New report: Secure information can gird corporate reputation
Although it seems intuitive that a corporation’s reputation can be adversely impacted if it doesn’t secure confidential information about its customers, a new report provides some firm data. The Chief Marketing Officer (CMO) Council and the Business Performance Management (BPM) Forum have collaborated on a study that examines how incidences like the following from this year are eroding consumers’ trust in brands:
- Jan. 12: People’s Bank loses a computer tape containing names, addresses, Social Security numbers and checking account numbers of 90,000 customers.
- Feb. 9: Hackers expose and steal 200,000 debit card accounts from banks (including CitiBank, Bank of America and Wells Fargo) and credit unions.
- Mar. 23: A stolen laptop of a Fidelity Investments employee contains names, addresses, birth dates, Social Security numbers and other information of 196,000 Hewlett Packard, Compaq and DEC retirement account customers.
- June 1: An Ernst & Young employee’s laptop containing data of 243,000 Hotels.com customers is stolen in Texas.
“Secure the Trust of Your Brand™,” is the study that includes “insights from C-level executives and senior marketing decision makers and delivers the first 360-degree view of the impact of digital security and infrastructure integrity on corporate reputations,” according to a press release.
I’m particularly interested in the report because I’m moving forward on a plan to secure support within my company for the introduction of social media, including RSS feeds, instant messaging, blogging and wikis. I’m encouraged that our IT Department is planning to roll out, in Q1 2007, a new version of Microsoft’s SharePoint collaboration tool. Because we are a financial services company, data security is one of the key considerations for any application or process change. I need to be ready to address concerns that company management may surface.
The “Secure the Trust” report points out what companies can and should do to protect and enhance their brands in this digital world. The report includes data collected in the U.S. and Europe (U.K., France, Germany, Spain and Italy) via surveys conducted by Opinion Research Corporation from April 25 to May 7. More than 1,000 consumers were surveyed in the U.S. and 1,203 consumers were surveyed in Europe. The statistical confidence interval for the U.S. and the European results is plus or minus 3% at a 95% level of significance, according to the study authors.
Consumers expressed their level of concern regarding information security, their top security issues, and whether they personally have experience with security breaches. Key findings include :
- Security concerns among consumers are rising—particularly among those who have experienced breaches firsthand.
- Two-thirds (65 percent) of European and U.S. respondents, on average, have experienced computer security problems such as viruses and spyware.
- One in six respondents have had their personal information lost or compromised.
The survey respondents expressed the willingness to take action when they felt that their personal information might be in jeopardy:
- Forty percent of respondents have actually stopped a transaction online, on the phone or in a store due to a security concern.
- Over a third say they would strongly consider taking their business elsewhere if their personal information were compromised.
- One quarter of them would definitely take their business elsewhere if their personal information were compromised.
U.S. consumers are particularly worried about identity theft and fraud, which top all security concerns, even personal safety and terrorist attacks, according to the report authors. Concern about identity theft ranks significantly lower among Europeans.
For the most part, companies have yet to break through on using security as a competitive advantage in the marketplace: A minority of consumers—on average about a third—rate companies highly on how effectively they communicate regarding issues of security, the report states.
Few respondents could name a “most trusted” brand in terms of security, or for that matter a “least trusted” brand.
The report quotes a U.S. Federal Trade Commission statistic that about 10 million Americans each year become victims of ID theft, with the annual loss per victim at $5,885. Total loss from identity fraud per year rose from $53.2 billion in 2003 to $54.4 billion in 2005.
August 7th, 2006 at 12:54 pm
Its great to see this kind of work being done. Many companies are reluctant to take steps towards reducing reputational risk precisely because the risk cannot be easily quantified. This type of study is great ammunition for the CMO/lead communicator to use in seeking funding for a proactive approach to reputation management.
By the way, don’t forget that the Chief Information Security Officer (CISO) in large companies - especially financial institutions - is just as interested as internal communication is in mitigating this kind of risk. Cooperative, co-funded efforts between internal communications, marketing and information security can yield both effective budgets and programs that get results.
August 7th, 2006 at 1:57 pm
Were these guys trying to win a jargon contest?
Keeping someone from stealing a computer is “enhancing the brand”?
The best security screwup reputation story I know is at Canadian Imperial Bank of Commerce, which kept sending confidential records to a junk yard in, West Virgina, even after the junk yard owner complained.
Front page Globe and Mail stuff.
Read more at http://www.janaschilder.com and click on REPUTATION on the right column under news archivves. Here’s part of the story:
“Many CIBC branches throughout Canada have been faxing confidential customer information since July 2001 to Wade Peer, a junkyard operator in Ridgeley, West Virginia.
When Peer tried to bring this matter to CIBC’s attention, CIBC employees sloughed it off: “Not our problem,” and hung up the phone. Peer even contacted some of CIBC’s customers from the faxed information in an effort to get customers to deal directly with CIBC about the information leaks. All to no avail.”
BAK
August 8th, 2006 at 7:01 am
As news of this sort of negligent employee behavior (Brian’s “screwup stories”) becomes more common, having a security-infused corporate culture may indeed become a differentiator in the marketplace, especially for financial institutions. Keeping someone from stealing a computer as “enhancing the brand” may be overstating the case today. (I would see it as more “maintaining the brand”) However, the report does send the message that the average consumer is at least starting to realize that there are differences in service offerings based upon the quality of information security. And those differences can be exploited in the marketplace to make or break a brand.