Delivering “information security” becomes new imperative in reputational risk management

Two recent high-profile information security breaches — Sony and U.S. marketing firm Epsilon — have once again highlighted the critical importance of information security. Each of these incidents were called “perhaps the largest and/or worst information leaks in history” and affected millions of people, if not 100s of millions.

Experts say that security breaches are escalating, and that the challenges for companies in terms of ensuring customer data safety will only increase, driven by the decreasing level of computer skills required to “hack,” as well as the increasing popularity of cloud computing, social media and mobile computing, and the increased connectedness of these devices.

Soon, there will be over 2 billion people connected to the Internet, while at the same time, in addition to the ever-expanding variety of digital devices, we are beginning to see the networked interconnection of everyday objects — often referred to as the “Internet of Things” — with about 35 billion devices (including medical gadgets such as pacemakers, as well as vehicles, furniture and even clothes) connected today and a forecast for that number to grow to trillions in the near future.

One can only hope that all companies (both large and small) are re-examining the systems they have in place for ensuring their customers’ privacy and information security. The risks of not doing so are huge.

From a financial viewpoint, one study by the Ponemon Institute (a privacy and information management research firm) estimated that the average total per-incident cost for an incident in 2009 was $6.75 million, considering a wide range of cost factors (i.e. detection, notification and response as well as legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and customer support costs such as information hotlines and credit monitoring subscriptions). The most expensive data breach event reported cost a company nearly $31 million to resolve, while the least expensive total cost of data breach for a company was $750,000.

From a reputational viewpoint, studies show that 20% or more of those customers who receive notifications about security breaches will terminate their relationship with that company, while another 40% would “think about” terminating their relationship. Over half of these surveyed claimed the breach had decreased their sense of trust and confidence in the organization reporting the incident.

It would be difficult to say which is worse — the financial or reputational impact of a security breach. However, those companies that have had problems with information security issues — regardless of the reasons given for why it happened — have suffered greatly in terms of their credibility with customers, and indeed their entire stakeholder universes (i.e. potential customers and general public, suppliers, government, investors, etc.).

Certainly from a marketing perspective, because of the reputational risk “information security” should be an imperative for any company, brand product or service that happens to handle its customers’ personal information in any form. This is because information security is something that consumers have rightfully come to expect and demand considering today’s increasingly tech-dependent lifestyles.

Companies that place a high priority on carefully handling the valuable and sensitive data with which they have been entrusted (including proactively instituting “best practices and beyond,” conducting privacy audits and providing rigorous information and privacy and awareness training for all employees), will definitely have an edge in the long-term over those companies that place their priorities elsewhere.

Debbie Howard is Chairman of CarterJMRN and President Emeritus of the American Chamber of Commerce in Japan.

Originally Published in Nikkei Weekly, 15th August 2011

CarterJMRN is a strategic market research agency that has been helping clients with consumers and businesses in Japan and beyond since 1989.

We believe that, although the terrain you face in building a successful marketing strategy and activation path sometimes seems obscure, the path to success is knowable and that the consumer is the guide who will show you the way.

Find out more and get in touch on our site

Let's Talk