A data breach can truly cause serious damages for the company, both financial and reputational.
How many times have you heard that data is the new oil? If that is the case we have to assume that they share the same characteristics- leaking and causing catastrophic events.
What does this mean in terms of numbers and facts? Let’s find out!
What are the consequences of a data breach for a company?
When a company faces challenges imposed by devastating data breach it can be incredibly difficult to navigate to the clear waters. Top priorities should be to evaluate the situation, minimize further damages, and to notify everyone affected.
It may not seem that way immediately but in the long run, the protection of personal information of your customers should always be a priority.
Also, the way the company handles the situation will affect the way the consumers will perceive the company in the future.
A few years back, Uber found out that hackers had accessed personal data of 57 million riders and drivers. Instead of coming forward with the situation, they decided to pay hackers and cover it up.
Obviously, the cover-up did not work, and by not informing customers and drivers that their personal information has been compromised, they have directly violated data protection law.
For example, GDPR dictates that data breaches must be reported to the supervisory authority within 72 hours of being identified, (unless an exception applies).
After everything went public, Uber’s CSO was fired and Uber paid $148 million settlement. Their already shaky reputation was put to test when #DeleteUber campaign was launched by customers who were encouraging others to stop using platform. It all added up and data breach did not help.
There was a lot of negative publicity at that time with Uber and the competitors saw the opportunity to challenge Uber, who was thus far the undisputed market leader.
This example shows a series of bad decisions made by upper-level management who ignored the importance of reputation management. This affected the company over a long period of time, resulting in financial penalties, reputation damages and loss of customers.
What happens with a company’s online reputation after a data breach?
The Edelman Trust Barometer research from 2019 shows that 65% (their highest historical levels) of consumers trust online search engines the most when conducting research on business. This means they will consider it a reliable source of information.
Make peace with the fact that your past reputation will follow you, but you can control what happens later. Although there are artificial ways to affect your online reputation, there’s no way to effectively create a false impression with any lasting power. This is no way to go.
Customers now, have a very effective platform to speak their minds and leave their reviews, instead of trying to control their behavior you should try to control the situation by navigating your business decisions to what customers want.
Clear communication and transparency in the way you process personal information will help you build trust and strengthen the relationship with the customers. You can not escape what happened but reputation damages caused by a data breach are far from irreparable.
Focus on prevention. Your company should create carefully constructed data security and data privacy policies and detect the most probable and destructive scenario to be able to prevent it before it occurs.
In some industries this is prerequisite, but it is no longer just banks and telecommunication companies that should have this sorted out. Most of the businesses collect data to refine their marketing strategy or to improve customer experience and should be responsible about it.
The responsibility of the company is to do whatever possible to assure customers that their data is safe.
With the GDPR, a wave of legislative around the globe is making customers aware that their personal data is valuable and most importantly very exposed. How companies handle their personal data will be more and more important and it will become the core of any reputation strategy. Customers want trust and transparency.
How is data breach affecting customer relationship?
There are numerous companies (eBay, Equifax, Marriott International…) that were ruined by a data breach or their reputation was seriously endangered.
A data breach is one of the three most common and fastest ways to undermine company reputation (the first two being poor customer service and environmental incident). A company can truly live and die by its reputation.
Consumers place a significant amount of trust in the companies they share personal data with, and they do so because 71% of them believe those companies accept an obligation to control access to it. However, according to the Ponemon Institute study, less than half of CMOs and IT practitioners are taking responsibility for it.
62% of consumers say in the past two years they have been notified by a company or government agency that their personal information was lost or stolen as a result of one or more data breaches.
Nearly two-thirds reported that the incidents caused them to lose trust in the breached organization. As a result, nearly a third took steps to terminate their relationship with the organization (Source: The impact of data breaches on reputation & share value study independently conducted by the Ponemon Institute).
What is the cost of a Data Breach?
In 2018 the 13th annual Cost of a Data Breach study was independently conducted by Ponemon Institute.
The study stated the global average cost of a data breach is up 6.4 percent over the previous year from $3.62 to $3.86 million.
The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year from $141 to $148. It seems the cost of a data breach will increase by the year.
There is also a relationship between how quickly an organization can identify and contain data breach incidents and financial consequences.
The average time to identify data breach by the company was 197 days. The average time to contain was 69 days.
When a data breach happens it is not the end of the road for the company, study shows that companies that contained a breach in less than 30 days saved over $1 million vs. those that took more than 30 days to resolve.
How to (re)connect with customers and build trust?
On the other hand, when your company is perceived as having a good reputation, it can result in a number of positive things, lessening the risk and accelerating profit of the company.
Good reputation management also helps create happy, loyal customers who in return become brand advocates spreading the word about your company. According to Salesforce research from 2018, there is only one way to get there: transparency and control.
For a company that operates on a large scale, it is of the utmost importance to operationalize Data Protection by keeping the data safe and implementing Data Privacy processes. Also, to be fully transparent it should provide its Customers with a self-service privacy portal where they can manage their privacy preferences and get information about how the Company is processing their data.
Proving that you are compliant with data protection laws will be a new form of good PR.
In the recent research “State of Connected Customer” by Salesforce some incredible insights were given about what would make customers increase the level of trust about companies that process their personal information. Frankly, the answers given were quite reasonable:
- 92% of customers stated that they would be more willing to trust a company with their personal information if they would have control over what information is collected about them (Data Privacy Manager has a built-in portal for managing customer’s privacy settings, a simple solution that will give customers complete control over their personal data.)
- 91% would appreciate transparency about how their information is used
- 91% said that they would like to see a commitment by the company to protect their personal information
- 88% would like a company to ask for their explicit consent to use their information (which is legally required by the GDPR anyway)
- 88% of customers do not appreciate sharing their personal information with third parties without permission
- 86% would be more willing to share their information if you would explain how using their personal information will improve their customer experience
- 78% would trust you with their personal information if you can fully personalize their customer experience
What can you do to make your customers trust you more?
In 2018, customer expectations have hit all-time highs (according to data-driven research on more than 6700 customers), they know their rights and are not afraid to exercise them.
Keeping a record of their activities and requests becomes a complicated process and that is why automatization is the key.
As the company progresses even further with customer acquisition, data collection and market expansion, automatization of the processes will become unavoidable.
Protecting customer data, fulfilling their rights and building trust are three interconnected things. There is a quick checklist on how to start that journey
- explain to the customer why you are asking for their data, how it will be used and who is going to process it
- respect the deadlines for resolving customer requests and enable customers to exercise their right that GDPR (or any legislative) has given them
- show them how collected data is going to give them useful information or a better customer experience
- protect their data by any means available and adjust the level of data security to the sensitivity of their data