Following a year of medical, social and economic upheavals, with nearly every organization rethinking how it does business and some experiencing major cyber intrusions amid the pandemic, where are customers when it comes to trusting companies with their data? Will they continue purchasing products and services from companies with which they’ve done business for years, even those affected by significant breaches?
Consumers once remained loyal to businesses despite mistrust over how their data was used. Most kept coming back even after well-publicized security breaches.
This phenomenon, the gap between the value consumers say they place on privacy and how they actually behave, has been called the privacy paradox by some experts on consumer behavior. Some who claim to be disturbed by privacy threats will keep giving away their personal data on social media platforms and elsewhere online, even returning to companies hit by theft of customers’ data.
But that type of consumer loyalty could be a thing of the past, according to a global survey (part of PwC's Consumer Intelligence Series) of more than 5,000 consumers and 2,000 executives.
If consumers are staying loyal to breach-affected businesses, it’s not because they don’t care about privacy. It’s because they think they have no choice. Skeptical that their data would be better protected if they were to switch to a different company, consumers feel trapped. Still, they yearn for an alternative and would take it if they could. Faced with few better options, some consumers are simply dropping out: One in ten expected their overall engagement with technology to decrease in the next six months.
As a business leader, are you willing to bet your company’s future on the hope that no competitor will give consumers a better option tomorrow? Or will you be that better choice?
No one can call global consumers naive. They increasingly recognize the price of the implicit contract by which they willingly provide their data to “free” apps and sites. When it comes to privacy, for example, 67% say they have little to no control over how their data is used. On security, 60% say they expect the companies they do business with to suffer a data breach someday. That’s likely because 34% say that one or more companies that hold their data have already suffered a breach.
Yet when it comes to words and actions, consumers offer an apparent contradiction. Sixty-six percent call data breaches “unacceptable,” but in practice most do accept them: 55% have continued to use or buy from companies, even after learning that those companies had suffered a breach.
Consumers aren’t hypocrites. Nor are they fooling themselves. They’re rational. Sixty-seven percent say that despite “nervousness” over sharing data, the benefits outweigh the risks, and 76% call sharing personal information with companies a “necessary evil.”
While a majority stick with companies despite their qualms, they want a better option. Eighty-five percent say they wish there were more companies they could trust with their data. Eighty-three percent want more control over their own data.
“I’m very dependent on all these big companies. I use their products, their services, and there’s really no alternative, so you just have to live with it. … No matter what the company says, saying, ‘We’re going to have 100% privacy. We’re not going to share any of your data,’ to me, I think it’s just baloney. I think it’s just something for them to say.”
Consumers want companies to provide that trust and offer them that control. Eighty-six percent call it the responsibility of business to protect consumer data, in part because consumers know what they don’t know: 59% call themselves “novices” at protecting their personal privacy, perhaps because privacy documents can stretch to dozens of pages, which few have time to read. When it comes to security, only 27% of consumers understand the workings of hardware and software tokens. Only 35% know the meaning of identity theft monitoring.
Consumers aren’t finding businesses they can trust, but if they do so in the future, they’ll choose those companies instead. Social media platforms, for example, are famously “sticky,” but 52% of global consumers say they would leave the platforms they now frequent for one that better protects their data.
“The more information they get from you, the more they’re able to send you offers and things like that that are tailored to you. So [by not sharing data] you probably miss out on that, but if you weigh up the pros and cons, it’s not that big of an issue.”
“There’s a problem, but it’s not mine.” That’s the attitude of many business leaders around the world regarding consumer trust in data safeguards. Seventy-six percent say that companies on the whole are facing a crisis of consumer trust, yet that mistrust apparently is caused by someone else: 80% give themselves an A or B grade for protecting consumer data.
Businesses also think things are getting better: 55% point to increasing consumer trust in their technology. Do you agree? If so, you’re not alone. Most corporate leaders say the same.
One catch: Consumers beg to differ. Only 21% of global consumers actually report such growing trust. A larger proportion (28%) say their trust in businesses’ technology has actually been falling.
It’s understandable that businesses expect greater trust from their customers. Many are genuinely making serious, praiseworthy efforts to improve data security. For a start, they're accepting responsibility, with 58% of global leaders saying it’s primarily the job of business (not consumers or the government) to improve data privacy and security. Eighty-five percent say they comply with the strictest privacy and security regulations around the world, whether that’s GDPR, CCPA, the China Cybersecurity Law or Brazil’s General Data Protection Law, rather than shopping for less stringent rules in individual jurisdictions. Fifty-four percent of business leaders also say that encryption is a top priority.
“The thing is, they’re still not protecting us. Everyone is saying the hackers are taking two steps ahead of us or ahead of the companies, and ultimately we pay the price, not the company. The company still profits off of us.”
Yet businesses also acknowledge challenges, especially internally. Seventy-three percent report that “privacy and security are hard to prioritize among all the other things that we must accomplish at my company.” That may be because 72% say they’re reluctant to invest in something that “feels invisible,” like behind-the-scenes security. By comparison, investments in monetizing consumer data without consumers’ explicit permission may offer an appealing, short-term revenue boost.
Even if it can be hard to win organizational buy-in for investments in privacy and security that exceed regulatory requirements, and even if existing efforts often are inadequate to win consumer trust, businesses shouldn’t give up. Consumers are clear about what they want — and they’re not demanding anything that businesses aren’t capable of giving.
“If you want me to trust you, you have to tell me how you treat my data and how you are securing it.”
Consumers understand that even the best security systems will falter at times. When we asked their likely reaction if a company suffered an incident that affected their data security or privacy, only 27% said they would stop doing business with that company. Even in the highly sensitive area of mobile payments, only 31% said that a security breach meant they would automatically switch to a different company.
Instead, 62% of consumers said they would either “wait and see” how the company responded or “seek” an alternative provider — and “seek” implies that they might still stay with a company that had failed them once.
Consumers don’t need perfection or big, sweeping fixes right away. Instead, when our survey asked consumers what companies should do to build or rebuild their trust in technology, the overwhelming message was clear: Be transparent and show that you’re trying your absolute best and that you are on their side.
Forty-four percent of consumers call “transparency and quick action after a breach” important steps when it comes to building or rebuilding trust. Consumers also cite transparency about a company’s use of consumer data (39%) and about whether and how their data is shared (39%) as crucial policies.
Consumers cite as foundations of trust best practices proactively integrating privacy and security into products and services (39%), encrypting all consumer information and company databases (38%) and including security experts in the design of each product (36%).
To show that you’re on their side, consumers want no third-party sales of their data (39%), the option to choose how their data is used (37%) and clarity about how they can set privacy settings (36%).
All these consumer priorities are within the grasp of businesses — if they choose to act on them. None require an impossible promise to eliminate all risk of a data breach. All leave open multiple opportunities for monetizing data — if companies successfully deploy specific solutions.
Earning consumers’ trust and continuing to use data to grow revenue are not mutually exclusive ambitions. We have found four solutions that work again and again, letting you earn consumers’ trust while also helping to make your data trusted data — the kind that produces insights (often with the help of artificial intelligence) that your decision-makers can rely on for new revenue streams and business models. By simultaneously supporting the business, compliance and consumer trust, these solutions can also be an integral part of a broader digital transformation.
Start by building a trust team that includes not only privacy and risk experts, but also all the organizational leaders who must (and in many cases, already do) integrate privacy and security into their daily work. This includes IT teams, who are focused on making technology safe; top management, who are anxious to protect the company and the brand; business leaders, who are eager to monetize data; and marketing teams, who crave effective campaigns and a stellar customer experience. All of these groups must have a voice in deploying the four solutions that boost opportunities for customer trust as well as monetization.
Nine in ten business leaders say that building and maintaining customer trust will be the competitive advantage of the future. But right now, few are prepared to seize that advantage, and the odds of consumers trusting companies’ technology are falling, not rising. Thirty-six percent are less comfortable sharing information now than a year ago. Only 17% are more comfortable. And though customization is one of the greatest business opportunities, most consumers are planning to stay away: 56% would rather keep their information private and settle for generic products and services, rather than sharing personal information to enable products and services tailored to their needs.
Companies can no longer assume that consumers will tolerate subpar privacy and security practices. Consumers are learning more about the different ways their privacy can be breached, thanks to citizen activists, investigative journalists and scholars. And regulators are studying how current and emerging business models and practices enabled by the internet of everything can lead to increasing violations of consumers’ privacy.
Since consumers want a better choice, sooner rather than later a company will provide it — and business leaders increasingly recognize the imperative, with 83% saying, “We have reached a tipping point in which customers are demanding control of their data.”
Even if consumers are skeptical, they haven’t lost hope: They are looking for companies they can trust. The road is therefore wide open for forward-thinking companies to give consumers the privacy, security, transparency and control that they crave, in a way that truly will create a competitive advantage.
This road will not be easy. It also has no end. Designing privacy and security throughout the organization is an ongoing responsibility. Technology evolves at a breathtaking, accelerating pace, as do the business opportunities that it supports, leading to ever-new practical and ethical questions.
How should businesses use publicly available data on consumers? How far should you go in subliminally “nudging” behaviors? What’s the right balance to strike between national security concerns and personal privacy? New questions, unimaginable today, will surely appear tomorrow. Regulators’ requirements, too, are constantly changing, and consumers’ values — what data they are willing to share, and at what price — are also in flux.
The target, already hard to hit, is always moving, but the reward for success is tremendous: consumers who will give you loyalty and willingly share the data that is the basis for the business models of the future.