February 9, 2018

RSA Survey: Why Protecting Customer Data Is More Important Than Ever

With the global rise of cybersecurity incidents over the last decade, and the implementation of GDPR just around the corner, discussions of customer data and privacy have never been more prevalent. The RSA are global leaders on cybersecurity, and they yesterday  released a report on data privacy. The RSA survey was undertaken “to understand the value that the average consumer puts on privacy and to identify the ways that data collection, storage, compliance and security trends can impact business.”

They divided their research into three key findings:

1. Consumers are most concerned about their financial wellbeing

The first observation, that customers are most concerned about their financial wellbeing, is unsurprising. Worries about having bank details and other financial information hacked or shared has always been top of the list of consumers’ data anxieties. While online banking is fast and efficient, and most of us couldn’t live without it, it has always been accompanied by justifiable security concerns.

More recently, the definition of Personally Identifiable Information (PII) has broadened, with the GDPR encompassing anything from names, photos, posts on social media, email addresses, bank details, and IP addresses, all the way through to genetic data and DNA. However, despite these new additions to what we consider PII to be, it appears highest on the radar among consumers regarding personal data loss are still traditional financial security concerns.

80 per cent of respondents said they felt protective of their financial/banking data, and when asked what they were most concerned about with regards to data breaches, 74 per cent said having money taken from their account without them knowing. Identity theft was the second most pressing issue, with 70 per cent replying that having their identity stolen was a concern.

What the report did turn up was that younger millennials, aged 18-24, were more concerned about having stolen personal information such as messages or photos used against them as blackmail. With younger people sharing more than ever before online and the recent development of revenge porn, it should perhaps come as no surprise that this is their biggest concern; after all, younger people tend to have less money to worry about.

2. Consumers’ awareness of data capture and breaches is growing

The discovery that consumers’ awareness of data capture and breaches is growing also doesn’t come as much of a shock when considering the numerous data breach scandals that have hit the headlines over the past decade. In recent years, the number of cybersecurity incidents has been increasing, with well-known companies such as Yahoo, eBay, Sony, Uber, Three, and many more reporting cyber-attacks and data breaches affecting hundreds of thousands of customers.

The report found that 73 per cent of respondents claimed to be more aware of data breaches compared to five years ago. As customers are becoming more informed, they expect more from the stewards of their data, and 62 per cent said they would blame the company that lost their data before blaming hackers or third parties. This highlights the level of culpability consumers place at the door of the companies collecting their information.

78 per cent of respondents said that company reputation relating to its handling of customer data made an impact on their buying decisions, and 82 per cent would completely boycott a company that repeatedly showed no regard for protecting customer data. As household-name brands make lucrative targets for hackers, it appears that ensuring customer data is looked after and protected is more important than ever.

Tim Boughton, CTO and Co-Founder of Mention Me, recently gave a presentation on trust marketing at the Figaro Digital Marketing Summit, stating that “the amount of trust that customers have in your brand is directly related to how strong your brand is.” Tim described trust as “an engine for growth” and said that “having trusting customers really brings value to your business. You get much higher engagement when you talk to those customers, you get much better repeat rates, and people come back and spend more often.” He went on to describe how the trust can be transferred when customers share a brand with their friends.

The RSA research verifies what Tim says, and goes even further – it indicates that not only does trust improve engagement, and benefit companies by increasing repeat rates and referrals, in some cases trust is a decisive factor in whether a customer will engage with you at all.

Tim discussed the ways in which a company can inspire trust from their customers, focussing on retail examples such as selling products of good quality and value, delivering excellent customer service, offering speedy delivery times, and an easy returns process. What the report makes clear is that up there with providing a good service is ensuring you make customer data privacy a priority, and have a good reputation for doing so. In our increasingly digital society, it is becoming more and more important for users to feel their data is safe.

As the report notes, consumers will be helped to achieve better data transparency in the coming year with the new requirements about breach notification and reporting. Under the GDPR, data controllers and processors will have to supply a detailed report regarding any breach of personal data to their local data authority, within 72 hours of becoming aware of it. Preventing companies from concealing data breaches in attempts to save face will be reassuring for consumers who have been lied to in the past.

3. Consumers’ data collection behaviour is changing

The report found that 78 per cent of respondents limited the amount of personal information they put online or shared with companies, and 41 per cent admitted to intentionally falsifying personal information when signing up for products and services online. 59 per cent of these did so to avoid unsolicited communications, and 55 per cent said it was to avoid marketing. 44 per cent believed the data requested was not relevant to what they were signing up for, and just over a third claimed to have used incorrect information because they didn’t trust the company to keep their data secure.

What companies need to take from this research is that many of their customers are willing to hand over false information, whether it be to avoid marketing communications or in an attempt to protect their data.

Receiving falsified personal information helps no-one. It is inefficient and impractical, and only serves to clog up databases with useless information. Even worse, it could lead to companies contacting the wrong people, through phone numbers or email addresses they have been supplied. This could make receivers feel angry and violated, as they are receiving content they haven’t signed up for. As discussed previously, building trust in a brand has never been more important. If customers trust a company, and believe that their information is safe in their hands, they will be more willing to hand over their real customer data.

Only 31 per cent believed companies having more of their customer data meant they could offer better, more personalised products or services, and an even smaller proportion of just 26 per cent said they would gladly trade their data for improved customer experience/service. This scepticism shows that customers need an incentive to hand over their data – they need assurances that their private information will be kept safe, and that giving their details out will have some benefit to them in the long run.

As the report concludes, the far-ranging nature of the GDPR, rising customer awareness, and the potential financial impact of customer backlash and regulatory action, means it is critical that businesses review their data collection and processing frameworks now, to understand their risk exposure in the future.

Rashmi Knowles, Field CTO EMEA of RSA Security comments that “the financial and reputation damage of a data breach in 2018 could be devastating.” Companies failing to comply with the GDPR face fines of up to 4 per cent of their global turnover or €20 million, whichever is greater. Perhaps equally as problematic is the fact that if a company is perceived to not take data privacy seriously, customers probably won’t do business with them.

While marketing teams have long been in a flap over the GDPR, struggling to ensure their companies are compliant with the new regulations, ultimately the increased customer control and heightened accountability will mean greater trust in businesses, leading to better brand reputations and increased consumer engagement.

The RSA report in full can be found here.