Protecting trusted data: 5 questions for consumer products companies
Data security considerations and managing risk
INSIGHT ARTICLE |
Trust is a powerful concept in the world of consumer products. When a consumer trusts a retail brand or demonstrates commitment and preference in a restaurant choice, for instance, that trust grows, loyalty expands and repeat business follows. In today’s marketplace, customers love the brands that honor and love them back. But trust is not enough in today’s volatile business environment. Companies must also protect that trust, especially when it comes to private consumer data.
Brand trust is essential to buying
A recent study, conducted by the global communications firm Edelman, found that the majority of consumers said that brand trust is essential to buying. According to the report, 81% of those surveyed said a major consideration for brand purchase was, “I must be able to trust the brand to do what is right.” In addition, more than 70% of the consumers surveyed said they make purchase decisions based on whether companies demonstrated trustworthiness in areas such as supply chain, values and environmental impact, to name a few.
To lose that trust, however, can be devastating for a company, especially if that trust is based on protecting consumers’ personal data. In this competitive business environment, it’s vital for companies to maintain large reserves of private data on their customers, from name and date of birth to financial and credit information. This valuable information allows consumer products companies to personalize shopping experiences, offer timely rewards and create efficiencies for the customer. In fact, data sharing is especially important to the next big generation of consumers, Generation Z, the cohort born after 1996. According to a study by WP Engine, a WordPress platform host, 44% of Gen Z consumers will provide their personal data to enable a more personalized experience over an anonymous one. Additionally, nearly half said they would stop visiting a website if it did not anticipate what they needed, liked or wanted.
Likewise, this collected data helps consumer products businesses make smarter business decisions with regard to inventory management, omnichannel strategies, and beyond. But, if this valuable data is breached, trust falters. As American business magnate Warren Buffet once said, “It takes 20 years to build reputation and five minutes to ruin it.” In an instant, with a security breach and stolen data, consumer confidence is gone and the company’s reputation is immediately affected. It can take years to recover trustworthy status and profitability. This is especially true for middle market businesses with less brand capital compared to larger companies; larger companies generally have more pervasive brand recognition and may be able to withstand the hit to their reputation after a breach.
And, equally as important as protecting consumer information is being transparent with customers as to how their data is being used. It’s not just about security and warding off threats; it’s also about providing consumers the knowledge and control of their data. Businesses must have practices in place to address this consumer need and associated privacy requirements.
Unfortunately, the threat continues to rise. Cyberthreats remain an ever-present reality for companies, including consumer products businesses. According to the RSM US Middle Market Business Index (MMBI) Cybersecurity Special Report, 15% of middle market executives indicated that their companies experienced a data breach in the last year, up from 13% in 2018 and a significant jump from 5% just four years ago. Additionally, more than half of respondents believe that an attempt to illegally access their company’s data or systems is likely this year.
Adding further concern, businesses, including consumer products companies, are also challenged with addressing a surge of regulatory compliance as a growing number of countries and states are beginning to enact privacy and security legislation to improve data protection. For instance, many have been required to comply with the European Union’s General Data Protection Regulation (GDPR) as well as U.S. legislation like the California Consumer Protection Act (CCPA), slated to take effect in 2020. However, when it comes to the CCPA and future requirements, companies have been slow to develop compliance processes. According to the RSM cybersecurity report, only 40% of respondents were familiar with the requirements of GDPR or other privacy regulations.
Questions to consider
So what must consumer products companies, especially those middle market businesses with tight margins and resources, do to address cybersecurity issues, particularly those related to valuable customer data collection and management? Consider the following questions to jumpstart your cybersecurity planning efforts.
- What type of data is your business collecting? Are you collecting names, personal data, financial information, and more importantly, do you need and are you using all that information? Sometimes companies think they need to cast a wide net in data collection only to find they might not need it all. Excessive, unused data can create exposures for companies. Be strategic about what’s collected and use the information for better engagement with consumers and smarter business intelligence.
- Who has access to the data? Limiting access to secured data is a key way to lock down information in an organization, whether through network design or access control solutions. In addition, be mindful of third-party providers that work with your consumer products business. Does that delivery service have access to your restaurant customer data? Does that warehouse third party have access to your retail customers? Having a rigorous policy in place regarding access which includes your third parties is key. In addition, be sure to have ongoing monitoring measures in place and adjust accordingly as business needs change.
- Are you addressing cyber regulations? GDPR raised the bar for protecting consumer information and requires speciﬁc tracking from collection to disposal. And as mentioned earlier, U.S. states are following suit related to data protection with their own regulations. To address these and other data security concerns, consumer products companies should periodically assess current security and privacy strategies related to the company as well as contracted third parties, amend controls and planning as needed, align governance appropriately, and have an incident response plan in place.
- Have you assessed your risk management strategy? With cyberthreats posing a heightened risk for consumer products businesses, it’s essential to have a risk strategy that addresses vulnerabilities. This is not a time for your risk management plan to be collecting dust. To make the strategy work for you, consider testing and assessments that evaluate physical, cyber and personnel vulnerabilities in various attack vectors (i.e., internet access, social engineering, etc.). Revisit your governance structure across all facets of security and make sure it aligns with your business strategy. And finally, build a culture and awareness within your consumer products organization around key cybersecurity considerations through testing, training, information and more.
- Have you considered cyber insurance? To transfer the risk of cybercrime repercussions, cyber insurance has become an effective solution. According to RSM’s cybersecurity report, more than half of middle market executives surveyed carry cyber insurance to mitigate risk. However, while the usage of cyber insurance is gaining momentum, many executives do not have a full understanding of their coverage. In fact, the survey reveals that 41% of the companies that carry policies are somewhat familiar or not at all familiar with their coverage levels. Companies must understand their policies to ensure exposures are addressed. Periodic evaluation of the insurance policy is also needed to account for evolving risks.
Gift card theft is on the rise. Learn three key steps retailers can take to help protect their organization from attacks.
Learn how retailers can securely increase relationships with customers via omnichannel while also addressing growing cyber risks.