Asia Pacific Customers Won’t Accept Data Breaches as a Cost of Doing Business
Author(s): John Kendall, Posted on November 16th, 2011
The best business is repeat business – keeping the same customers for a long period of time.
However increased competition through deregulation of many industry sectors such as banking, telecommunications and energy providers, and access to a much wider market to buy from via the Internet, has moved power into the hands of the consumer to decide whether they want to continue doing business with you, or change to someone else.
Customer trust is key to developing customer loyalty. But it can be quickly eroded if consumers feel that they have been put at risk – such as if they find out that an organisation they have been dealing with has suffered a data security breach.
This is particularly the case in Asia Pacific where, according to the latest Unisys Security Index™, at least 8 in 10 people in Australia, Hong Kong, and New Zealand would stop dealing with an organisation, such as close their account, if they found out that the privacy of their personal information had been compromised. Of the 12 countries surveyed in the global research study, Australians are the most likely to say they would take such action, with Hong Kong and New Zealand not far behind.
Of course this is what people say they would do, and some sceptics point out that Sony hasn’t exactly fallen in a heap after its recent PlayStation security breaches. But Sony’s PlayStation customers have made a significant investment in their console and games software so there is a deterrent to simply swap to another gaming platform. In contrast, we are regularly bombarded with marketing offers from mobile phone carriers, home loan lenders and energy providers with attractive rewards to change over, often with the offer to manage the administration of changing providers for you. In these “utility” markets it has never been easier to change – and the customer knows it.
The survey also found that many people say they would consider other actions such as publically exposing the issue and taking legal action. It is almost as though they want to punish the organisation for putting them at risk.
There are currently no laws for mandatory data breach notification in Australia, Hong Kong or New Zealand. Given the possible reaction of customers some might argue there is no incentive for businesses to tell customers about a data breach. But organisations do have a responsibility to inform their customers immediately if there has been a breach so that customers can take actions to minimise their vulnerability to financial or identity fraud. They may even win some brownie points if they are seen to act quickly and helpfully. Also, consider the impact if an organisation is caught trying to cover up such a breach – damage to reputation and loss of customer trust. Better to have quick and transparent communication with customers and work with them to reduce their vulnerability. You have more chance of retaining your customers’ trust that way.
Mandatory data breach laws would make sense if it is found that businesses (and government organisations) fail to act responsibly off their own bat. But the focus should be on those breaches where there is real risk of harm as a result of the breach (eg access to financial details; risk of identity theft; access to biometric data etc).
The Unisys Security Index (conducted since 2006 in Asia Pacific) has consistently found that the top two security concerns for the public are data security related: people obtaining/using credit/debit card details; and unauthorised access to/misuse of personal information.
No wonder they are putting business and government on notice that that they are not going to passively accept privacy breaches.
|Percent of public saying they would take the following action in the event of a data security breach|
on that organisation’s websites and other websites you use
with that organisation, such as close the account
with that organisation, but not online