Companies are losing the battle to protect customer data and information, and what is at stake is one of the most important aspects in the relationship between consumers and the companies they do business with: Trust.
No company is immune to data breaches, even major corporations that spend tens of millions of dollars on data security every year. This year, the list of the breached is a who’s who of corporate America - eBay, Neiman Marcus, Target, JP Morgan, Home Depot and, most recently, Sony Pictures. In the wake of this cyber drama, no industry has been spared or been able to stop the rising tide of data breaches.
Indeed, this year alone there have been more than 1,300 data breaches reported worldwide containing the personal or financial information of nearly 665 million customers. This is 30 percent more than last year, and it’s likely only to get worse.
Until now, consumers have appeared apathetic about identity compromise and numbed by the daily breach headlines. But the reaction to recent data breaches such as Sony Pictures shows that attitudes are changing. Indeed, a recent survey of more than 4,500 adults across five of the world’s largest economies – U.S., UK, Germany, Japan, and Australia found that nearly two-thirds (65 percent) of respondents would never, or were very unlikely to, shop or do business again with a company that had experienced a data breach where financial data or sensitive information was stolen. The research also indicated that only half of adults feel that companies take the protection and security of customer data seriously enough.
So, what is really at stake here? It’s trust. As companies collect ever-increasing amounts customer information and as individuals’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data. Until now, consumers may not have been concerned about having their credit card numbers stolen, because there are built-in protections for them. However, if their location information is being coopted so thieves can rob their houses or their personal identities are stolen again and again, the calculus changes.
It is because of this the corporate mindset on security will need to change. For decades, the prevailing wisdom about cybersecurity has been that a perimeter “wall” should be built around the data and network to keep out intruders. This strategy of breach prevention has been the foundation of corporate data security for decades. However, as the current breach epidemic shows, this approach has not stopped today’s sophisticated cybercriminals.
There is much to be done by companies to restore customer trust in corporate data security. Here are four approaches that can help:
Out With the Old, In With the New: Today’s security strategies are dominated by a singular focus on breach prevention that includes firewalls, antivirus, content filtering, and threat detection. But, if history has taught us anything, it is that walls are eventually breached and made obsolete. Companies should assume that prevention and threat detection tools can only go so far, and should be used as part of a layered approach to security that can defend data once criminals get into the network. But at the end of the day, security needs to be around both the data with end-to-end encryption and the users through multi-factor authentication.
Protect Customer Data as if It Were Your Own: If companies want to earn and retain customer trust, they must view the protection of sensitive customer data not just as a compliance mandate, but as a responsibility essential to its success. Meeting the minimum legal requirements is no longer enough. If a breach hits, and a company has encrypted the financial data but not the 10 million records containing customer names, addresses and social security numbers, it has broken the bond of customer trust in its brand. Being a better steward of customer data is not just good PR, it makes good business sense, too.
Transparency Is the Road to Trust: Companies should put security front and center and tell customers about the security measures that have been put in place to protect their data. With the recent dust-up about surveillance, the largest online companies are now much more open about what they are doing to protect customer data. If a company is doing something better than the rest of the industry, then it will be seen as a trusted innovator.
Security Is a Two-Way Street: Just as customers are informed about what companies are doing to protect them, they should also be told what to do in order to protect themselves. If a customer experiences identity theft or a data breach while doing business with a company, that brand suffers. A better-educated consumer is a safer consumer of services.
The recent data breach dilemma proves that the traditional data security mindset does not work anymore. If companies don’t wake up to this new reality soon, the consumer revolt may finally come and it won’t be pretty.
Panjwani is president and CEO at SafeNet. You can follow him at @SafeNetCEO.