A survey of 1,000 UK consumers commissioned by FireEye, a leader in stopping today’s advanced cyber attacks, has revealed that last year’s high-profile data breaches have dented long term consumer trust in major brands.
Findings highlighted rising public concerns over a perceived lack of board-level concern for data privacy, with almost three quarters (72%) of consumers stating that they were likely to stop purchasing from a company if a data breach was found to be linked to the boardroom failing to prioritise cyber security. A data breach linked to a lack of board-level attention was deemed less acceptable than if a data breach had occurred as a result of human error – with only 38% of consumers stating that they would be likely to stop purchasing if this was the reason.
29% of consumers said that data breaches had diminished their loyalty as current or potential customers of affected brands, and 38% said that they felt more negatively about companies that suffer data breaches, indicating that consumers are still largely viewing the organisations breached as the parties at fault, rather than victims of cyber crime. In addition to this, over a quarter of consumers (27%) indicated that persistent data breaches have negatively affected their perception of organisations that they buy from in general, indicating that persistent reports of data breaches is not just harming the reputation of affected organisations, but having a wider impact on consumer trust.
The findings also reveal the potential long-term financial impact of data breaches on major brands, with 52% of consumers warning they would take legal action against companies if a data breach resulted in their personal details being stolen or used for criminal purposes. 62% of consumers also reported that they will now share fewer personal details with companies, which could hit the revenues of organisations – from social media platforms to search engines – that rely on collecting detailed consumer data for advertisers.
Richard Turner, President EMEA at FireEye said: “Cyber-attacks and data breaches became almost a daily feature in the news last year, with many UK brands at the centre. This galvanised many company boards into action to limit the immediate financial fallout – by offering free upgrades or compensation to try and retain customers – but these new figures suggest the financial fallout from a data breach is often felt long after the initial attack.
“This survey shines a light on the ‘hidden cost’ of cyber attacks on businesses, with customers less likely to buy from companies with a poor reputation for security, and increasingly willing to take legal action against corporations if their data falls into the wrong hands.
“The findings from this survey show that people’s negative perceptions of brands can stick, long after the publicity has subsided, and that consumers affected by data breaches are increasingly pointing the finger at people at the top. There are some key lessons here for board executives who are beginning to recognise why they should take a more active role in cyber security. It’s also interesting to see in these findings that consumers are increasingly valuing attention to data security and making purchasing decisions with this in mind. While data security has too often in the past been viewed by companies as a cost, it’s now presenting an opportunity for them to attract a new and growing type of customer who wants assurance that their data is safe when dealing with companies.”
Key UK findings included the following:
- Almost half (43%) of consumers said that data security was an important or main consideration when buying products and services
- 62% of consumers will now give less personal information to organisations that supply them with goods and services as a result of the high-profile breaches reported
- Almost a third (30%) of consumers would consider paying more to a service provider that had better data security
- 52% of consumers said that they would take legal action against their product or service provider if their personal details were stolen and used for criminal purposes in the event of a data breach
- 1 out of 10 respondents said that the security of their data was now the main consideration when purchasing goods and services
- 38% of respondents said that they now have a negative perception of companies that have suffered data breaches last year, while 27% said that the breaches made them view all organisations that they buy from more negatively
- Findings also revealed that 92% of respondents would expect to be informed within 24 hours if their service provider had suffered a data breach which could have compromised their data. With the EU General Data Protection Regulation (GDPR) set to require that authorities are informed of a data breach within 72 hours, consumers appear to want even more stringent reporting requirements, with 68% expecting to be informed immediately