Breach me once, shame on you

Breach me once, shame on you – who do customers blame?

When it comes to breaches, the biggest loss is customer loyalty

Breach me once, shame on youAccording to the Breach Level Index as of today, almost 5 billion records have been lost since 2013. Given that the average cost of a lost record is $145, the impact is tremendous and only growing. Aside from the losses, it’s just no wonder many people and companies are feeling breach ambiguity. Not a day goes by when there doesn’t seem to be yet another breach reported, and at this point, people are realizing hackers are a persistent threat that all companies should be able to protect them against.

According to the new 2016 Verizon Data Breach Investigations report, legitimate user credentials are used in most of these data breaches, more than 60% of which involved weak, default or stolen passwords.

Yes, customers do need to be educated on safe password hygiene, but many organizations still  need to realize that a high percentage of customers will blame the company for the breach. The biggest impact typically isn’t in the immediate financial sense, although that can be significant. Instead, the 2016 Ponemon Cost of Data Breach Study estimates the average cost of a breach per company is $3.8 million.

Yes, customers do need to be educated on safe password hygiene, but many organizations still need to realize that a high percentage of customers will blame the company for the breach. The biggest impact typically isn’t in the immediate financial sense, although that can certainly be significant. Instead, the biggest impact is on customer loyalty.

A recent study, in fact, found that 85% of American consumers said that if significant personal consequences resulted from their information being compromised as part of a breach, they’d take their business elsewhere making it perfectly clear that customers do hold brands accountable for security, and failing in this area has economic consequences. Banks, in particular, need to take note that nearly 70% of consumers said they would cut ties with the victimized brand if money was actually removed from their checking accounts. Another 62% said they’d cut ties with their banks if their credit cards were charged for fraudulent purchases.

Yet merchants and banks to have to tread carefully because tightening up security can result in high rates of false positives where legitimate customers are declined due to security that is too strict. A Javelin report estimated in 2015 that 15% of all US cardholders experience at least 1 false positive in last year representing a loss of $118B annually, and a whopping 39% of these declined cardholders abandoned the merchant after being falsely declined.

What does this mean? Put simply –The true business differentiator in today’s economy is protecting the lifetime customers. These are the customers you spend the most to get, the people who support your business with frequent purchases from your e-commerce site, the longtime users of your bank or other financial institution – your biggest advocates or your biggest haters with the power to do the greatest good or the greatest damage to your online brand.

What does this mean? Put simply –The true business differentiator in today’s economy is protecting the lifetime customers. These are the customers you spend the most to get, the people who support your business with frequent purchases from your e-commerce site, and the long time users of your bank or other financial institution. In other words, your biggest advocates or your biggest haters with the power to do the greatest good or the greatest damage to your online brand.

To successfully avoid the fallout from breaches, organizations can take a risk-based approach by focusing on understanding who customers truly are as early as possible. We do this by analyzing their behavior. As in all good relationships, trust built up on both sides from the bricks and mortar of what we do. Not only must you know who your customer really is, but you also want them to understand that you know who they are and will reward their good behavior with premium experiences. To do so requires a new approach to authentication, one that focuses on protecting and rewarding these vital customers rather than just looking to weed out the bad ones.

Banks and e-commerce companies are beginning to use multi-faceted layered approaches that include behavioral biometrics, precisely because these solutions go beyond putting up walls. It’s not enough to just look at how a user or account is interacting with their website in one moment of time – it’s more important to know how that user has behaved in the past and how they behave elsewhere. Knowing the customer behind the device might sound impossible, but it can be done and it does pay off.

Consumers have a myriad of choices when it comes to where they spend and where they store  their hard-earned dollars. When they choose your organization, they place their trust in you to keep their personal information safe.

A breach breaks that trust. Customers will hold your brand accountable, and when you lose a customer from a breach, you aren’t just losing a transaction or two, you’re basically handing that customer over to a competitor.

To paraphrase the old adage, breach me once, shame on you.

Want to read more posts like this? See our full blog here.