Businesses today have a trust problem. Every single industry received a less than 50% ranking when McKinsey asked consumers which industries they trusted with their data. Healthcare and financial services were named the most trusted—but only by 44% of consumers. Other sectors had even more dismal trust ratings including retail (18%) and media and entertainment (10%).
The stakes are high. And it’s not just because the costs of a data breach are exceedingly high and growing. It also means lost business. The same McKinsey study revealed that 87% said they would not do business with a company because of security concerns.
Here are 10 things customers want organizations to be mindful of when it comes to trust:
1. Cybersecurity: Don’t Let Criminals Get My Data
Consumers want businesses to keep their data private and secure from bad actors, nation states and other cyber criminals. But data breaches and ransomware keep coming. A full 70% of organizations say they suffered damage to their corporate image following a breach, according to a recent Global Incident Response Threat report. That’s not surprising as 81% of people in a consumer trust survey said they would stop engaging with a brand online after a data breach.
Enterprise security isn’t a product. It’s a strategy. A proactive security approach can help ease consumer concerns. It involves using existing infrastructure in real time—across apps, clouds and devices—to adapt as it protects data. By learning how to use what is already there in new ways, organizations can unify security and IT teams, and prevent, detect and respond to threats swiftly and effectively.
2. Internal Threats: Don’t Let Employees See My Data Without Good Reason
Outsiders aren’t the only threat to customer data. The 2020 Cost of Insider Threats report identified that insider threats grew by 47% between 2018 and 2020. Negligent employees were responsible for most of the events. It took 77 days on average to contain insider threats. Often, insider security issues arise when employees get access to data that they shouldn’t—or misuse their clearances and authority.
Strict role-based access to data with strong, multifactor authentication can help ensure that even the highest-ranked insiders cannot access data they don’t absolutely need.
3. Transparency: What Are Organizations Really Doing with My Data?
Another top concern among consumers is that they’re never quite sure how their data is being used. But almost half (48%) surveyed by RSA believe legitimate reasons exist for companies to collect and use their data. Yet, people are still distrusting.
Companies should be very clear when telling consumers how their data is being used or shared with others. It’s a requirement of the European Union’s General Data Protection Regulation (GDPR) and other new privacy laws. For transparency, information needs to be prominently displayed, not buried in small text at the end of long consent statements.
4. Choice: Let Me Opt Out of Using My Personal Data
Consumers don’t feel they can effectively protect or control their own data. Many can’t figure out how to do it. Others feel they have no choice if they wanted to make use of an app, service or website. Some just don’t understand their choices.
Consumers want options spelled out clearly, in easy-to-understand language. And they want privacy regulators to ensure companies are doing what consumers direct them to do. Organizations need to give consumers crystal clear choices of what data they can collect and what they do with it—and then stick to their word in implementation.
5. Ease of Use: Don’t Make Security Too Intrusive
A majority of consumers (65%) are frustrated by login experiences, according to the Trust and Accountability in the Era of Breaches and Data Misuse survey by Ping Identity. That’s because of arduous security practices. One-third of consumers stopped using a device, app or service after a bad experience.
Here’s the conundrum: consumers want their data kept secure. But they get impatient when strong authentication methods prevent them from doing or getting what they want quickly. Governments, healthcare and other organizations are moving to identity and single sign-on methods that ease this frustration.
6. Personalization: Don’t Be Creepy
Over the past decade, consumers have agreed to share their data with brands in return for better customer experience. Today, personalization is a part of consumers’ lives—from recommendation engines to pop up ads to social media engagement. But cynicism is creeping in. According to a study by Accenture, of the consumers served ads they deemed as “too personal,” more than 71% said the ads possessed information that they had not directly shared.
Increasingly, companies need to find common ground with consumers to meet their mutual needs while keeping privacy top of mind. This of course will become more difficult as artificial intelligence, machine learning (AL/ML) and Internet of Things (IoT) technologies go mainstream—both at work and at home. The pervasiveness of emerging tech and what it can reveal about people challenges ethical standards of how companies treat consumer data. Just because something can be done, doesn’t mean it should be.
7. Compliance: At a Minimum, Meet Standards
Privacy laws and regulations are multiplying. Many organizations struggle to keep up. Less than half of firms (45%) surveyed recently said they felt “very” or “completely” confident that they will be in compliance with all the new privacy mandates. Such mandates include the EU’s GDPR, the Federal Privacy Act in Australia, Cybersecurity Law in China, the proposed Personal Data Protection Bill in India, Lei Geral de Proteção de Dados Pessoais in Brazil, and more.
Consumers generally approve of privacy laws, challenging companies not only to comply but to let customers know how. The onus is on organizations then to go beyond putting privacy safeguards in place for legal reasons only and do it for ethical reasons. To take the high road, enabling customers to reward them for it.
8. Responsibility: If Something Happens, Own Up to It and Make Amends
Almost half (46%) of consumers told McKinsey that companies that proactively report a hack or a breach gain their trust. Only slightly more important (50%), they said, was to act quickly to mitigate the effects of the breach.
The last thing a business should do is try to keep a breach secret. The truth always comes out—in investigations both criminal and civil. Organizations need to be upfront when they are exploited. Explain what is being done to mitigate the damage, and what help; resources; and if appropriate, compensation; will go to victims.
9. Innovation: Stay on Top of the Latest Security Technologies and Best Practices
Nothing begets trust as much as competence. Consumers want to know that teams are taking a modern approach to security and are aware of the latest security trends. Many cybercriminals are well funded. Most are innovative. It takes a nimble and savvy security team to keep up with them.
Consumers know this. And because customers want to shop with and employees want to work for brands that prioritize data privacy, they will follow the innovation. That means organizations must put proactive remediation in place. Attend cybersecurity webinars and events to stay abreast of new developments. Check vulnerability alert feeds. Patch systems immediately—and automate patching if possible, and more.
10. Due Diligence: Vet Partners Better to Ensure Strong Security Practices
In today’s interconnected world, a company is only as secure as its weakest link. Island hopping is trending up. That’s when an organization is attacked by a vendor through regular communications systems and mined for personally identifiable information and other opportunities to attack. Consumers are acutely aware that large ecosystems put their privacy at greater risk.
Reassure customers by having very public policies about rigorously investigating the security stances of everyone involved in doing business with the brand. Explain the ways that consumers’ data is kept safe with suppliers and distributors and other partners that touch systems, whether directly or indirectly.
Trust Is Precious. Don’t Waste It
Consumer trust, once lost, is difficult to regain. Consumers are getting savvier about knowing how much data about them exists in cyberspace, and are increasingly vocal about wanting more ethical, respectful and legal use of that data. Understanding what customers mean by trust helps organizations meet consumers’ increasingly stringent expectations of privacy and avoid losing the loyalty that every brand seeks.