Friday, September 22, 2006

CMO Council Study Highlights Consumer Security Concerns

The CMO Council ( just released initial results from a major study, “Secure the Trust of Your Brand”, on how information security impacts customer attitudes. The initial report is a survey of consumer attitudes. Among the eye-opening factoids:

- the Federal Trade Commission reports that 10 million Americans each year become victims of identity theft, at an average cost per victim of $5,885 and 30 hours of time.

- about one in six Americans have had personal information lost or compromised (a number which will rise if the rate of 10 million incidents per year is sustained).

- Americans are twice as worried about identity protection as terrorist attacks (80% vs. 42%, although I’m not sure exactly how those percentages were calculated).

- 40% have stopped a transaction online, on the phone or in a retail store due to a security concern.

That last figure is particularly intriguing. It suggests that individuals are paying close attention to operational security processes and rejecting those they find substandard. Maybe, but given the number of passwords you’ll see taped to computer monitors in any office or home, permit me to doubt. It's more likely that activities as simple as declining to register at a Web site are included.

Other findings support my skepticism. Respondents said security is less than half as important as product quality in deciding which companies to do business with (33% vs 77%), and a just tiny fraction could name any particular brand as having a trusted reputation for protecting its customers security.

This leads me to several observations. One is basically a Note To Self: security and privacy are different. Americans are notoriously willing to share private information in return for small conveniences or simply because someone asks. But that sort of sharing is voluntary and authorized and mostly involves information which people don’t really consider all that sensitive. Security is about involuntary and unauthorized information transfers and often involves data with much greater potential to do damage in the wrong hands. So it’s plausible that people would view privacy and security as separate issues and be more concerned about one than the other. Personally, I question the distinction: the more data organizations collect, even with authorization, the greater the risk it will be exposed in a security breach. But that’s just me.

A second observation, which is also made by the CMO Council study authors, is that there is a deep and growing popular unease about personal data security, even if it hasn’t quite yet reached the point of influencing purchase decisions. So even though marketers are probably safe in ignoring security concerns for the moment, this could change quickly. (Of course, the business and technology managers responsible for maintaining security must already pay attention. The question here is whether marketers need to address it in their messages to consumers.)

The third observation is that, from a Customer Experience Management point is view, you need a way to measure the contribution of security to customer value. I have some definite thoughts on that but this post is already too long. So I’ll write about it next time.

No comments: