By Nathan Vega, Vice President, Product Marketing & Strategy, Protegrity
Companies are increasingly relying on data to drive business growth and support consumer appeal because we’re in an era where data is the most valuable asset a company can have. However, this data originates from a demographic not well-versed in data security nuances, trusting companies: the consumers. There is a built-in social contract between companies and their consumers that their data will be secured and protected after a mutually beneficial transaction. However, this isn’t what’s happening.
Establishing a solid foundation of trust with your consumers is a key part of leveraging data for business growth, but increasing concerns over data privacy and data breaches are highlighting the darker corners of this relationship. Data’s value is only enhanced by a strong social contract that prioritizes data security, thus increasing consumer trust in providing organizations with their data.
A Confidence Crisis: Consumer Trust
Consumers are paying more attention than some organizations may believe. Each time a widespread data breach occurs, or they receive instructions on credit monitoring after a threat actor exfiltrated their data by a threat actor, trust erodes. This is evident in a Cisco survey, where 76% of consumers indicated they would not buy from an organization they did not trust with their data. In this same survey, 81% agreed that how a company treats its data represents its respect toward consumers.
In a modern world of futuristic attack vectors fully accessible by cybercriminals, the social contract between organizations and their consumers must be robust and dedicated to the safeguarding of their most valuable data. Beyond simple trust, data privacy regulations globally target organizations with lackluster data security practices by exacting large monetary fines and thorough investigations – and for good reason.
The best path forward for consumers and companies alike is to forge transparent lines of communication with consumers, thus starting a new initiative in a robust social contract. This may look like providing clear and detailed information regarding privacy policies, creating dedicated platforms and landing pages where these policies are easily accessible, and offering easily understood answers when questions arise. This commitment to data responsibility can emphasize a new page in the relationship between companies and their consumers, thus rebuilding the trust that has become a key component in consumer loyalty.
Data Breaches and Their Impact
Organizations build systems around collecting, storing, and analyzing provided customer data such as emails, addresses and Social Security numbers. This high-value data, or personal identifiable information (PII), is the currency companies use to ensure quality service is provided to consumers and must be protected.
One example of how devastating the impacts of a data breach can be on consumers is the recent Change Healthcare data breach. Globally, 129 million people and 67,000 pharmacies, including military hospitals worldwide, were impacted.
Like many recent security incidents, threat actors were allowed to infiltrate internal networks for over a week before enacting their data theft. These criminals gained access through compromised employee credentials that provided access to sensitive PII in the clear, and it’s often the same story in many recent breaches. More commonly, cybercriminals now prefer to infiltrate, observe, and move laterally within internal systems to find data left in the clear within disconnected security systems. And it’s working.
The 2023 security industry spent 185 billion dollars just to layer security protocols on top of one another, hoping each layer will be the deterrent that prevents data exfiltration. This emphasis on data protection and detection is one of the most common pitfalls security teams encounter.
Cybercriminals are getting better at stealing data, but we can also get better at securing it.
Rather than leaving our most sensitive data in the clear, we should focus on data security strategies that render data useless to threat actors. In other words, invert current models. If most of the organization, your partners, and third parties don’t need it, the data should never be left clear.
Ransom value becomes null, exfiltrated data is worthless, and improves security posture.
Data Responsibility: Data Security That Empowers Business Growth
Organizations that want to cultivate customer trust and reap the business rewards must carefully balance data utilization for business growth with ethical standards that enhance data security. They can do so by creating frameworks that facilitate data sharing while adhering to strict protection regulations. Data sharing unlocks growth opportunities externally, but traditional security tools no longer perform their job. To continue harnessing data’s powers, companies must switch to innovative solutions that meet industry standards for compliance and enhance data accessibility. For example, leveraging third-party vendors is essential for harnessing cloud-managed data warehouses, applications, and analytical tools to responsibly extract business value from data.
Organizations must also carefully choose solutions that comply with legal standards while safeguarding sensitive data, including Personal Identifiable Information (PII), Protected Health Information (PHI), Payment Card Industry (PCI), and Intellectual Property (IP).
The Zero Trust model, often used in other security philosophies but rarely implemented for data, is crucial for maintaining robust data security. It emphasizes verification over assumptions, regardless of where the data is stored – on-premises, cloud, or SaaS platforms. By implementing effective security measures like these, organizations can minimize risk throughout the data’s lifecycle, from collection to application.
While the value of data to businesses is undeniable, its true worth hinges on the trust consumers place in companies to handle their information ethically and securely. Data breaches like the Change Healthcare breach and many others have increased by 78 percent, eroding consumer confidence, emphasizing the need for a robust social contract prioritizing data security. Moving forward, organizations must create a balance between leveraging data for growth and following ethical standards that support this social contract and promote consumer trust. Investing in data security, adopting transparent data privacy practices, and implementing Zero Trust strategies can help organizations achieve this balance.
Looking to the future, companies hold a critical responsibility to focus their data management practices on safeguarding the privacy and integrity of consumer data in our evolving digital world.