Toolbox Feature: PCI Pal Survey Examines Data Breach Repercussions for Organizations

This article was originally published on Toolbox. View it here.

With data breaches on the rise, security is on the top of mind for consumers around the world. Brands that want to establish or re-establish consumer trust must understand the regional psychological differences in how US and UK consumers react to data breaches and proceed accordingly, advices Jane Goodayle, VP, Global Marketing, PCI Pal.

To no one’s surprise, data breaches perpetrated by increasingly sophisticated cybercriminals continue to be on the rise in both the US and the UK. In the UK, data breach reports have soared under GDPR with the Information Commissioner’s Office reporting that it received more than 14,000 data breach reports from May 2018 to May 2019 (up from 3,311 from April 2017 through April 2018).

Recent Cases of Data Breaches

Most recently, the Information Commissioner announced that it would fine Marriott £99.2 million and British Airways £183 million in penalties, with British Airways suffering the largest-ever fine since the introduction of GDPR. Similarly, in the US, consumers have recently been rocked by breaches this year at Quest Diagnostics, Georgia Institute of Technology, Facebook, Evernote and even the US Customs and Border Protection Agency. Cybercrime is at an all-time high, increasing by more than 10 per cent in the last year (according to a study by Accenture and the Ponemon Institute).

With cybercriminals working overtime to perpetrate these crimes, the reality of a data breach continues to climb. As a result, it is critical for all IT and security teams to understand the impact data breaches can have on their business.

With this in mind, PCI Pal (the provider of secure card payment solutions) conducted a survey of 4,000 consumers in the US and UK to gauge the impact of data breaches and poor data security practices on consumer trust and spending habits. We also worked with psychotherapist Dr. Ellyn Gamberg to gain an understanding of the regional differences from a psychological perspective. The findings revealed the financial and reputational implications of a data breach and provided a stark warning to organizations that aren’t prioritizing security.

US and UK Consumers React to Data Breaches

Unsurprisingly, 44% of Americans and 38% of Brits claim to have been the victim of a security breach, suggesting data security may be top of mind on both sides of The Atlantic. With large-scale data breaches occurring so frequently, consumer trust in organizations is eroding for US and UK consumers alike. But our research also suggests distinct psychological differences in how consumers in the two regions react to data breaches, and how quickly organizations can lose their trust following a breach.

Our findings suggest that American consumers tend to be slower to put their trust in an organization’s handling of their personal data, yet once earned, their trust tends to be longer lasting. Only 21% of those surveyed claimed that they would stop spending with an organization permanently following a breach, as opposed to 41% of British consumers, showing the long-lasting financial impact a breach can have for organizations operating in the UK.

And while the impact can be much shorter-term, 62% of Americans surveyed said that they would stop spending with an organization for several months following a breach, while just 44% of Brits said the same. A clear warning for organizations across sectors and regions, the research also suggested that perception alone is enough to impact revenue and reputation – almost a third (31%) of UK consumers surveyed said that they would spend less with organizations they perceive to have insecure data practices, while only 18% of US respondents agreed.

When it came to trust, UK and US consumers couldn’t be more different. More than half (55%) of Brits have more trust in local stores and businesses to handle their data responsibly, with 30% of those rationalizing that local businesses care more about their reputation while a quarter (25%) believe they are less of a target for would-be hackers.

Conversely, Americans suggested that national businesses would be more committed to security protocols (28%) while a quarter (25%) found comfort in the belief that bigger budgets mean more investment in security practices.

While there are clearly many differences, there are some key similarities between Americans and Brits that organizations need to pay attention to. Both American and British consumers feel that the retail and travel industries have some work to do when it comes to security practices, with 19% of Americans and 40% of Brits responding that they see retail as insecure with their personal data and 16% of Americans and 35% of Brits state that they see the travel industry as insecure.

Best Practices for Organisations Following a Data Breach

Fortunately, for organizations that have been breached or are perceived to have weak data security practices, there are steps that can be taken to win back or establish consumer trust. For breached organizations, the first thing to do is to own up to your mistakes and be transparent with how the company plans to resolve the issue – 43% of UK consumers and 41% of US consumers reported wanting businesses to admit responsibility following a data breach. Furthermore, 59% of UK and 42% of US consumers demanded companies undergo regular security audits to win their trust back.

It’s also equally important to invest in technologies that enable brands to remain GDPR and PCI compliant. For brands using contact centres to engage with customers, this means finding payment solutions that descope contact centre environments from the requirements of PCI DSS. The right technology will provide security while optimizing the customer experience.

For example, Dual Tone Multi Frequency (DTMF) masking technology enables call centre agents to stay on the line with customers completing transactions to foster a positive and seamless experience, without ever seeing payment data or hearing the tone as it’s entered on the telephone keypad. This ensures that personal data is protected from negligent or malicious insiders, and that the data isn’t stored to prevent it from being stolen in the event of a breach.

Winning Back Customer Trust

There are clear contrasts between the two regions with serious consequences, should organizations choose to disregard data security responsibilities. Understanding these differing consumer preferences, as well as cultural differences, is key to retaining and/or winning back customer trust following a breach.

More specifically, Dr. Gamberg explains, “The research indicates differences in measurable responses between consumers in the UK versus America, such as spending habits, customer and brand loyalty; and concern over providing personal data. However, all these behaviors are results of unconscious and conscious thoughts and feelings and cannot be accurately measured by self-report. The expression and internalization of these responses is highly personal and cultural. As a result, it is critical that this be considered to effectively mitigate past damage, and future efforts, to create trust.”

The bottom line is that security is top of mind for consumers around the world and must also be for security and IT teams. Furthermore, brands that want to establish or re-establish consumer trust must understand the regional psychological differences in how US and UK consumers react to data breaches and proceed accordingly.