Organizations and governments are already in a trust drought from 2021’s spectacular cyberattacks: take action NOW to regain some public trust!

Data breaches are costing organizations in South-east Asia an average of US$2.6m per incident, and that excludes data breached by government or government-linked critical infrastructure.

Amid the intense and spectacular ransomware and supply chain attacks of 2021, many experts have already recognized a global trust drought among consumers and citizens.

According an App Attention Index by Cisco AppDynamics, security was the Number One component of a what consumers expect of a high performing ‘total application experience’. Some 90% of respondents in that survey indicated that their expectation of brands to keep their data secure had increased since 2020, according to the firm’s CTO, Gregg Ostrowski, Executive.

So, as data privacy in 2022 continues to stand out as a major focal point, here is a summary of some experts’ views for corporate leaders to consider when planning and enforcing data protection measures:

  • On building the consumer trust
    Forrester Principal Analyst Xiaofeng Wang has observed: “Companies in APAC are lagging behind their peers in the West in consumer data privacy practices. To earn consumer trust and ultimately win competitive advantage, they should adopt a privacy-first approach.”

    In APAC, according to Wang, 30% of consumers polled in one study had indicated that a brand’s commitment to consumer data privacy had a big impact on their purchase decision. In another survey, 72% of respondents in China and India (50% in Australia) indicated that they active measures to limit the collection of personal information by apps and websites.

    Wang zoomed in the need be transparent and granular about data collection and usage and communicate clearly to data stakeholders that “the value is not just in (giving up personal information for) free content or free samples but to get the following benefits back in return:  better personalization, more customized services, and products that ultimately yield better customer experiences.”
  • Not all CX friction is bad
    Another expert, Richard Marr, Auth0, commented that identity authentication and privileged access management have to strike the right balance between convenience, security, and privacy. How these factors are managed can make the difference between building customer trust and telling the customer to go elsewhere.

    Citing an example of how a savvy customer, when changing his bank details in an app, will actually be concerned instead of relieved when the app does not impose an additional authentication layer in the process. “Good friction is friction any user would expect, based on the risk of someone else logging into the user account, unauthorized.

    Security best practices like adaptive Multi-factor Authentication and Breached Password Detection are examples of good friction. They interrupt the customer journey only when needed, and provide valuable reassurance that a business has a good handle on the security of their users’ accounts.”
  • Good EX fosters good CX
    Employee experience (EX) directly influences the quality of customer experience (CX), according to another Forrester analyst, Heidi Shey.

    When employees trust their employers, that has an impact on how they perform. Shey said: “In one survey, as many as 72% of employees polled globally did not want their personal data used as part of workforce analytics projects without their consent; 54% wished they had more privacy protection in the workplace; and 47% took active measures to limit the amount of personal data they shared with their employers.”

    The data indicated that employee privacy expectations were changing, and organizations now need to apply high standards of data privacy internally as well. Shey argued that technologies to put employee privacy practices in place (even in remote-working environments) were already available, such as privacy and anti-surveillance tools; concierge cybersecurity services; and home cybersecurity services.
  • Automating Subject Rights Requests helps
    According to Andy Teichholz, Global Industry Strategist (Compliance & Legal), OpenText felt that employees and consumers alike are now more empowered than ever to exercise their data privacy rights. “They want to understand how their data is used, and they want to access, correct, delete, and restrict use if necessary, via submitting Subject Rights Requests (SRRs) and reclaiming control of their data.”

    To meet SRR demands amid a scarcity of resources, organizations should embrace process automation and apply case management tools that best track its performance and effectiveness, said Teichholz, adding: “A well-executed program that delivers a strong experience will be critical to improve customer satisfaction and loyalty.”

Finally, Jeffrey Kok VP, Solution Engineers (Asia Pacific and Japan), CyberArk, has predicted that “securing access to sensitive data from remote employees will be big in 2022.” His rationale: software bots—particularly those in charge of automated identity verification, MFA and SRR management processes—are also targets of cyberattacks. “Those bots can put your data at risk as well,” Kok said as a reminder for all organizations to focus on a holistic approach in securing the entire organization’s infrastructure and minimizing exposure to supply chain vendor risks.