As the reports of companies losing customer data continue to pile up, privacy protection is becoming a top-of-mind issue, both for customers, who naturally don't want their personal information falling into the wrong hands, and companies, who are suffering real damage to their brand, customer loyalty and bottom line.
Recent research is starting to put a number to the costs associated with lost customer data. A benchmarking study conducted last October by the Ponemon Institute in Tucson, Ariz. found that average additional spending resulting from a single data breach reached $5 million and ranged as high as $50 million for one insurance company. The average total recovery costs were $140 per lost customer record.
The Ponemon Institute examined about 135 companies in the Fortune 500 to benchmark their experiences, gathering some of its information from publicity surrounding data breaches.
"What was really interesting was some of the breaches were not a major public event," said Larry Ponemon, chairman and founder of the institute. "It's getting to be such a boring story. Really small breaches, ones that are less than 20,000 names, are not getting into the press at all."
However, small breaches still cost companies. Ponemon groups the costs into four core buckets: discovery, escalation, notification and ex-post response. The costs include mailing fees for notifications, follow up support such as providing credit monitoring services and free or discounted services, such as a 10% off coupon. Additionally, Ponemon identified "opportunity costs," which include turnover of existing customers and diminished new customer acquisition.
"Then there's lost business -- this is probably the hardest to estimate," Ponemon said. "Churn actually varies quite a bit. The lowest churn rates were banks and the highest were retail. The banking relationship is such a tough relationship to break."
In a separate study in September, Ponemon also found that a majority of customers who received data breach notifications were unsatisfied with the quality of the notification and communication process. The results of the study demonstrated that companies must take care in communicating breaches. While he has yet to find that people who have been the victim of a data breach are more likely to have their identity stolen, people still believe a breach will have a negative affect upon them, Ponemon said.
The method of communicating with customers can go a long way toward maintaining customer loyalty. For example, companies that report a breach are more than four times as likely to experience customer churn if they fail to communicate to the victim in a clean, consistent and timely fashion, according to the report. Companies that deploy e-mails or form letters to communicate a breach are more than three times more likely to experience churn than companies that use the telephone or personalized letters.
In fact, in rare cases a data breach can offer a chance to reinforce customer loyalty. Ponemon was surprised to find that 12% of respondents said the incident increased their confidence and trust in the company. When he went to double check the surprising figure, Ponemon spoke with one woman who said she was so impressed with the way her bank dealt with her after the breach she was less likely to leave. The bank sent her a letter, followed up with a phone call and gave her an hour of time explaining ways she could protect herself from identity theft.
All this comes at a time when the Internet is making customer loyalty increasingly fleeting. A survey of 1,000 U.S. consumers, conducted by Accenture Ltd., a Bermuda-based consulting firm, found that a majority believed the Internet makes it easier for change service providers.
"Consumers have much more knowledge today about their purchase options than they ever have in the past in large part to the information they have on the Internet," said Alton Adams, managing partner of the customer insight program at Accenture. "The whole concept of loyalty is a function of how well a company serves your needs in addition to your knowledge of available options. Now, there is a wealth of knowledge about available options. Companies need to work harder and harder to maintain loyalty because of Internet."
The biggest reason more than 50% of consumers in the survey switched companies was because the same offerings could be found elsewhere at a lower price but that was followed closely by having a bad experience, according to Accenture.
Customer privacy and respect are becoming issues companies are taking a much closer look at.
"This was a dream like eight or nine years ago," Ponemon said. "I used to say some day privacy is going to be a competitive advantage. Now companies like eBay and PayPal -- they're whole business model is around trust."