Four steps to gaining consumer trust in your tech

Example pattern for mobile
Example pattern for desktop


  • While some businesses believe they’re making great strides in data privacy and protection, many customers beg to differ. 
  • Consumers, once loyal no matter what, are starting to penalize companies for failing to protect customer information.
  • Organizations can rebuild trust by treating data privacy and security as core values.

Following a year of medical, social and economic upheavals, with nearly every organization rethinking how it does business and some experiencing major cyber intrusions amid the pandemic, where are customers when it comes to trusting companies with their data? Will they continue purchasing products and services from companies with which they’ve done business for years, even those affected by significant breaches?

Consumers once remained loyal to businesses despite mistrust over how their data was used. Most kept coming back even after well-publicized security breaches. 

This phenomenon, the gap between the value consumers say they place on privacy and how they actually behave, has been called the privacy paradox by some experts on consumer behavior. Some who claim to be disturbed by privacy threats will keep giving away their personal data on social media platforms and elsewhere online, even returning to companies hit by theft of customers’ data.

But that type of consumer loyalty could be a thing of the past, according to a global survey (part of PwC's Consumer Intelligence Series) of more than 5,000 consumers and 2,000 executives.

If consumers are staying loyal to breach-affected businesses, it’s not because they don’t care about privacy. It’s because they think they have no choice. Skeptical that their data would be better protected if they were to switch to a different company, consumers feel trapped. Still, they yearn for an alternative and would take it if they could. Faced with few better options, some consumers are simply dropping out: One in ten expected their overall engagement with technology to decrease in the next six months.

As a business leader, are you willing to bet your company’s future on the hope that no competitor will give consumers a better option tomorrow? Or will you be that better choice?

You may not be a trusted partner — but a necessary evil

No one can call global consumers naive. They increasingly recognize the price of the implicit contract by which they willingly provide their data to “free” apps and sites. When it comes to privacy, for example, 67% say they have little to no control over how their data is used. On security, 60% say they expect the companies they do business with to suffer a data breach someday. That’s likely because 34% say that one or more companies that hold their data have already suffered a breach.

Yet when it comes to words and actions, consumers offer an apparent contradiction. Sixty-six percent call data breaches “unacceptable,” but in practice most do accept them: 55% have continued to use or buy from companies, even after learning that those companies had suffered a breach.

Consumers aren’t hypocrites. Nor are they fooling themselves. They’re rational. Sixty-seven percent say that despite “nervousness” over sharing data, the benefits outweigh the risks, and 76% call sharing personal information with companies a “necessary evil.”

While a majority stick with companies despite their qualms, they want a better option. Eighty-five percent say they wish there were more companies they could trust with their data. Eighty-three percent want more control over their own data.

“I’m very dependent on all these big companies. I use their products, their services, and there’s really no alternative, so you just have to live with it. … No matter what the company says, saying, ‘We’re going to have 100% privacy. We’re not going to share any of your data,’ to me, I think it’s just baloney. I think it’s just something for them to say.”

Consumer, United States

Consumers want companies to provide that trust and offer them that control. Eighty-six percent call it the responsibility of business to protect consumer data, in part because consumers know what they don’t know: 59% call themselves “novices” at protecting their personal privacy, perhaps because privacy documents can stretch to dozens of pages, which few have time to read. When it comes to security, only 27% of consumers understand the workings of hardware and software tokens. Only 35% know the meaning of identity theft monitoring.

Consumers aren’t finding businesses they can trust, but if they do so in the future, they’ll choose those companies instead. Social media platforms, for example, are famously “sticky,” but 52% of global consumers say they would leave the platforms they now frequent for one that better protects their data.

“The more information they get from you, the more they’re able to send you offers and things like that that are tailored to you. So [by not sharing data] you probably miss out on that, but if you weigh up the pros and cons, it’s not that big of an issue.”

Consumer, United Kingdom

You may think you’re making progress — but you’re not

“There’s a problem, but it’s not mine.” That’s the attitude of many business leaders around the world regarding consumer trust in data safeguards. Seventy-six percent say that companies on the whole are facing a crisis of consumer trust, yet that mistrust apparently is caused by someone else: 80% give themselves an A or B grade for protecting consumer data. 

Businesses also think things are getting better: 55% point to increasing consumer trust in their technology. Do you agree? If so, you’re not alone. Most corporate leaders say the same.

One catch: Consumers beg to differ. Only 21% of global consumers actually report such growing trust. A larger proportion (28%) say their trust in businesses’ technology has actually been falling.

It’s understandable that businesses expect greater trust from their customers. Many are genuinely making serious, praiseworthy efforts to improve data security. For a start, they're accepting responsibility, with 58% of global leaders saying it’s primarily the job of business (not consumers or the government) to improve data privacy and security. Eighty-five percent say they comply with the strictest privacy and security regulations around the world, whether that’s GDPR, CCPA, the China Cybersecurity Law or Brazil’s General Data Protection Law, rather than shopping for less stringent rules in individual jurisdictions. Fifty-four percent of business leaders also say that encryption is a top priority.

“The thing is, they’re still not protecting us. Everyone is saying the hackers are taking two steps ahead of us or ahead of the companies, and ultimately we pay the price, not the company. The company still profits off of us.”

Consumer, United States

Yet businesses also acknowledge challenges, especially internally. Seventy-three percent report that “privacy and security are hard to prioritize among all the other things that we must accomplish at my company.” That may be because 72% say they’re reluctant to invest in something that “feels invisible,” like behind-the-scenes security. By comparison, investments in monetizing consumer data without consumers’ explicit permission may offer an appealing, short-term revenue boost.

Even if it can be hard to win organizational buy-in for investments in privacy and security that exceed regulatory requirements, and even if existing efforts often are inadequate to win consumer trust, businesses shouldn’t give up. Consumers are clear about what they want — and they’re not demanding anything that businesses aren’t capable of giving.

As trust in companies continues to decline, business leaders are underestimating the gap
Two pie charts: How has trust in companies changed in the past 2 years?

“If you want me to trust you, you have to tell me how you treat my data and how you are securing it.”

Internet expert, China

Consumers don’t expect perfection. They expect respect.

Consumers understand that even the best security systems will falter at times. When we asked their likely reaction if a company suffered an incident that affected their data security or privacy, only 27% said they would stop doing business with that company. Even in the highly sensitive area of mobile payments, only 31% said that a security breach meant they would automatically switch to a different company.

Instead, 62% of consumers said they would either “wait and see” how the company responded or “seek” an alternative provider — and “seek” implies that they might still stay with a company that had failed them once.

Consumers don’t need perfection or big, sweeping fixes right away. Instead, when our survey asked consumers what companies should do to build or rebuild their trust in technology, the overwhelming message was clear: Be transparent and show that you’re trying your absolute best and that you are on their side.

Forty-four percent of consumers call “transparency and quick action after a breach” important steps when it comes to building or rebuilding trust. Consumers also cite transparency about a company’s use of consumer data (39%) and about whether and how their data is shared (39%) as crucial policies.

Consumers cite as foundations of trust best practices proactively integrating privacy and security into products and services (39%), encrypting all consumer information and company databases (38%) and including security experts in the design of each product (36%).

To show that you’re on their side, consumers want no third-party sales of their data (39%), the option to choose how their data is used (37%) and clarity about how they can set privacy settings (36%).

All these consumer priorities are within the grasp of businesses — if they choose to act on them. None require an impossible promise to eliminate all risk of a data breach. All leave open multiple opportunities for monetizing data — if companies successfully deploy specific solutions.

Visit PwC’s Cyber & Privacy Innovation Institute

Get more insight on trusted tech

Visit PwC’s Cyber & Privacy Innovation Institute

Dive into more executive research and perspectives on cyber, privacy and trust in technology

Learn more

Solutions: How to be the trusted company that consumers seek

Earning consumers’ trust and continuing to use data to grow revenue are not mutually exclusive ambitions. We have found four solutions that work again and again, letting you earn consumers’ trust while also helping to make your data trusted data — the kind that produces insights (often with the help of artificial intelligence) that your decision-makers can rely on for new revenue streams and business models. By simultaneously supporting the business, compliance and consumer trust, these solutions can also be an integral part of a broader digital transformation.

Start by building a trust team that includes not only privacy and risk experts, but also all the organizational leaders who must (and in many cases, already do) integrate privacy and security into their daily work. This includes IT teams, who are focused on making technology safe; top management, who are anxious to protect the company and the brand; business leaders, who are eager to monetize data; and marketing teams, who crave effective campaigns and a stellar customer experience. All of these groups must have a voice in deploying the four solutions that boost opportunities for customer trust as well as monetization.

Bar chart titled
Who in the organization is most interested in building customer trust?
IT teams
Heads of business
Security/privacy team
Heads of product
Risk team
No one
(% business leaders)

1. Name privacy and security as core values, so consumers can hold you accountable

  • Decide on a privacy stance that’s right for your business, from among five archetypes. You’ll determine this by considering questions such as: How much value will consumers gain from a more personalized experience? How much friction is our current privacy program causing the business?
  • Communicate the measures that you are taking to back up these core values, so consumers know you are protecting them and so they can better protect themselves.
  • Consider establishing a C-level position responsible for orchestrating and communicating initiatives around privacy and security. Include not just customers, but also investors, regulators and employees in your communications. Keep track of evolving regulations on privacy and privacy reporting worldwide. Regulations and values vary from one country to the next; a privacy right in one country may not be viewed the same in another. Multinationals may need one set of privacy and security values that they apply globally, and an additional set of country-specific ones.

2. Choose privacy and security by design and weave it throughout the entire organization

  • Embed risk-based safeguards into IT systems’ architecture as well as your business practices, supply chain, third-party contracts, agile development and controls to make your organization the center of a growing web of trust.
  • For best results, bring privacy and security experts on board at the start of any data-related initiative. It’s more effective (and more cost-effective) to embed privacy and security from the get-go than to add it on later. Starting with privacy and security also helps demonstrate that those priorities truly are core values.

3. Prove to customers that you respect them

  • Tell consumers how you are storing, using and deleting data, and how you are complying with the new California Privacy Rights Act (CPRA) and other regulatory requirements, by using direct, individual communications on multiple channels throughout the buying cycle.
  • Your CEO should take a global position on consumer privacy rights to data access, portability, correction, use restriction and erasure.
  • Assign the CMO a project to develop customer experience journeys that align with cultural and legal expectations and company positions on data and technology ethics.
  • Offer options to give consumers control over their data — including the option to choose how their data is used — and clear choices among privacy settings. Don’t sell their data to third parties without their explicit permission.

4. Should a breach occur, act quickly and transparently

  • Put together a communications plan addressing victim notification as well as brand preservation as part of your incident response procedures. Transparency requires not just sharing the fact of the breach as soon as it occurs, but also doing so through multiple channels and providing continual updates.
  • Aside from quick action to repair the breach, consider some of the top responses (see graphic) that consumers say will rebuild trust after a breach occurs. 
  • Pay attention to cultural differences. Consumers in some countries are far more likely to want a “personal touch” (such as a public apology or the opportunity to talk to a customer support specialist) than in others.
Bar chart titled
What consumers want after a data breach
Provide free security service to better protect data in the future
Communicate the steps that they were taking to prevent future breaches
Communicate clearly how I could be affected by the incident
Compensate me with cash
Compensate me with loyalty/reward points
Provide steps I could take myself to protect my data
Publicly apologize for the incident
Connect me to a live customer support security team
Q: What are the steps you would most like to see companies take in the wake of a breach to rebuild trust? Source: PwC Consumer Intelligence Series, Trusted Tech survey, 2020

A tipping point is near. This could be the time of reckoning in trust.

Nine in ten business leaders say that building and maintaining customer trust will be the competitive advantage of the future. But right now, few are prepared to seize that advantage, and the odds of consumers trusting companies’ technology are falling, not rising. Thirty-six percent are less comfortable sharing information now than a year ago. Only 17% are more comfortable. And though customization is one of the greatest business opportunities, most consumers are planning to stay away: 56% would rather keep their information private and settle for generic products and services, rather than sharing personal information to enable products and services tailored to their needs.

Companies can no longer assume that consumers will tolerate subpar privacy and security practices. Consumers are learning more about the different ways their privacy can be breached, thanks to citizen activistsinvestigative journalists and scholars. And regulators are studying how current and emerging business models and practices enabled by the internet of everything can lead to increasing violations of consumers’ privacy.

Since consumers want a better choice, sooner rather than later a company will provide it — and business leaders increasingly recognize the imperative, with 83% saying, “We have reached a tipping point in which customers are demanding control of their data.”

Even if consumers are skeptical, they haven’t lost hope: They are looking for companies they can trust. The road is therefore wide open for forward-thinking companies to give consumers the privacy, security, transparency and control that they crave, in a way that truly will create a competitive advantage.

This road will not be easy. It also has no end. Designing privacy and security throughout the organization is an ongoing responsibility. Technology evolves at a breathtaking, accelerating pace, as do the business opportunities that it supports, leading to ever-new practical and ethical questions.

How should businesses use publicly available data on consumers? How far should you go in subliminally “nudging” behaviors? What’s the right balance to strike between national security concerns and personal privacy? New questions, unimaginable today, will surely appear tomorrow. Regulators’ requirements, too, are constantly changing, and consumers’ values — what data they are willing to share, and at what price — are also in flux.

The target, already hard to hit, is always moving, but the reward for success is tremendous: consumers who will give you loyalty and willingly share the data that is the basis for the business models of the future.

Need help with trusted tech?

Need help with trusted tech?

Our cyber team can help you build trust in the era of disruption

Learn more

Sean Joyce

Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US


Jay Cline

US Privacy Leader, Principal, Minneapolis, PwC US


Anand Rao

Global AI Lead; US Innovation Lead, Emerging Technology Group, Boston, PwC US


Next and previous component will go here

Follow us