Perception is Truth: Trust and Reputation in Cyber Security

Perceptions of trust

A piece of research published recently by Ponemon Institute has found that consumer trust in certain industries may be misplaced:

  • 68% of consumers say they trust healthcare providers to preserve their privacy and to protect personal information. In contrast, only 26% of consumers trust credit card companies
  • Yet, healthcare organisations account for 34% of all data breaches while banking, credit and financial organisations account for only 4.8%. Banking, credit and financial industries also spend two-to-three times more on cyber security than healthcare organisations

It is worth noting that the research was conducted before WannaCry hit the NHS: it would be interesting to see whether the perception of trustworthiness in healthcare providers has been impacted by that high profile incident.

Why do some sectors have a much stronger image of trustworthiness when it comes to cyber security, even when this contradicts reality? Is this consumer wishful thinking, media reporting bias or something else? Should organisations that are not rated highly for trustworthiness be more vocal about the efforts they undertake to be more secure?

Is brand protection part of your job?

The survey The Impact of Data Breaches on Reputation & Share Value: A Study of Marketers, IT Practitioners and Consumers in the United Kingdom, sponsored by Centrify, also found that IT practitioners do not believe that brand protection is their responsibility:

  • 71% of IT respondents in the research do not believe that protecting their company’s brand is their responsibility
  • However, 43% of these respondents do believe a material cybersecurity incident or data breach would diminish the brand value of their company

The research surveyed three groups (IT practitioners, Chief Marketing Officers (CMOs) and consumers) to ascertain their perspectives on data breaches.

Perhaps unsurprisingly, CMOs allocate more money in their budgets to brand protection than IT:

  • 42% of CMOs surveyed say a portion of their marketing and communications budget is allocated to brand preservation and 60% of these respondents say their department collaborates with other functions in maintaining company brand
  • Only 18% of IT practitioners say they allocate a portion of the IT security budget to brand preservation and only 18% collaborate with other functions on brand protection

Should IT practitioners be more proactive in pursuing brand preservation? Or, is it the responsibility of organisations to encourage their IT departments to be more engaged in reputational protection?

Impact blindspots

The loss of stock price seems to be a blind spot of CMOs and IT practitioners. Reputation loss due to a data breach is one of the biggest concerns to both IT practitioners and CMOs, and yet:

  • Only 23% of CMOs and 3% of IT practitioners say they would be concerned about a decline in their companies’ stock price
  • In organisations that had a data breach, only 5% of CMOs and 6% of IT professionals say a negative consequence of the breach was a decline in their companies’ stock price

IT practitioners and CMOs share the same concern about the loss of reputation as the biggest impact after a breach, but after that, the concerns are specific to their function.

For CMOs, the top three concerns about a data breach are:

  • Loss of reputation (67% of respondents)
  • Decline in revenues (53% of respondents)
  • Loss of customers (46% of respondents)

For IT, the biggest concerns are:

  • The loss of their jobs (63% of respondents)
  • Loss of reputation (43% of respondents)
  • Time to recover decreases productivity (41% of respondents)

What are the implications on cyber security for an organisation when the marketing department is so externally focused and the IT department is internally focused?

By Dr Jessica Barker