One Data Breach Could Be 'Game Over' for Your Brand, Study Finds

If your company is not already stepping up its security, now might be a good time to start because four out of every five (81%) of consumers say they would stop engaging with a brand online following a data breach.

This was a key finding from security company Ping Identity’s (NYSE: PING) 2019 Consumer Survey: Trust and Accountability in the Era of Breaches and Data Misuse report published this month.

Fifth Quadrant attended the launch event for the report, to hear more about the results and insights from Ping Identity's Chief Customer Information Officer Richard Bird, Chief Technology Officer Bernard Harguindeguy and ANZ Country Manager Ashley Diffey.

Also in attendance was Vincent ten Krooden, Head of Technology, Mortgage Choice, who discussed how Ping Identity helps his organisation provide franchisees and customers with a secure customer experience (CX) within the trillion dollar mortgage industry.

Ping surveyed over 4,000 regular users of online sites or services in the US, UK, Australia and Europe, revealing how today’s environment – with its many high-profile breaches and increasing cybersecurity threats – is impacting customer behaviour.

Customers want frictionless logins and more protection, distrust social media

The report found that data security is a legitimate concern for consumers worldwide. Around half of respondents (49%) said that they are more concerned with protecting their personal information than they were a year ago.

Other key findings included:

  • Around two thirds of consumers (63%) expect that a company is always responsible for protecting their data.
  • Just over a quarter of respondents (28%) feel confident that social media companies are able to protect their data, making social media the least trusted sector
  • One third (33%) of consumers have stopped using a device app or service or left a bad review following an inconvenient login experience

Bird, who spend over 20 years in the corporate sector as a buyer of technology solutions, says that he now travels the world visiting countries that are undergoing massive changes with regards to customer data rights (CDR), privacy and security.

“Here in Australia there are some interesting correlations with regards to government activity relative to CDR but there are certain disconnects that are consistent throughout the world,” he says.

Bird says that the main consistency is that data privacy initiatives have been heavily focused on the ability for the consumer to dictate what their data can be used for, with security being secondary or tertiary to the overall regulation.

“The problem is, if you don’t protect the consumer’s identity but then couple that identity with the protected data, all I have to do is ‘be you’ to get your stuff,” he says. “And 81% of breaches have been executed through usurped credentials.”

Bird says that very few governments are addressing the reality that consumers want to be protected as they have an expectation that security is the individuals’ responsibility.

“The challenge they face is that many people feel helpless or hopeless at being able to manager their own security because it’s too complicated,” he says.

APIs a key weakness

Harguindeguy notes that with all the digital transformations taking place worldwide, companies are putting APIs in front of the most valuable applications, which makes them easier to access and use but also creates a new attack surface for bad actors.

“If you look at the most publicised data breaches in the last few years, they all involve APIs so we have invested in a lot of initiatives that lead to better API infrastructure protection,” he says.

Harguindeguy says that two of the biggest problems are that companies are unsure about all the APIs they have and the kind of traffic that is on their network.

“Cambridge Analytica had the right to use the Facebook API but they didn’t have the right to use it the way they did,” he says. “Facebook had no visibility [of the issue]. Visibility and sorting out that traffic is something that we do quite well.”

Ping Identity also uses artificial intelligence (AI) to monitor the behaviour of users once they have been authenticated and have access to a system.

If the AI believes the user behaviour is very different in terms of factors such as the time of day, location, time spent doing an activity and so on, it may take away a user’s access, Harguindeguy says.

Mortgage Choice reaps benefits of enterprise-grade security

One Australian company that is benefiting from Ping Identity's products is financial services provider Mortgage Choice (ASX:MOC).

Ping Identity enables Mortgage Choice’s more than 400 franchisees with cloud single sign-on (SSO) capabilities, centralised access management and security, and modern directory services.

Ten Krooden says that over the last five years Mortgage Choice has undergone a core platform transformation and looked to adopt the latest technologies in terms of microservices and API frameworks.

“As the digital world moves forward people want to do more online so we have a strategy of moving our focus to an online mortgage journey...and Ping and the products we have in place, really enable that journey.”

By implementing Ping Identity's enterprise-grade security platform, Mortgage Choice has reduced risk and achieved a 65% cost reduction.

Challenge brings opportunity

Consumer expectations have never been higher when it comes to data-driven personalised CX but at the same time, scandals such as Cambridge Analytica and high-profile data breaches have lowered consumers’ confidence in the ability of companies to protect their data.

Companies that do step up and meet the challenges of providing seamless CX while also protecting consumer data have the opportunity to earn the trust of their customers and win big in the age of digital transformation.

Fifth Quadrant is Australia's leading CX research, design and consulting company. We help businesses across industries improve their CX with an end-to-end approach. To learn more about how we can help you, contact us today.


Ready to talk CX?

Stefan Kostarelis

Written by Stefan Kostarelis

Stefan is the Content Manager at a Sydney-based investor relations firm, and a freelance writer whose work has appeared in Techly, Paste Magazine, Lost at E Minor and Tech Invest.

Topics: Customer experience Artificial Intelligence CX Articles & Insights security Ping Identity

You might also enjoy reading...