As data security moves up the boardroom agenda, businesses have never needed to address the issue more urgently. The constant stream of data breach headlines pertaining to some of the biggest companies in the world indicates the fever pitch we’re reaching.
As an example, a recent data breach at the Australian Red Cross left the blood donor data records of over 1.2 million exposed, affecting its long-term efforts to encourage people to sign up to the donor scheme. More worryingly, it was the largest data breach in the country’s history, which indicates a general worsening trend in the scale of such attacks. As such, the breach may well have significantly compromised consumer trust.
In fact, when linked with customer satisfaction, these incidents are creating increasing alarm. Recent research into the state of consumer confidence in relation to data privacy revealed that security fears stop half of UK consumers from sharing their personal data. Furthermore, over half of respondents plan to share less data over the next three years, with a third claiming that nothing could incentivise them to share their data at all.
While businesses look to win back customer trust, they must also consider the regulators. Customer demand for more effective data protection is a key driver in the General Data Protection Regulations (GDPR) that will be enforced from May 2018. As the volumes of personal data being handled by organisations increases, so will the levels of red tape businesses need to contend with.
Worryingly, those who fail to manage and protect sensitive information could receive a hefty fine of up to 4 per cent of global revenues - a sum that could severely impact business viability. In addition, following the UK’s decision to leave the European Union, companies operating in the UK will need to have much greater visibility into their data assets to ensure they can navigate the potential complexities which will develop if the UK puts its own data regulations in place.
Adopting a robust data-centric security programme
Treating security as an enabler will support those looking to attract new custom and retain their existing customer base. This involves taking a revised approach to data management. Although effective, many of the cyber security techniques in place today (firewalls and anti-virus applications) are insufficient to provide the complete protection that modern digital users require. Whether in the public or private sector, all kinds of organisations need to ensure that they adopt a data-centric security programme that prioritises defence based on the movements of the data itself, rather than simply trying to establish a border strong enough to keep out intruders.
Rather than treating data as a single entity to be protected, businesses must be able to track and trace the proliferation of information across the organisation in order to understand how it was created, whether it is secure and where it is propagated. It is only with that deep metadata that companies can ensure the right measures are in place to protect personal data effectively, meet regulatory demands and allay security concerns. Ultimately, it’s this kind of approach that will go further towards guaranteeing income streams. Commercial activity can be seriously damaged by a data leak, so investing in the right security will ensure the viability of the business.
Bolstering security measures is just half the battle. Long-term, business must reassure customers by securing their data in a bid to take proactive steps to build trust. Companies need to boost consumers’ confidence in their products, services and security measures by listening to what they want and responding as a result. Social media has created an open gateway whereby consumers can communicate effectively with companies and, as a result, is being used as a communication platform to air views, including both positive and negative feedback.
Consumers are increasingly vocal in their demand for control over how their data is stored, archived or deleted across social networks. By giving them more autonomy over what happens to their data, businesses have the opportunity to restore trust and demonstrate effective communication.
For example, a major part of Snapchat’s USP is the deletion of images after 10 seconds, with consumers enjoying the sense of anonymity and privacy which this brings. However, recent rumours that these images were stored in the company’s servers damaged that relationship, prompting fears of covert data stockpiling. The company was quick to reassure customers that this was not the case, repairing the rift. Openness and honesty are key when it comes to security communications - letting customers know exactly where their data is and, if possible, giving them the final say over whether it is stored or deleted.
Be the business that consumers trust
Businesses need to be able to compete on customer service, rather than price. As a result, purchasing decisions are now heavily influenced by how trustworthy an organisation is perceived to be, the investment it has made into data security and how it acts in the event of a security breach. As data breaches continue to rear their head in the headlines and the changing regulatory landscape continues to evolve, the organisations that master data protection and breach resiliency will be the ones that win the trust of the consumers.