Ransomware attacks reduce customer loyalty

Report indicates that consumers are likely to avoid conducting business with an organization that has experienced a cyberattack.

  • Thursday, 30th April 2020 Posted 4 years ago in by Phil Alsop
Arcserve has released results from new research that measures how cybercrime influences purchasing behavior and brand loyalty. It found that while most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can.  

 

A survey of nearly 2,000 consumers across North America, the United Kingdom, France, and Germany, found that 70% believe businesses aren’t doing enough to adequately secure their personal information and assume it has been compromised without them knowing it. And, as consumers become more educated and cyberattacks become well-known, perceived trust becomes more influential in their purchasing decisions, with the study also finding that:  

·         Nearly nine of ten consumers consider the trustworthiness of a business prior to purchasing a product or service; and, 

·         59% of consumers would likely avoid doing business with an organization that had experienced a cyberattack in the past year. 

 

These findings suggest businesses must manage uncharted challenges with the rise of cybercriminals now making breaches public, regardless of ransoms paid.   

 

Consumer Tolerance Threshold  

Cyberattacks have arguably become the largest business threat, however the quantifiable impact on consumer behavior has not been widely understood. The study found that one in four consumers will abandon a product or service in favor of a competitor after a single ransomware-related service disruption, failed transaction, or instance of inaccessible information. It also found that tolerance for these events quickly deteriorates, with: 

·         Over 66% of respondents citing they would turn to a competitor if an organization couldn't restore systems and applications within three days following a cyberattack; and, 

·         Over a third of those would be willing to switch after a mere 24 hours of waiting to access their information or make a transaction.  

 

Moreover, the potential damage doesn’t stop during or shortly thereafter a cyberattack event. More than eight in ten respondents admit to sharing their negative, ransomware-related experiences with family, friends or colleagues, posting about their experiences online, or emailing about the incidents. 

 

Certain Industries Fare Better Than Others  

While the report concludes that consumers are generally intolerant of cyberattacks, there are a few industries where businesses are under even more pressure to keep data secure and operations running. The survey found that: 

·       Nearly half of consumers would walk away from their banking or securities provider immediately upon experiencing a ransomware-related event which prohibited them from transacting or accessing information; and, 

·       43% would immediately seek out a competitive communications product or service. 

 

While there are many negative ramifications caused by cyberattacks, businesses that take proactive steps and mitigate ransomware quickly will benefit in the long run. Over half of respondents would be willing to pay more for products and services they believe to be more reliable and secure in the banking and securities industries, and over 40% would pay more if they believed products and services were more secure from companies in the healthcare, insurance, and retail categories.  

 

“Consumers are clearly already hesitant about working with companies hit by cyberattacks, and they just won’t tolerate disruption as businesses figure out recovery and remediation plans after-the-fact,” said Arcserve CTO Oussama El-Hilali. “The findings represent a stark warning for all organizations given that one in four of their customers will be gone immediately upon disruption, with many more losing patience within 48 hours. Businesses must do more to ensure they’re protecting their data from cybercriminals and mitigating the chance they’ll experience extended downtime. We recommend a two-pronged approach where cybersecurity, backup and disaster recovery are deeply entwined.”