The continuous evolution of digital transformation is outstripping the pace of cybersecurity in organisations. As a result, we’re witnessing a fundamental disconnect between consumer expectations and concerns, and the ability of organisations to meet those expectations, according to KPMG’s Consumer Loss Barometer report.
The global survey of more than 2,000 consumers and 1,800 Chief Information Security Officers (CISOs) was conducted to assess whether there has been a shift in consumer expectations regarding digital trust, and whether organisations are placing the consumer’s security front and centre of their digital product offerings.
KPMG’s study found that consumers continue to have reservations about the possible misuse of their private details, with 69 percent of consumers globally reported concerns about their technology being compromised. In particular, respondents from Malaysia are most concerned about apps (95 percent), Wi-Fi (82 percent) and cloud (77 percent) being compromised. It was further discovered that 49 percent of consumers from Malaysia said they have had their financial information compromised, higher than the global average of 37 percent.
On the matter of trust in social media and cloud platforms, 48 percent of consumers in Malaysia indicated they limit the amount of personal data stored online due to security and privacy concerns. Moreover, 45 percent indicated that they would like companies and organisations they interact with to disclose measures taken to protect their privacy and security.
On the other hand, two-thirds of CISOs say they prioritise financial loss and reputational risk over the impact on customer trust. According to the Executive Director of KPMG’s Emerging Tech Risk and Cyber unit in Malaysia, Ubaid Mustafa Qadiri, the mismatch between consumer expectations and security executive priorities is a grave concern.
“It’s clear that organisations are still prioritising their bottom line ahead of consumer expectations and concerns, despite the opportunity to use effective cybersecurity strategy to build consumer confidence and engagement. Companies should not wait until an incident occurs to act; in times of crises, consumer trust will be lost,” Ubaid cautioned.
In the event of a breach, consumers prefer compensation (42 percent) and proof of a fix (35 percent) over an apology (24 percent). Conversely, CISOs say they would prioritise an apology over provision of those details (47 percent and 8 percent respectively).
Ubaid commented, “As technology innovation progresses, consumers are revising upward their expectations on how organisations deliver digital products and services, and expect security as integral to their digital experience. The gap in expectations between consumers and enterprises offers a tremendous opportunity for forward-thinking organisations to redesign their relationship with their customers, putting trust at the centre of how they do business. For organisations that have prioritised on building their cyber resilience capabilities, now is the time to extend this message to their customers.”
Other notable global findings of the survey:
— Value within the organization: The vast majority (83 percent) of CISO respondents brief their board on at least a quarterly or semi-annual basis, demonstrating that executives now rate cybersecurity threats as a significant risk to organisational growth. But when cyber is omitted from the digital business value chain, a trust ecosystem is not delivered and a significant commercial opportunity is missed.
— Mobile technologies: 75 percent of consumers said they were concerned about theft or misuse of personal information collected by their mobile device. Mobile device makers and network providers can differentiate themselves by building consumer trust in digital channels for such sectors as healthcare and banking, not just in the mobile products and services they provide.
— Shared responsibility: Almost half (47 percent) of consumers believe that their financial institution should have full or joint authority for ensuring that mobile devices used for banking are secured. Whether or not financial institutions regard it as their responsibility, they need to show they take the security of their customer’s information seriously, both in their clients’ interactions with them and their clients’ broader security needs.
To read KPMG’s report and view statistics out of Malaysia, visit www.kpmg.com.my/