Last updated: 16 May 2016
It’s becoming more obvious that companies are losing the battle to protect their customers’ data from theft. In fact, this year data breaches got much more personal than previous years with more than 53% of data breaches being the theft of personal identities and information.
With ever increasing reports of data and identity theft, consumers are getting increasingly skeptical of the ability of corporations to protect their information. According to a recent global study by Gemalto, 75% of consumers believe that companies do not take the protection and security of customer data very seriously. That’s up from 50% last year. The study also found that 64% of consumers said they were unlikely to do business with a company where their financial or sensitive data was stolen. Half said they would not do business again with a company were non-sensitive information was stolen. These are figures that companies need to take notice of.
So, what is at stake here? Trust. It is one of the fundamental bonds between customers and the brands they do business with. Trust takes on many forms in the buyer-seller relationship. Trust can mean the customer believes in the ability of a company to deliver a high quality and reliable product, all the time. It also can also mean the product does what it was marketed to do and meets the consumer’s needs very well, all the time. First and foremost, trust is built over time by consistently meeting customer expectations. The advantage for brands that can deliver on trust means customers keep coming back despite the emergence of other choices.
As our world becomes more digital, brand loyalty will also come to mean trust in the security of customers’ digital data. In fact, over time it may come to be the number one thing consumers value most in choosing who they do business with. However, there are several challenges business will face that will only exacerbate the data security and trust problem if certain changes do not take place.
First, as consumers, we are all sharing more and more of our information about ourselves in order to take advantage of more and more digital services, from online banking and social media to the cloud-based services where we store and share our documents and photos. Consider this number. Some studies suggest that for 24-34-years olds, there are 40 online accounts per person on average.
Second, we are exposing ourselves to more points of attack by cyber criminals because we are accessing digital services from our phones, televisions, watches, cars and the other connected devices in our homes. One study found that the average British household has 7.4 Internet connected devices. This is only the beginning as we are on the verge of an explosion of consumer IoT devices. According to Gartner, consumers will account for the greatest number of connected things and projects that by 2020 that there will be 13.5 billion Internet of Things devices in use by consumers.
The implication of all of this is that in order to be digital citizens, we have to surrender our identities and information in order to enjoy the full benefits of digital services that allow us to be connected and have ubiquitous access to information anytime, anywhere. As a result, the cloud connected and mobile nature of our digital lives means the security of our information is dependent on the security (or lack thereof) of these devices, services and the companies that offer them.
The digital world has deconstructed traditional notions of data security. For the past two decades, companies have protected data by securing it in only one place – in the data center behind a firewall with some intrusion detection, AV and SIEM technology. Basically, security has amounted to building a perimeter around the data and maintaining some watchful guards to see who is trying to compromise the perimeter. This mindset no longer works in a world where the cloud and mobility have totally destroyed traditional notions of data residency and accessibility. Data is now fluid, living everywhere and accessed from anywhere.
The cloud, mobility and the Internet of Things have serious implications for the security of information. However, companies, governments and other organizations continue to fight cyber criminals and attempt to secure the digital world with defensive strategies that have proven to be ineffective. The simple truth is that breach prevention is dead.
There is nothing wrong with perimeter security. In fact, it is still important, but it can no longer be counted on as the only means of defense. Companies should assume they and the products they make will be breached. In a world where the defensive front line has moved from the corporate network and data center to the users and devices who access the information and the data itself, security must now move to these battle fronts as well. This adds more complexity because it means there are more end points and data environments to defend. To adapt to this new reality, it requires an entirely new data security mindset. Companies need to accept that data breaches are inevitable and develop strategies to Secure the Breach when perimeter defenses fail.
So, why is this relationship between trust and data security so important? As brands increasingly become digital brands, the relationship between trust and strong data security will increasingly become more important to the C-Suite and boards of directors of companies. This year we saw two senior leaders leave their organizations as a result of data breaches. The first was the Director of U.S. Office of Personnel Management and the second was the CEO of Avid Life Media, the parent company of Ashley Madison. In fact, Forrester is predicting that two to three CEOs will be forced out of their positions as a result of data breaches in 2016. We are also now seeing for the first time companies taking serious financial hits from data breaches.
As companies and devices collect ever-increasing amounts customer information and as consumers’ online digital activities become more diverse and prolific, more data about what they do, who they are and what they like is at risk to be stolen from the companies that store their data. Until now, consumers may not have been concerned about having their credit card numbers stolen, because there are built-in protections for them. However, if their entire personal data is being coopted so thieves can rob their houses, compromise their cars, or steal their identities again and again, the calculus will change. In the very near future, trust in digital security will matter most. That is because in this digital world it can be lost so quickly.
To learn how Gemalto can help you secure your customer’s data. View Secure the Breach: Protect Your Data, Not the Perimeter