There has been a lot of news in the past few years about increased cybersecurity regulations and the potential fines they could impose on companies. From the E.U.’s General Data Protection Act to the California Consumer Privacy Act, the thought of government fines have left many businesses worried. And while it’s certainly something to be concerned about, studies have shown that the biggest cost to organization’s follow a breach isn’t regulatory fines, but loss of customers.
In fact, according to this year’s Ponemon report, lost business has been the largest source of breach costs for four years running. The report shows that, above all other factors, customer loss accounts 36% of the total cost of a data breach — or an average of $1.42 million in lost business.
Placing more emphasis on customer retention both before and after a data breach will therefore greatly reduce the costs a breach could have on an organization. The Ponemon report shows that where businesses that were able to keep customer turnover below 1% experienced an average total breach cost of $2.8 million, organizations with customer turnover of 4% or more averaged a total cost of $5.7 million.
And there are a number of different steps an organization can take to help keep customer turnover as low as possible.
Customer Retention, Before and After a Breach
Before
You don’t want to wait until after a data breach to tell your customers that you prioritize cybersecurity. It will come across as insincere. After all, what reasons have you given to make customers believe it? That’s why placing an emphasis on your commitment to cybersecurity and protecting customer data before a breach is essential.
A key way to show your commitment is to have a governance structure in place that shows you prioritize cybersecurity. The Ponemon report shows that organizations with an established executive position responsible for ensuring the protection of customer data directly helps to reduce lost business.
Educating customers about privacy is another great way to build trust. Be upfront with your customers when it comes to how you use their information and why. This can involve having an accessible and clearly written privacy policy, informing customers about your use of cookies, and recommending the use of multifactor identification.
After
In the event a breach does occur, not all hope is lost. Your customers will be rightfully concerned, but making it a priority to show what steps your taking to mitigate the effects of the breach will go a long way toward retaining those customers.
An important way to show this is first and foremost to promptly notify those effected about the breach. If a breach occurs, you don’t want to look like you were dragging your feet. There is no surer way to lose customer trust than to seem like you’re hiding the fact that customer data was lost.
After notifying your customers, you also want to provide help for customers that were effected. Providing comprehensive identity theft prevention tools and requiring customers to reset their password are two good ways to do this. In fact, the Ponemon report found that organizations that offered data breach victims identity protection experienced a smaller amount of customer turnover.
After a breach, companies are fond of talking about the how committed they are to protecting customer privacy. But the bottom line is that you want to prove this to your customers. Showing respect for their privacy before a breach occurs and especially afterwards will greatly reduce the impact your company will endure.
