Research conducted by Semafone among UK and US professionals working with card payments confirmed people are expecting that they will be the target of hackers attempting to steal data; 60 percent of US and 52 percent of UK respondents believe it is very likely.
An attack on sensitive customer information is certainly a case of ‘when, not if', and you would think the general industry anticipation of a security breach would have companies taking steps to ensure they are prepared. But it seems, in rather a strange contradiction, that only 51 percent of US respondents have a crisis communications plan in place in the event that they should fall victim to an attack. UK respondents appear slightly more prepared – 68 percent have a crisis plan drawn up – yet this still means nearly a third have no solid protocols to follow should they need to communicate with the public and stakeholders about a situation involving stolen information.
An oversight of this kind leaves businesses open to huge risk, not only in terms of substantial compensation pay-outs and fines, but also damage to company reputation, which can often be the most costly and sometimes irrecoverable. The Ponemon Institute's 2015 Cost of Data Breach Study concluded the average cost of a data breach to a company sits at US$ 3.79 million (£2.66 million), an increase of 23 percent over the last two years, much of which can be attributed to loss of business. For example, US retailer Target announced its data breach in late 2013 had cost the company US$ 290 million (£203 million), indicating how costs can spiral and just how damaging an attack on card information can be.
In the case of data breaches, failure to keep customers fully informed amid a crisis can adversely impact consumer confidence and result in many years (and a lot of money!) spent restoring a positive brand image. Understandably, customers may be hesitant to do businesses with a company that has experienced the theft of customer information. Winning back customer trust, and in extreme situations, building a completely new customer base from scratch, is an expensive exercise, and one people should be doing everything possible to avoid.
Ultimately, keeping a step ahead of the damage from a security breach means that companies need to not only communicate effectively with customers, but also implement the necessary security measures to begin with. In this day and age when more and more customer data is being collected, rather than trying to increasingly tighten security systems, the easiest solution is to not handle the information at all, but to entrust card data to payment specialists with the necessary security accreditations.
You only need to look as far as the daily news headlines to see the impact a data breach can have on the public perception of a brand. And in a world where businesses bank on their reputations to build customer loyalty, companies cannot afford to drop the ball when it comes to securing data.
Contributed by Tim Critchley, CEO, Semafone