How Contact Centers Can Help Restore Consumer Confidence After a Data Breach
By Tom Christenson, President of Contact Center Solutions, CGS
The average cost per record compromised in a data breach: $145.[1]
The cost of restoring a customer’s confidence in your company: priceless.
In the Internet Age, news travels fast—and bad news travels even faster. A 2011 study showed that people are almost twice as likely to share unhappy customer experiences with friends and family than happy ones.[2] As the 2014 large-scale data breach announcements (i.e.: eBay, up to 145 million records; J.P Morgan Chase, 76 million) close in on the stunning 2013 announcements (i.e.: Target, up to 110 million records; Facebook, 6 million; Adobe, 2.9 million, Schnuck's, 2.4 million), consumer tolerance for companies’ failure to protect information is declining. Snap poll results released by HyTrust in March 2014 indicate that 51 percent of those responding intend to take their business elsewhere, with 45.6 percent judging compromised companies as "criminally negligent."[3]
In order to restore data security after a breach, legislation and IT systems are becoming more regulated and more sophisticated. Forty-seven US states have enacted data breach notification legislation when personally identifiable information (PII) is compromised. And from an IT perspective, the incident response process covers the standard IT system components (hardware, software, data, networks) and encompasses five stages: detection, containment, analysis, recovery and restoration. Procedures are known and outcomes are predictable.
But who ensures that customer confidence and a company’s reputation is restored?
Companies can benefit from dealing with the data breaches of today much like after infamous consumer confidence-testing incidents of the past (i.e.: the Tylenol scare of the 80s and the Firestone tire recall of the 2000s) by immediately employing proven response techniques. Contact centers can play a significant role in the response process, both in satisfying legal requirements and in rebuilding customer confidence after an incident, including:
· Addressing the issue head-on
· Taking accountability
· Communicating mitigation plans to reduce/eliminate potential harm
· Following-up to re-establish trust
Contact centers are instrumental in deploying confidence-rebuilding measures after customer trust has been damaged due to data breach (as well as product recall for safety or performance issues). Reputation matters, especially in depersonalized, web-based purchasing transactions, and contact center staff become the familiar voice of the company—and the latter's partner in reestablishing trust.
Contact center staff must be prepared to field a range of customer questions after a data breach, including:
- Has the issue been resolved?
- Is it safe to shop here again?
- What is the likelihood of my exposure?
- To whom should I report suspicious activity possibly related to the breach?
- Will new credentials be distributed (i.e.: account numbers or credit cards)?
- What is the company doing to prevent this in the future?
CGS’s contact centers are fortunate in that our customers have not been impacted by data breaches of their own. Though, we have helped our own customers through warranty claims issues and product recall issues -- for example, we’ve helped major electronics customers through the exploding lithium battery crises, and we’ve helped a major consumer products company through an electronic circuit board fire crisis. With years of experience in incident response, we approach an issue in three stages, including:
- Immediately increasing staff, anticipating call volumes
- Working with the customer to set a plan for problem containment
- Training agents to engage with customers as Brand Ambassadors with empathy, helping the customer through the crisis while reinforcing that the client is going above and beyond to provide security to the customer
Leveraging contact centers as part of a company's overall incident response and damage control strategy can help mitigate the loss of customer loyalty following a breach that can seriously damage the bottom line. And ensuring that a contact center partner is fully PCI compliant, with sufficient experience and security measures employed, is critical to preventing a breach from occurring in the first place.
According to the director of security response from Symantec, a worldwide leader in IT system protection, “While it’s not difficult to quantify the impact of data breaches, the damage to a company’s reputation and the loss of consumer trust can be much harder to recover.”
As a case in point, Target's profit dropped by almost 50 percent in the fourth fiscal quarter of 2013.[4] More effective customer communication could have started the trust-healing process.[5] That customer confidence is priceless.
[1]Ponemon Institute (May 2014). 20141 Cost of Data Breach Study: Global Analysis. Retrieved from www.ibm.com/services/costofbreach
[2]Diane Berenbaum. Research Proves Bad Customer News Travels Fast. Retrieved from http://www.communicoltd.com/pages/1018_research_proves_bad_customer_news_travels_fast_turn_madvocates_into_fans.cfm
[3]HyTrust (1 October 2014). Consumers Increasingly Hold Companies Responsible for Loss of Confidential Information, HyTrust Poll Shows. Retrieved from http://www.hytrust.com/company/news/press-releases/consumers-increasingly-hold-companies-responsible-loss-confidential-info
[4]Alexis Petru (8 July 2014). Can Companies Restore Consumer Confidence After a Data Breach? Retrieved from http://www.triplepundit.com/2014/07/can-companies-restore-consumer-confidence-data-breach/
[5]Arthur Wing Kosner (12 December 2013). Target's Biggest PR Mistake with Credit Card Security Breach. Forbes. Retrieved from http://www.forbes.com/sites/anthonykosner/2013/12/20/targets-biggest-pr-mistake-with-credit-card-security-breach/