Data security is a major concern for both companies and online consumers. As more and more services run on data, protecting the information gathered and generating trust is vital. How can small to midsize enterprises (SMEs) build company trust during the more formative stages of their development when that initial public confidence must be earned?
In this article
- 37% of online consumers have higher cybersecurity concerns this year
- Participants want more government regulation of companies’ data practices
- Data transparency counts amongst consumers
- Despite concerns, consumers are willing to share data with reputable firms
- 64% want better AI transparency from companies
- Consumer trust lessons SMEs can use
As we saw in part one of our analysis of online consumer digital trust, data sharing requires a high level of confidence from around half (49%) of participants and a majority (81%) said they were nervous sharing information online with companies. What can firms do to counteract these worries?
In this second report, we asked our sample of 1,011 UK online consumers for more information on these concerns, as well as their expectations on how companies should mitigate data security risks. From this, we hoped to learn what lessons SMEs can take to implement best practices that will help win consumer confidence.
Our full methodology can be found at the end of this article.
37% of online consumers have higher cybersecurity concerns this year
We already know a high level of trust is needed before a consumer will share personal information. However, cybersecurity risks present a significant challenge to this.
We asked our sample about their current levels of concern about cybersecurity in general. Over three-quarters of the participants expressed worries about security. Whilst 46% of this group were ‘moderately concerned,’ a further 31% said they were 'extremely concerned'.
Did you know?
The National Crime Agency (NCA) identifies four common cyber threats that firms should remain vigilant against to protect sensitive information such as passwords, personal data, and money from being stolen from customers and the business.
- Distributed denial of service (DDOS) attacks - malicious attempts to disrupt website traffic by preventing users from accessing services
- Hacking - direct attacks and breaches from cyber criminals
- Malicious software - programs designed to breach and override security measures
- Phishing - emails impersonating a company or organisation’s communications and encouraging consumers to reveal personal information
Furthermore, we saw that 37% of our sample reported feeling more concerned about cybersecurity than last year, although 51% reported the same level of concern as they had in 2022. We asked this group what led to their heightened anxiety, which uncovered a number of reasons.
We’ve already seen in our first report that about half (51%) of our sample has suffered from a cybersecurity breach of some variety. Therefore, it has not been surprising to see these elevated levels of worry among online consumers, especially regarding factors such as a rise in cyberattacks and the difficulty of spotting increasingly sophisticated breaches.
However, what would online consumers like to see done to address these issues? In the next few sections, we’ll explore their expectations.
Participants want more government regulation of companies’ data practices
The government already has oversight on data protection in the commercial sphere and sets minimum standards of what companies should have in place for handling customer data. However, do these laws provide enough protection?
We queried our sample about their feelings on the government regulations on how businesses protect data. Whilst many (a combined 69%) believed that current UK laws had enforced better data practices, 48% of our sample said that the government could do more.
Tips for SMEs
The UK’s Data Protection Act (2018) sets standards on how personal information can be used by businesses and organisations. These currently require companies to adhere to the following practices:
- Data should only be used for specific, transparent, and lawful purposes
- Information shouldn’t be kept for longer than necessary to carry out the task it was collected for
- Data should be handled securely to protect it from unlawful or unauthorised processing
- Sensitive data such as race, political opinions, health information, and religious beliefs requires extra levels of security and guarantees of user consent
Furthermore, we also saw strong support for the government’s role in enforcing data security rules. 70% of our participants expressed the view that all companies should be forced by law to implement better security practices.
The online consumers in our survey also had strong views on how companies should be treated when they didn’t respect data security laws. We asked participants what penalties they felt should apply to companies that did not comply with personal information regulations.
There is no doubt that online consumers feel strongly about how companies handle their data, and they wish to see standards met. With concerns around cybersecurity increasing, they are increasingly looking for reassurances that rules are in place to ensure their information is protected and used correctly.
This is a factor businesses should consider when trying to attract customers. Designing processes with best practices that meet legal standards is a priority. It is clear from our findings that consumers do not like corners being cut with their personal information, and therefore it is vital to demonstrate that the government guidelines are being carefully followed. When it comes to customer data, there are no shortcuts.
Data transparency counts amongst consumers
As we’ve seen in both parts of this report, many consumers are worried about their data being compromised. They are also keen that minimum standards are met. What, therefore, would they like to see companies do to provide those reassurances?
We investigated in order to understand how companies should seek to win digital trust.
A combined 89% of our sample wished to have more information from firms on how data risks are prevented. Most of this group (45%) wanted to know exactly how companies would keep their data secure.
We also asked these participants which methods they would like companies to employ to achieve better transparency. Most (64%) wanted to see firms give a clear statement on their homepage about how they would protect data. However, others wished to be informed on the subject by personal emails (51%), email newsletters (43%), and app notifications (34%).
Additionally, nearly two-thirds of our entire sample (65%) felt that companies could make them feel more secure if they were provided information on the data risk mitigation processes and guidelines used to secure their data.
What do consumers expect when there’s a breach?
We’ve already seen how firms can potentially earn the trust of consumers in normal circumstances. Yet, what are the expectations when there is a data security breach?
Trust is easily lost when a security incident occurs. However, some of the reputational damage can be limited when companies take decisive and effective action to secure their data.
Our sample identified several measures they wished companies to take in the event of information being leaked or stolen:
- A notification of the breach (63%)
- The introduction of additional security protocols (57%)
- Instructions provided on how to secure user accounts (56%)
- A report being made to a governing data protection body, such as the Information Commissioner’s Office (ICO) (54%)
Tips for SMEs
ICO also lists various recommendations for how firms can monitor for data incidents effectively. To respond and to avoid future breaches, companies are recommended to put plans in place to:
- Analyse data breaches to avoid future occurrences
- Arrange external data practice audits and compliance checks
- Conduct internal audits of data protection compliance
- Create business targets for data protection compliance
- Share relevant findings from these checks with key stakeholders
It seems that the transparent reporting of incidents and proactive responses are the most important details consumers want to know when a firm suffers from a data security incident. It is impossible to secure absolute guarantees of safety, but demonstrating the capability to quickly and transparently respond to issues and take appropriate action can do a lot to limit reputational damage.
Despite concerns, consumers are willing to share data with reputable firms
Consumers place high value on the principles of data protection, as our results have shown so far. However, what steps are they taking to learn how companies observe these principles?
We investigated this by asking our sample how they assessed the trustworthiness of companies online. The most common reasons we observed came down to a couple of factors, such as open communication and good word of mouth, as shown by the graph below.
We then asked our sample what they do to assess the level of cybersecurity protection they can expect from firms. The most commonly cited measures taken were to read online reviews (48%) and research a company's reputation (32%).
However, technical factors were also taken into account, such as the use of security certifications like SSL (30%) and whether companies had earned security accreditation such as badges from protection bodies and seals of quality (27%).
Tips for SMEs
Companies can use reputation management software to better understand what consumers are saying about them online. This can help address concerns and manage any issues with products and services that are being discussed on blogs, social networks, and other web spaces.
Technical features were also highly important to our sample as trust signals when it came to sharing data for payments and purchases. The most trustworthy elements our respondents wanted to see in this regard were the following:
- Payment security systems (selected by 70% of participants),
- Guarantees of data security via compliance with UK GDPR (46%)
- Data encryption (45%)
We also observed that many of our sample (34%) placed a good level of trust in cybersecurity technology that companies can use to protect data. Naturally, companies often don’t disclose the exact software they use to protect personal information for security reasons, which could explain the 47% of respondents who neither trust nor distrust these measures.
However, even if the precise providers or programs aren’t named, it seems sensible to advise consumers that protection systems are used to protect data at some level. Considering that 89% of our sample wanted to know more from companies about how they protected data, this could be valuable information to share with them.
Tips for SMEs
There are a number of software tools that companies can use to help keep their data secure. Some notable examples include:
- Cybersecurity software - to protect electronically stored data against hackers
- Cloud security software - to secure consumer data stored in the cloud
- Encryption software - to ensure data cannot be easily accessed if stolen or leaked
- Website security software - to prevent malware, DDoS attacks, phishing, and other cyber attacks on websites
What can encourage users to share their data more willingly?
In our findings, we observed many possible incentives that firms could potentially use to improve the likelihood of consumers agreeing to share their data. However, which are the most effective in this regard?
We asked our sample to rate their level of agreement with a number of possible options.
It was interesting to observe that a significant number (a combined 56%) indicated a preference for paying for products and services rather than receiving them for free in return for sharing their data. This seems to indicate a level of awareness that ‘freemium’ (i.e. a basic offering free at the point of access) products and services aren’t really free, as data is the transactional element used.
64% want better AI transparency from companies
Another area where digital transparency has been in the spotlight lately has been the rise of artificial intelligence (AI) tools. Chatbots running systems such as Chat GPT or Bard have been making headlines and growing in the public’s awareness. However, many businesses make use of AI in their processes and, in numerous cases, may allow autonomous software access to users’ personal information.
Given the low levels of comfort seen amongst consumers sharing data with non-human interfaces like chatbots in our first report, does using AI create an issue of trust for companies in terms of data?
We found that AI trust is still relatively low, with over a third of our sample indicating the lowest levels of confidence in its use by companies.
Additionally, when asked about the level of transparency expected from companies with AI at work in their processes, we also observed a desire for clarity. In total, a combined 64% of our sample said that transparency about the usage of AI was important to them. In fact, the largest group (32%) of respondents said this factor was ‘extremely important’ to them.
The lesson we can take from this is that consumers still see sharing data with AI as a risky venture. Additionally, when data is shared with these autonomous systems in any form, transparency of their use is vital to avoid harming long-term trust in company practices.
Consumer trust lessons SMEs can use
Consumer trust is something companies must take seriously to keep growing their business. We’ve seen that customers are all too aware of the risks that come from sharing data and need assurances before they share their information.
The key lessons that SMEs can learn about data trust from these findings include the following:
- Consumers in the UK seem to have a high level of concern about data privacy and cybersecurity
- More data governance is desired by our sample, and companies should demonstrate compliance with rules that already exist
- Trust requires transparency no matter whether it’s to do with data collection or the use of AI
- Consumers are more likely to share data with reputable firms that provide assurances of good data practice and evidence that data will help improve products and services
The data for GetApp’s Building Digital Trust and Identity 2023 Survey was collected in March 2023 and comprises answers from 1,011 respondents. We selected our survey sample based on the following criteria:
- UK resident
- Between 18 and 75 years old
- Has shopped online, created or used a social media account, contracted services from an online platform, used an app to purchase or hire a service, or used online banking within the last 12 months
NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.