%), identity theft (70%) and having embarrassing or sensitive information made public (45%) were the biggest data security concerns. More than a third (36%) also fear being blackmailed with stolen private images or messages.

Some 84% of UK respondents and 81% of Italians listed security information as a concern, both higher than the global average, while German respondents expressed the most concern about genetic data, US respondent were the most concerned about location data.

As a result, 78% said they try to limit the amount of personal information they share and 49% have falsified information online in an attempt to protect themselves, with 72% claiming to be more aware of privacy threats compared with five years ago. 

More importantly from a business point of view,  62% of consumers said they would blame the company involved above anyone else, even the hacker, if their personal data was exposed, with 78% saying a company’s reputation relating to its handling of customer data made an impact on their buying decisions.

In fact, an average of 69% said they have or would boycott a company that showed a lack of regard for protecting customer data, with 82% of UK respondents saying they do so.

Some 60% of all respondents said if they hear that a company has been selling or misusing data without consent they will avoid handing data over to them, and 58% said if they know a company has been mishandling data they are less likely to buy services from them.

“As milestone regulation, such as GDPR [General Data Protection Regulation], comes into effect this year, data security and privacy are hot on the agenda for consumers and companies alike,” said Rashmi Knowles, European field chief technology officer for RSA Security.

“Consumers are keenly aware of recent high-profile breaches, and are demanding much more from the companies that handle their data. The business impact of not ensuring appropriate levels of security will reach far beyond fines for compromising customer data,” she said.

“With more than half (54%) of respondents less likely to buy from a company they know has been mishandling data, and 62% inclined to blame the company above anyone else if data is lost, it’s clear consumers are ready to vote with their feet against organisations that fall short of their expectations. The financial and reputational damage of a data breach in 2018 could be devastating.”

Read more about the GDPR

The research further underlines the business benefit of ensuring customers’ data and privacy is protected. More than half (53%) of respondents said they were more likely to shop with a company that could prove it takes data protection seriously.

“Consumers clearly understand the value of their personal data and, while there may rightly be occasions for caution, they are willing to part with it under the right circumstances,” said Knowles.

“Almost a third (31%) of respondents believe companies that have more of their customers’ data are able to offer better and more personalised products, and over a quarter (26%) would gladly trade their data for an improved customer experience or service.”

After the compliance deadline for the European Union’s (EU’s) GDPR on 25 May 2018, RSA Security predicts that organisational privacy and data protection failings will become even more transparent because businesses will be forced to disclose any breach of the regulation.

Under this microscope, the security firm recommends that organisations must think of the wider business impact of privacy and data protection, while also understanding how to work within the GDPR to their advantage.

The research report points out that the GDPR will affect all companies that handle EU citizens’ data, including US cloud providers and businesses in post-Brexit Britain.

“The far-ranging nature of this legislation, rising consumer awareness, and the potential financial impact of customer backlash and regulatory action make it critical that businesses review their data collection and processing frameworks now, to understand their risk exposure in the future,” the report said.

As businesses continue their digital transformations, making greater use of digital assets, services and big data, the report said they must also be accountable for monitoring and protecting that data on a daily basis.

“When new regulations like GDPR come into play, fines for violating data protection laws will grow, adding punitive damages to the other costs of a data breach,” the report said. “Before this happens, organisations need to know where data resides, who has access to it and how it's being secured to understand the risk it brings to their business.”

The report recommends that organisations should understand what personal data they process, address privacy at every level, take a risk-based approach, and ensure that their privacy strategy involves breach response, data governance, risk assessment and compliance management. Organisations should also pay attention to incident response, access controls and documenting data governance processes.

Read more on Privacy and data protection