Data security is a hot topic these days. From the Snowden revelations to the seemingly endless list of data breaches at big-name retailers (Target, Michael’s, Neiman Marcus), there’s no shortage of fuel to keep the discussion going. As the discussion continues and retailers struggle to keep up with the moving target of data security, two broader questions have emerged:
- What effect do data breaches have on consumer confidence and shopping habits?
- What can retailers do to build this confidence, or rebuild it when it’s lost?
We conducted two surveys to shed light on these questions, and made an interesting discovery in the process. It turns out that the strategy we thought would be most effective actually isn’t very effective at all—and the most effective strategy is something else entirely. In this article, we describe the results of these two surveys and discuss the real challenge facing retailers as they try to build consumer confidence in their data security measures.
Confidence in Data Security Does Affect Spending
Nearly One-Third of Consumers Increasingly Concerned About Data Loss
In light of all the data breaches in the news, how confident are consumers that their personal information won’t be leaked when they use their credit and debit cards? Last month we conducted a survey asking just that. Though 44 percent of consumers “feel pretty safe overall,” 30 percent are “increasingly concerned.”
How confident are you that your personal information will not be stolen when using your credit/debit card?
Consumers Avoid Companies That Fail to Protect Their Data
In the same survey, we also asked about the consequences of a hypothetical data breach. Are spending habits affected after a consumer’s data is stolen? They are, and strongly: 35 percent of respondents said they’d stop shopping at a store from which their personal data was stolen.
If hackers stole your personal data from a company you shop with, how would that impact your willingness to continue buying from them?
Consumers Seek Companies They Feel Will Protect Their Data
We then took a look at the other side of the coin. If retailers can make consumers feel confident that their data will be safeguarded, will they be more likely to shop there? The short answer is yes: 53 percent said they would be “somewhat more” or “much more likely.”
Would you be more likely to shop at a store if you felt confident it would keep your personal data secure?
Recent history has proven that the threat of data breaches is very real. Consumers are concerned about data security and the numbers show that a store’s data security policy can make or break their decision to spend money there. This brings us to our second question: what can businesses do to gain consumer trust that their day-to-day data security policies are up to par?
The Challenges of Building Confidence in Data Security
We began this investigation with the understanding that data security is an arcane topic. Mention Transport Layer Security (TLS) or the Payment Card Industry Data Security Standard (PCI-DSS), for example, to someone standing in a checkout line and you’ll get you some confused looks. Start explaining these terms and those looks will quickly glaze over. Data security is highly technical and, to the vast majority of consumers, equally boring.
The conundrum is that consumers aren’t likely to fully trust something they don’t understand. The challenge, therefore, is how to convince consumers their data is safe when the measures used to ensure its safety are poorly understood, difficult to explain and of little interest to those they affect most.
The hypothesis we set out to test with our second survey was: if retailers could communicate their data security measures to consumers to show that their data is safe, would this build confidence?
Retailers Shouldn’t Assume Better Communication is the Answer
We compiled a list of four general communication strategies retailers might employ to inform and reassure customers their personal electronic data is safe, and asked 2,300 members of the public about the effect it would have. The results were underwhelming.
What effect would these communication methods have on your confidence that the retailer would keep your data safe?
In all four scenarios, those saying the effort would increase their confidence hovered just above 20 percent. Such a low percentage provides little incentive for retailers to increase their communication efforts as a way to increase consumer confidence in their data security measures. Our hypothesis, it seems, was disproved.
There is, however, an important distinction to be made between communicating the policies in place to prevent breaches and the type of communications needed following an actual breach.
“When a data breach occurs, transparency and open communications are the most important things businesses can do,” explains Katherine Hutt, director of communications for the Council of Better Business Bureaus. “[Customers] want to hear from the business first how they are handling the situation, what customers need to do, how long it’s going to take to fix, etc. Get the information out there fast and first; that’s the way to rebuild customers’ trust.”
The Bottom Line (and Real Challenge): Stop the Breaches
Based on our data, it seems that communication does precious little to improve confidence. Even telling consumers that the latest and greatest data protection measures are in place isn’t likely to help. Given that data security measures are so poorly understood, in hindsight it’s not too surprising that publicizing them doesn’t inspire confidence.
Since data protection measures are hard to understand, is it possible that more effort needs to be spent on educating customers about how data security works? This too, is unlikely to build confidence—at least in the near term. Data security measures are extremely complex and involve concepts that are difficult to convey, and even retailers themselves often fail to understand them.
This brings us to the difficult realization that there probably is no quick fix to the problem of building consumer confidence in the face of numerous retail data breaches. Confidence must be earned, and the only way to really do this is by decreasing the number and severity of data breaches.
Help on the Horizon: Retailers Join Forces to Share Threat Information
In May 2014, a group of the nation’s largest retailers, including Lowe’s, Nike, Safeway, Target and Walgreens, joined with the Retail Industry Leaders Association (RILA) and formed the Retail Cyber Intelligence Sharing Center (R-CISC). RILA president Sandy Kennedy described the center as providing “a comprehensive resource for retailers to receive and share threat information, advance leading practices and develop research relevant to fighting cyber crimes.”
Most significant to consumers isn’t the center’s mission statement, but rather the composition of its membership: it’s rare to see so many big names coming together. While it’s too early to point to measurable results from the R-CISC, its formation shows a willingness to explore new ways to prevent future data breaches—a mindset likely to have a trickle-down effect on the industry as a whole.
“This focus on data security is not a new space for retailers, but I think the formal way in which they’re all coming together is different,” says Allie Brandenburger, RILA’s director of communications. “Consumer confidence is a big thing and so is trust. Maintaining them is crucial. Through the brands and the retailers coming together to talk about these issues, they’re showing the consumers this is something they’re taking very seriously.”
Taking data security seriously is a step in the right direction, but it’s only one step on what appears to be a fairly long road ahead.