Think data security and customer experience are mutually exclusive? Think again…
What do Ashley Madison and Medicare have in common? They’ve sacrificed good data security for customer centricity. Today’s reputational risk of data breaches demands both… here’s why.
High profile data breaches like Medicare and Ashley Madison are raising the conversation about the risk of security and data breaches to board level. Directors are becoming more hands on with security governance – but they’re being sold a bill of rights about security based on infrastructure and policy risks.
Directors at Board level need to be looking at how security impacts business performance, and what steps are being taken to improve and monitor these risks.
Why? Security breach is not a matter of infrastructure failure. A data breach, as our friends at Ashley Madison found out, will come at a cost to brand, customer loyalty and revenues.
The financial impact of sensitive data breaches
Just recently, consumer review site Comparitech analysed the impact that data breaches had on closing share prices of 24 companies. The outcome was sobering stuff. Organizations with sensitive data breaches took a greater hit to their share prices than counterparts with less sensitive data breaches.
While the long term impact of share price results from sensitive data losses wasn’t measured by the survey, it’s clear that companies like Medicare and Ashley Madison have more in common than meets the eye. It’s fortunate that Medicare isn’t a public company, like Ashley Madison!
Can infrastructure give you insights?
Infrastructure and policy approaches are woefully inadequate when it comes to evaluating the financial impact of a data breach. Infrastructure alone can’t provide the detail to monitor business performance or changes.
This has to be done at an analytical level. Your security services need to start automating and learning from experience how to appropriately apply the right protection measures when new sensitive data arrives or providing alerts when access anomalies occur.
Directors need to ask themselves the following questions to monitor data performance and minimize reputational risk:
- Do you have the insight to report on how your business is tracking against data risk?
- Can you pinpoint where your brand and valuation risk lies in relation to sensitive data in the organization?
- Can you identify what percentage of data is protected?
- What data needs to be masked, and what doesn’t – and does your system ensure this happens as data enters the organization?
- Are you measuring your overall data risk score from key data sources?
- And do you know why you even need to track it?
To answer that last question, cast your minds back ten years. Do you remember how worried we were collectively with ATM fraud? Do you recall thinking twice before supplying your credit card details online? Today, concerns have moved on. Most of us transact every day online, without a second thought. Younger generations are particularly apathetic towards data privacy
They simply assume data security is a given…
This is now the baseline expectations from your customers, which makes it more critical than ever before to make sure your brand doesn’t fall prey to data breaches that can be avoided by applying granular-level data security measures.
Today, customers attitude can be summed up as: “If I am going to do business with you, I assume my data is safe. And if not, never doing business with you.”
Secure data is critical – move beyond your customers’ expectations and understand the effects it will have on your brand.
Medicare – a reality check
Recent accounts that Medicare records are now available for sale on the dark web have been particularly unsettling. While experts like Nigel Phair from the University of Canberra, believe it’s unlikely to be the result of a network breach, it does mean further trust being eroded in the ability of our government to protect personal information.
Fortunately Medicare doesn’t have loyalty programs, but imagine how it would impact companies that rely on customer repeatability? Unless your service or products are inextricably entwined in your customers’ lives, think how quickly you would be affected by the discovery of any customers’ personal information under your company’s guardianship was found to be leaked.
In the future, how organizations prepare for data breaches will be critical to their brand, customer experience and trust.
I’d be interested in hearing how you’re planning to approach this – feel free to leave a comment below or get in touch.