Consumer attitudes towards security breaches are changing significantly

Transatlantic businesses face greater short-term pain in the US but less long term retribution in the UK following a security breach, according to new data from payment security business, PCI Pal. The research into consumer trust and spending habits was conducted during the last quarter of 2018 and pointed to some very clear cultural differences between the two countries.

consumer attitudes towards security breaches

62% of Americans report that they will stop spending with a brand for several months following a hack or breach, versus 44% of Brits. While less prone to react, Brits that do so are likely to hold onto negative perceptions for much longer than American consumers. 41% of British consumers and 21% of Americans reportedly never return to a brand after a hack.

A clear warning for any brands that process payments, the research suggested that perception alone is enough to impact revenue and reputation – almost a third (31%) of UK consumers stated that they spend less with brands they perceive to have insecure data practices, compared to just 18% of US survey respondents.

The findings suggest that the cost implication of a security breach remains high in both the US and UK, but brands will have to work longer and harder to mitigate negative perceptions in the UK to recover from the reputational costs of an incident.

“While security breaches are not new, consumers’ attitudes towards them appear to be changing significantly. This seems particularly prominent in the UK which suggests that the focus on GDPR has had a tangible impact on how British consumers view the value of their data, and business’ role in protecting it,” explained James Barham, CEO at PCI Pal.

Furthermore, more than half (56%) of all UK respondents reportedly dislike sharing credit card details verbally over the phone – in contrast just one in four Americans share this concern. Despite the wealth of online security threats, around a third of consumers on both sides of The Atlantic prefer online payment methods – 38% of Americans and 32% of Brits would look for an online alternative rather than share payment details verbally.

With a long history of pride in the vitality of their local economies, it should come as little surprise that more than half (55%) of Brits have more trust in local stores and businesses to handle their data responsibly – 30% rationalize that local businesses care more about their reputation while a quarter (25%) see them as less of a target for would-be hackers. Conversely, American respondents suggested that national businesses would be more committed to security protocols (28%) while a quarter (25%) found comfort in the belief that bigger budgets mean more investment in security practices.

Some similarities transcended cultural differences – the retail and travel industries are seen as potentially insecure on both sides of the pond. 19% of Americans and 40% of Brits see retail as a risky business when it comes to their personal data; 16% of Americans and 35% of Brits see the travel sector as the most insecure. Generally speaking, the UK is leading a growing trend in all-around awareness and concern in the matter of data security – a trend to which Americans are now gradually catching on.

“Awareness of data security is something that is on everyone’s radar, yet our UK and US surveys have highlighted some real differences of opinions and traits, when comparing attitudes on data and payment security between the two countries,” explains James Barham, CEO at PCI Pal.

“UK consumers certainly seem more guarded with providing personal information, such as payment card details, over the phone. Similarly, if a security breach has occurred at an organisation, Brits appear more likely to avoid that organisation in the future, and instead go elsewhere. In my opinion, 2019 is the year that organisations need to take steps to provide far clearer assurances to consumers as to just how their data is being captured, processed and stored.”

consumer attitudes towards security breaches

A psychotherapist’s view

With a clinical and consulting practice in New York City, PCI Pal invited psychotherapist Dr. Ellyn Gamberg to review the findings of the survey to compare the behaviors of UK and US consumers and their attitudes to data and payment security.

In summary, Dr. Gamberg identified the following:

  • Both UK and US findings confer that after a security breach consumer spending behaviors are negatively affected (how much they spend, where they spend, and how they spend)
  • Online, phone, and in-store security is of equal concern to all consumers
  • Both UK and US consumers are concerned with how their security is stored in record
  • US consumers are more regretful than those in the UK that they did not do better at vetting companies regarding their security measures
  • UK consumers suppress their negative feelings regarding a breach longer, and take longer (or never return) to brands, compared to US consumers.

Dr. Gamberg: “The research indicates differences in measurable responses between consumers in the UK versus America, such as spending habits, customer and brand loyalty; and concern over providing personal data. However, all these behaviors are results of unconscious and conscious thoughts and feelings and cannot be accurately measured by self-report. The expression and internalization of these responses is highly personal and cultural. As a result, it is critical that this be considered in order to effectively mitigate past damage, and future efforts, to create trust.

“In addition to addressing the technical aspects of security, organizations must address what needs to be done to increase the emotional security of their customers. Ultimately, becoming proactive in setting the stage for more favorable, short-term, and long-term behavioral change will result in more loyal customers, and increased spending.”

Don't miss