Introduction

Do you know what is more important for an entrepreneur or for a company other than profit making? It’s the reputation of that business in the market, in other words- Goodwill or Brand value. Haven’t you heard before that when a company’s representatives or a start-up seeks investment or funding from an investor(s), they have to do a valuation of their business before meeting their potential investors? Surprisingly, even while calculating the valuation of a company, its goodwill or brand value as of that date is also considered.

Since the brand value of a company is an intangible asset and is based on the trust and perception of the end-users or consumers, it becomes quite essential for every business to maintain that trust and relationship with their customers and users in order to be profitable.

Now this trust as discussed above is always at risk, due to factors such as- competition in the market, quality of the service/product offered, privacy issues, and many such other factors could affect the trust and relationship between the business and its customers and users. As the phrase rightly claims- “Customer is the King.” In this day and age, it is easy for businesses to reach out to a wide audience, thanks to the Internet. With the internet, today any business can easily be established and anyone can sell and provide products and services to anyone. 

The only concern or issue  that we tend to neglect is with regard to the privacy of the customers or the users of such products and services. Neglecting this issue could drastically impact the brand value of the business, and in this blog we will discuss privacy concerns that arise from data breaches and how it impacts the brand value.

       Impact of Data Breaches on Brand Value

To understand the current topic we rely on a report published by Infosys, titled, “Invisible Tech Real Impact.” This report takes into account the top 100 most valuable brands and talks about how privacy issues such as data breaches directly impact the brand value of the business. Since the brand value of a company is an intangible asset and is based on the trust and perception of the end-users or consumers, it becomes quite essential for every business to maintain that trust and relationship with their consumers and clients in order to be profitable. With the shift towards a digital economy, consumers globally prefer their privacy over every other concern.

Did you know?

1. The year 2021 witnessed an increase in data breaches because every business and organization shifted their work to the online mode, which led to such breaches.
2. There was a sudden hike in the average cost of a data breach after almost 17 years, and the cost rose from US$3.86 million to US$4.24 million on an annual basis. 
3. The most common data breaches were of users’ credentials being stolen. The average cost of such breaches was US$4.3 million.
4. Almost 36% of the breaches reported were connected to phishing attacks. Google identified nearly 2 million phishing websites in January 2022.
5. The year 2021-22 also witnessed a sudden rise in android banking malware.
6. Even social engineering attacks were at their peak in the year 2021-22.

1. If we talk about Financial services (Investment banks, Insurance service providers, Credit/Debit card service providers, and Retail banks), it becomes quite obvious that they hold a lot of personal data or personally identifiable information of their customers, and cyber-criminals are often looking for such data. Hence, privacy issues such as phishing with the aim to compromise the users’ account credentials to gain unauthorized access becomes a prevailing concern in the financial sector. The report states that cyberattacks occur 300 times more in this sector. The cumulative value at risk (both monetary loss and loss in brand value) due to such data breaches in this sector is almost as high as $2.6 billion. Whereas, when it comes to traditional banks then the risk is almost up to 16-17% of their brand value.

2. Technology companies are also at great risk- A recent survey states that 94% of telecom operators and experts confirmed that data breaches would increase with the advent of 5G technologies. Moreover, the cumulative risk including both the monetary and brand value amounts to as high as $29 billion. 53% of which represents the cumulative brand value of these technology companies. 

3. The next on the list will be Consumer Brands (including- beverages, baby products, personal care, and food). As consumer brands are increasingly adopting the digital pathway, the potential threat to these brands is also rising. With an estimate of up to $4.3 billion at risk due to cyberattacks. As per a leading cybersecurity company’s statements, there has been a rise in cyberattacks against the manufacturers of these consumer goods by seven times in the year 2020-21.

4. Automotive brands– The auto brands face reputational risk which can go up to 9% of their total brand value.

5. The Media industry is also exposed to cyber threats, as it operates in the digital space. Hence their users are also exposed to such threats. The potential of such attacks such as disruption of service due to unauthorized access to their users’ accounts and data without their consent is always there. The OTT platform’s potential brand value at risk due to such threats is nearly 60% of its net income. Whereas, for audio streaming platforms the percentage is nearly 400% of their net income.

6. Business services such as SaaS, Networking services, and other related services. As these services handle a vast amount of corporate data and it is often on the list of cyber-criminals. The cumulative brand value at risk could be high as $3.5 billion, and in some cases, it could be high by 111%. The work-from-home format during the pandemic has also led to an increase in such data breaches in almost 20% of organizations.

Solution: Building a privacy culture and ecosystem

1. Awareness about digital privacy- The first step to instilling a privacy culture and contributing to the privacy ecosystem of the organization should be taken by the organization’s management. They will have to take the first call to introduce the concept of digital privacy and make this concept familiar to the entire organization through various seminars, conferences, team meetings, campaigns, and conducting many other social events. Nowadays, every organization be it tech or non-tech, consumes a lot of customer data and even their employees’ data too. Hence, it is essential to have a robust privacy ecosystem. This can only be achieved by educating the entire organization about the issues pertaining to data privacy and its impact on the organization’s reputation. 

2. Understanding the law- The second stage is where the management level members and all the employees from different departments are to be taught about the governing laws regarding data protection & privacy. This stage is more like an extended version of the first stage, as just awareness about data privacy would not impact much. But by teaching them what each data protection law mandates, the technicalities, the compliance requirements, etc. If each employee is equipped with some of the basic privacy skills and knowledge, the organization will soon be privacy ready along with a robust privacy ecosystem.

3. Training the employees and complying with industry standards- – This is another way of promoting a privacy culture inside an organization by way of training. Training your employees with the relevant skillset is a practice especially followed in the privacy domain today. Moreover, hiring employees with such a skill set is the new trend. It doesn’t matter which position you are applying for, having an additional skill set in privacy is an add-on. There are a few certifications that are recognized as industry standards, and it is considered essential standards of practice in multiple industries today. ISO standards are among them, along with IAPP’s certifications such as CIPP, CIPT, CIPM, etc., are some trending certificates that are seen as relevant in this domain, and people with such certifications have the edge over others.

4. Investing and developing your security programs and practices- It is quite evident that if the organization has a privacy security program, then the same must be utilized. A security program would help the organization to keep track of all the data that was generated, shared, and used, along with the relevant timelines, the purpose of such data, the retention period, etc. Recording such details about the data in an organization is considered an essential practice, and for such practices to be followed requires investment. Hence, investing in security programs would promote the privacy culture and make the organization’s privacy ecosystem much stronger.   

5. Choose vendors and other third parties wisely- Another important aspect that an organization should not neglect is to choose vendors and other third parties with whom the organization will share the data, either of their customers or employees.  Everything must be duly recorded, and such transactions should be governed by written contracts with clauses stating obligations upon such vendors and third parties, especially in the event of a data breach or any other potential dispute occurring out of a breach of any of the clauses partially or wholly. 

Conclusion

From the above statistics, we can easily draw the correlation between data breaches and their impact on the brand value of businesses. Every business runs on faith and trust between the business and their users, privacy issues pertaining to data breaches risk not just a handful of their users but every user data becomes a target. This is why countries have been implementing their own federal and state laws on data privacy and consumer safety and businesses are required to comply with those laws if they are processing the personal data of their users. These laws give a wide range of rights to the users such as- right to access to their data, right to deletion/correction of their data, etc.