Customer data loss still a bane for UK businesses

"Trust is a key differentiator for businesses when it comes to acquiring and retaining customers."
5 October 2022

An Apple Store employee speaks with a customer at Covent Garden in London. (Photo by Jack Taylor / Jack Taylor / AFP)

  • As Cybersecurity Awareness Month gets underway, UK consumers are skeptical about businesses protecting customer data
  • Nearly half of consumers said they have stopped doing business with a company known to have experienced a breach
  • Almost 62% of consumers would be more confident doing business with companies that hired certified cybersecurity professionals 

Recent high-profile data breaches have left UK consumers reeling, with many now skeptical about businesses protecting customer data.

New research from ISACA found that less than one out of four (23%) UK consumers are confident that businesses can safely secure their personally identifiable information. Nearly half (48%) of consumers said they have stopped doing business with a company known to have experienced a breach.  

The ISACA report indicates that although the UK is an informed leader in cybersecurity, businesses are still not doing enough to protect themselves — or their customer base. In recognition of Cybersecurity Awareness Month, ISACA is calling on businesses of all sizes to take greater responsibility for securing customer data and building better digital trust. 

Customer data vulnerability in the UK

Britons have recently become increasingly worried about the privacy of their information, following high-profile incidents such as the infamous Cambridge Analytica scandal, and data breaches like those impacting Virgin Media and Mumsnet making headlines. With businesses increasingly collecting and storing large amounts of data on their customers, there are concerns that this data may not be adequately shielded.

This lack of confidence translates into a loss of business for companies, as customers are increasingly reluctant to engage with businesses they don’t trust. This is a worrying trend, as businesses must do more to show consumers that they take data protection seriously.

“Trust is a key differentiator for businesses when it comes to acquiring and retaining customers, and we need novel approaches that combine cybersecurity with the adjacent domains of audit, risk, privacy, and technology governance under a digital trust umbrella,” said Chris Dimitriadis, ISACA’s Global Chief Strategy Officer.

Calling for better customer data protection

As data breaches become more common, UK consumers are becoming increasingly concerned about the security of their data. The study found that nearly 62% of consumers would be more confident doing business with companies that hire certified cybersecurity professionals, and would like to see businesses independently graded on their data security practices

Furthermore, UK consumers are calling for these scores to be shared with the public. They believe this would help them make informed decisions about which businesses to trust with their data. 

“For many years, the industry has focused on risk identification, prevention, detection, and response. Because of this, many industry professionals never wanted to admit that we couldn’t achieve 100% protection and that recovery was inevitable,’ said Allen Downs, UKI Security and Resiliency Practice Leader at Kyndryl, for Cybersecurity Awareness Month. “The evolution to resilience creates a risk pragmatism that is long overdue.

“We can’t protect everything – and we should not want to. We should make 2022 the year that the business community and policymakers collectively embrace cyber resilience principles and prepare our economy and democratic institutions to survive and thrive despite the threats that await us,” he added.

Rising cybercrime in the UK

Many businesses are investing in data protection measures to prevent attacks as they continue to be targeted by cybercriminalsAnd yet the ISACA insights revealed that a majority (71%) of UK consumers believe there has been a significant increase in cybercrime over the past year. Therefore, consumer confidence in business data protection is low – nearly half (43%) of UK consumers think they could be the victim of cybercrime.

“Amid the chaos of the last few years, many cybercriminals have shifted their focus to identity theft. In fact, between 2019 and 2021, it was reported that true identity theft increased 81.8% across industries, said Brett Beranek, Vice-President & General Manager, Security & Biometrics at Nuance.

“When it comes to cybercrime, prevention is always better than a cure. Today’s consumers know this and will hold accountable the organizations that don’t do enough to protect their personal information. Businesses need to be one step ahead, and education around the most effective security solutions — like biometrics — is key,” added Berenek.

Cybercrime is a global problem, and it is clear that businesses need to do more to reassure consumers that their data is safe. In the UK, that means investing in data protection measures and communicating effectively with customers about these measures.

There are several steps businesses can take to improve their data protection and regain consumer confidence. These include investing in security technologies, increasing employee data security awareness, and implementing industry-leading best practices.