Don’t be lulled into complacency that your customers trust what you do with their data, writes Stephen Walsh, Senior Director, Security, CA Technologies.
Recent European digital trust research reveals a perception gap, with many organisations believing customer trust to be significantly higher than the reality.
Data breaches are now so commonplace they rarely catch our eye. Reports of malicious or inadvertent loss of confidential customer data are now a daily occurrence —whether it’s a major financial company, an airline, a telecoms provider, or smaller organisation. The same circus typically follows: the company’s spokespeople apologise, fiscal penalties are threatened, security tightened…but then everyone moves on.
What many organisations fail to appreciate is the damage to their reputation caused by the data breach: in particular, the deterioration in digital trust between the organisation and its customers. That loss of digital trust can result in a dramatic loss of revenue, diminished shareholder value and a rapid exodus of customers to competitors.
The recent study The Global State of Online Digital Trust Survey and Index 2018 report, conducted by analyst firm Frost & Sullivan and commissioned by CA Technologies, explores this phenomenon. The report found that 43 percent of European customers would stop using an organisation if they experienced a data breach of their personal information. Moreover, 59 percent of organisations report a strong to moderate long-term impact to their business results following a data breach. Make no mistake, digital trust matters. Worryingly though, European organisations erroneously believe that the digital trust among their customers is significantly higher than the reality.
The Digital Trust Index calculated by Frost & Sullivan established a sliding scale where a one represents “no trust” and 100 is “total trust”, based on metrics such as how willing consumers are to share personal data with organisations, how well they think organisations protect that data and the extent to which consumers believe companies sell personal data on to other companies.
European consumers’ trust in organisations was measured at 56 points out of 100 in the Index, signaling only marginal faith in companies’ ability to protect their data. European organisations meanwhile scored 74 on the Index—a perception gap of 18 points—revealing a significant difference in the perceived versus actual consumer trust.
Data breaches are not the only threat to digital trust. Only 52 percent of European consumers are willing to provide organisations with their personal data in exchange for free or less expensive services. However, two-thirds of European organisations admit to using consumer data internally, including personally identifiable information (PII). And 53 percent of business executives admit their organisation sells consumer data (including PII) to other organisations/business partners. Get digital trust right and the rewards will arrive: at a global level, consumers reporting high digital trust scores spent on average 53 percent more online. Factors impacting their judgement include the lack of a data breach, use of browser certificates and transparent privacy information.
So how can your organisation turn the dial up on digital trust? Success in the digital economy requires a security-first mindset: one that protects data more effectively against abuse. Several components are needed to deliver on this strategy, including:
1. More control over data access rights and consistent audit of security practices
Information sprawl arising from digital transformation makes it harder to know where every byte of data resides. A consistent, unified approach to data discovery and audit will reveal the location of that data, ensure your systems are patched on a regular basis, that applications are closed against vulnerabilities, and that cloud systems are configured securely. Privileged access management solutions can also help you effectively control, monitor and audit privileged accounts.
2. Modernised approach to identity and access management (IAM)
To succeed in today’s digital world, you need to open up your business, so users can access the data they need. But the more open you are, the more vulnerable you become. Modern, end-to-end IAM security solutions give you the freedom to connect everyone to everything from everywhere—along with the confidence that your critical corporate data is secure.
3. Protecting PII beyond the network perimeter
GDPR and other data privacy legislation holds your organisation accountable for PII data breaches, with stiff penalties for non-compliance. With this in mind, organisations need to implement strong encryption, discretionary access control and continuous vulnerability scanning. No matter if the data is stored internally or externally, shared with partners or services providers, organisations must continue to enact proper security controls and enforce least privilege access to data throughout its lifecycle.
4. Rigorous application security testing nurtures digital trust
Speed and agility are key to winning in the application economy. But speedy delivery does not have to mean low-quality, insecure software. Application security testing tools eliminate the friction that arises when security is detached from the development process, ensuring secure code becomes synonymous with high-quality code. “Shifting security left” to fix security flaws early in the development process significantly reduces your potential cyber risk exposure, lessens overall costs and ensures your users have a trusted experience.
Embracing these steps will begin the process of incremental increase in consumer trust among organisations at a time when this valuable commodity is dwindling.
