Security-conscious customers need more information from the companies they do business with

If data is the ‘new oil’ of the global digital economy then, like oil, we have to accept it comes with some negative environmental impacts. The ‘pollution’ of the data world ranges from privacy concerns and data breaches to inaccurate data. Concern over this ‘data pollution’ is on the rise. According to Eurostat, the office for statistics in the European Commission, 25% of Europeans have avoided handing over personal information because of security concerns and 44% have limited their private internet activities in the last 12 months.
The upside of this wariness is that it’s creating a much stronger business case for investing in security. Until now, security investment has been perceived by businesses as something that has to be made – a cost of doing business rather than a profit-driving activity. This means the amount spent on security is continually constrained. With  increasing evidence that customers won’t buy services unless they’re confident about the security of those services, security has become directly tied to the bottom line. In theory, at least, this should increase the flow of investment towards security products and initiatives.
Some commentators say this is too little too late. But Omnisperience believes that if you improve your security based on the needs and expectations of future security-conscious customers, you create a win-win.
While customers may previously have taken the view that a security breach wouldn’t happen to them, social channels have transformed this. In 2020, news of the latest breach or attack spreads like wildfire through social channels, online media and trade press, and customers spend far more time reading these sound bites than they did even five years ago.
This means that when they read that 43% of cyber attacks are on small businesses (Verizon DBIR), 34% of incidents are insider attacks, and no industry is off limits, they’re far more likely to sit up and take notice.
According to Eurostat, 1% of the EU population experienced financial loss resulting from identity theft, fraudulent messages or redirection to fake websites in 2019. That’s just over 5 million people who were financial impacted. This doesn’t include the impact on the businesses that held the data – operationally, financially, in terms of brand damage and, increasingly, the fines levied by regulators under GDPR (see Is GDPR fit for purpose in the public sector?)
With increased awareness and increased consequences, it’s no wonder both businesses and consumers are paying ever more attention to security credentials.

What services did customers avoid using due to security concerns
Social or professional networking 25%
Public WiFi 19%
Downloading content 17%
e-commerce 16%
Internet banking 13%

Source: Eurostat 2020
But herein lies an opportunity. To take advantage of it, the security industry needs to change focus, and address the issue of customer knowledge.
Historically, organisations have been resistant to revealing how secure they are and what security measures they have taken to ensure transactions and data are secure. Being too open about security arrangements was perceived as laying down the gauntlet to hackers to test resilience, or providing them with information they could utilise in attacks.
In the B2B world, a level of due diligence already exists to ensure that partners have the security needed to enter into business together. Which begs the question: why is the relationship between partners so fundamentally different to the relationship between the business and its customers?
Keeping everyone in the dark about security measures is an approach that assumes hackers can’t easily and systematically find out this information. Omnisperience believes this is misguided: opaqueness is no longer a defence. Instead, organisations of all sizes should educate their customers on the following:

  • Data storage – providing more information about how data is stored to reassure customers
  • Data breaches – explaining how internal and external threats are managed in an easy-to-understand fashion. Also explaining what will happen if a data breach does occur: how will the customer be informed? what actions will be taken to limit the damage? will service continuity be affected? who/what will be the point of contact for concerned customers?
  • Data sharing – informing customers how their data is being used, even if it is only being shared within the company. Customers also want to know what will happen if someone/an organisation their data has been shared with has been breached.

According to anti-virus provider McAfee, over 480 new high-tech threats are introduced every minute. This is why customers need to know that organisations have a strategy to learn, adapt and combat them. Businesses should treat this as a business strength, rather than as something that will scare the user. Companies that are able to steer clear of the privacy scandals and data breaches, and can clearly explain their security credentials to customers, should use their success as a differentiator in a market increasingly filled with security-conscious customers.