Does your data breach CX match your brand promise?
Data breaches are inevitable, but a well-handled response can transform a crisis into an opportunity to reinforce a brand's commitment to its customers, argues Lauren Clancy, client partner (cyber and technology) at Porter Novelli Australia.
What do you say to 50,000 loyal customers after you’ve lost their credit card details?
If you don’t know, you’re facing a rolling crisis, especially if you are a consumer-facing brand that talks a big game on customer care.
Our extensive experience and research in data breach response shows that if your CX in a crisis is vastly different from your CX when you’re trying to sell something, you’re going to break a fundamental brand promise with your customers.
On the other hand, if you handle it well, you can create a “crisis-tunity”.
Being impacted by a data breach is simply a matter of when. This is especially true given there were nearly 500 “notifiable” data breaches reported to the Office of the Australian Information Commissioner (OAIC) in the last six months of 2023 – a 19 per cent increase in the number of breaches involving Australians’ personally identifiable information.
Given this, what is the expectation on your brand?
According to our recent research in partnership with Quantum Market Research which explored the impact of data breaches on Australians, 64 per cent of Australians believe companies can protect their personal information, but only 41 per cent believe they’re doing enough to protect it.
This feeling that organisations are asleep on guard duty is why communicating effectively with customers during a data breach can make or break your reputation. Consumers are “pre-angry” at you when you’ve had a breach, because many of them already think you could have done more to protect them, but haven’t.
You’ve failed at a simple test of your brand promise. This makes people very emotional, and they leave, never to return.
Despite all this, brands are still not prepared to communicate with customers and stakeholders once a data breach is detected. They just don’t know where to begin.
So, what do customers really expect from you in a data breach? How do you uphold your CX?
The thing to note is that we’re not talking about improving your CX in the middle of a crisis. We’re talking about maintaining consistency in CX. In other words, is your planned approach to data breach response consistent with the way you interact with customers at all other times?
For example, we work with a brand that markets extremely high-end, luxury products. If they were to have a public incident, customers would call to inquire. They would not be impressed if they were to hear, “…you’ve called at a busy time…”
As a result, pre-preparing a customer contact centre that can be stood up in two hours is an integral part of that brands’ data breach response plan. Their customers will receive the same level of love and attention received when they were buying a product. Given the price point, their (reasonable) expectation is fast, personalised, excellent response.
By providing a consistent experience, their customers understand that while data breaches might be inevitable, the company did everything it could and put customers first.
It doesn’t matter how you maintain consistency of experience or what is appropriate for your brand, you just need to do it, because it really matters.
Almost half of Australians (48 per cent) have reported experiencing emotional distress as the direct result of a data breach, according to our research.
In addition to this emotional toll, your customers often face a time-consuming nightmare. Setting up new identity documents and financial details, cancelling tax file numbers and waiting for new bank cards. One in 10 people impacted by a breach last year had to take time off work to deal with the impacts.
When brands are slow, incompetent in communicating or less transparent than their customers expect, customers get savage.
When we asked Australians to compare against six best practices in data breach communications, they told our researchers that doing the bare minimum in communications causes an enormous loss of trust. Only two per cent said they would still trust the organisation, five per cent said they would buy again, and just four per cent said they would recommend. Your data breach just smashed your NPS.
On the other hand, when brands adhere to most or all of the best practices, almost half (44 per cent) of Australians said would buy again and that NPS jumped from four per cent to 37 per cent.
These “best practices” aren’t rocket science. We’re talking about acting quickly to provide transparent information and clear guidance to help consumers protect themselves.
While they’re not rocket science, they also can’t be created quickly. Strong governance demands good preparedness. Just having a specific data breach response plan and regular simulations to test your plan puts you lightyears ahead, not to mention some bespoke touches to ensure you’re consistent with customers.
Your operational response plan will restore and remediate your network, but a robust communication plan will ensure you still have a business to run when you’re back online.
A “head-down” approach will be seen by customers as a “head in the sand” approach, and we’ve seen companies go out of business following a breach.
Now is the time to consider how your data breach customer experience will work so you don’t risk letting your customers down at a critical time.
Lauren Clancy is client partner (cyber and technology) at Porter Novelli Australia.
