Credit: Sur | Dreamstime.com
A general lack of confidence in the desire or ability of organisations to fully protect user data is increasing across Asia Pacific, with two in five reporting the selling of personally identifiable user information.
That's according to findings from CA Technologies, which found that Asia Pacific and Japan (APJ) scored 63 points out of 100 in its 2018 Digital Trust Index, an indication of consumers’ flagging confidence in an organisations ability or desire to fully protect user data.
"As businesses across every sector create new online goods and services for their customers, they are consuming an increasing amount of personally identifiable user data,” said Jarad Carleton, industry principal, Frost & Sullivan.
"The degree to which consumers have placed their trust in organisations to protect their information is more critical than ever.
"At the same time, there is an increasing distrust in APJ that businesses will be good stewards of the data they collect without strong oversight.
"There is a lot of work to do to earn back consumer trust, and organisations need to know how to get started."
Furthermore, the findings indicate a significant gap between the trust consumers (63 per cent) actually have in an organisation and the perceived trust business decision makers and cyber security professionals (76 per cent) think they have in their organisations.
This overestimation of trust has the unfortunate effect of leading to complacent business leaders, undermining efforts to understand the importance of consumer trust, improve security infrastructure and enforce data protection policies.
Not only that, but there is widespread misplaced confidence among APJ organisations in their ability to be good data stewards with 89 per cent of business executives and IT security professionals across the region declaring they are very good at protecting consumer data.
Furthermore, 92 per cent (nine out of ten) of business and IT respondents believed that better data privacy is a point of differentiation for them against their competitors.
Data protection
However, results from the study indicate a lack of demonstrable action when it comes to protection consumer data across APJ, with 73 per cent (three out of four) of APJ business executives indicating that they used consumer data internally within their organisation within redacting personally identifiable information (PII).
Even more alarming is that 40 per cent of APJ business executives admitted to selling consumer data, which also included PII, with only 17 per cent of cyber security professionals aware that their company was selling this data.
The basic takeaway here it that a lack of communication within an organisation on how consumer data is used can have a significant impact on an organisation’s ability to safeguard customer data from both internal as well as external abuse.
Organisations across APJ will need to make concerted efforts to improve their data management and security measure, or risk losing consumers and ultimately revenue, with 33 per cent of APJ consumers reporting that they currently use or have used services of organisations that were involved in a publicly disclosed data breach.
However, 54 per cent report that they have stopped using services of an organisation that has been involved in a data breach.
Data breaches are unfortunately no longer an ‘if they occur’ but ‘when' type scenario.
In fact, 38 per cent of APJ business executives surveyed admitted that their organisation has been involved in a publicly disclosed consumer data breach just in the last year, with 59 per cent (three out of five) of respondents reporting that the data breach had a long-term, negative impact on consumer trust (59 per cent) and business results (63 per cent).
This eroding trust of consumers in an organisation ability to be good stewards of their data is having a knock on effect in major region growth verticals like e-commerce and the digital economy, in general, undermining business growth.
The findings indicate that 13 per cent of consumers with low digital trust still reduced their spending on online shopping and services over the last year, more than four times higher compared to consumers with high digital trust where only three per cent have decreased their spending.
The rollout and adoption of new digital services have also been impacted by this lack of trust with only 22 per cent of consumers with low digital trust more receptive to use an organisation’s app to access their services, compared to 46 per cent of consumers with high digital trust.
Furthermore, only eight per cent of the consumers with low digital trust in the region are willing to provide their personal data in exchange for digital services, compared to 77 per cent of the consumers with high digital trust.
“Asia Pacific is home to 1.9 billion internet users, or half of the world’s digital population,” added Gene Ng, vice president of security APJ at CA Technologies.
“As consumers are increasingly transacting online, organisations here have access to vast amounts of data, from personal information to user behaviour.”
“The responsibility to protect data has never been more vital. For our digital economy to continue to thrive, consumers need to be confident that their personal data is being collected, stored and used in a manner that benefits and protects them.
"That is why understanding what drives digital trust is of paramount importance to business leaders."
Business response
What should organisations do next? If these results ring true then in order to win back consumer trust, a significant re-examination of organisational data stewardship in needed, such as consumer data usage policies and being more transparent about how their data is being used.
It also means taking greater care when sharing or selling data to ensure that they uphold stringent standards of protection.
“Companies also need to adopt a security-driven culture across their entire organisation,” said Ng.
“This involves authorising access to only those who need to use the data while deploying cyber security best practices, such as implementing a comprehensive identity and access management solution to protect data assets.
“These measures are not only essential for delivering a secure user experience and restoring consumers’ trust in the organisation, they will also mitigate the risk of losing half of the company’s customer base due to a data breach."
Technology also plays a significant role in reinforcing digital trust with 90 per cent of cyber security professionals across APJ signally that the use of identity access management technology is critical in safeguarding consumer data while 87 per cent stated that implementing user behaviour analytics to identify suspicious activities is vital.
