Businesses have long been told about the value of good customer experience as a competitive differentiator and the importance of building loyalty and trust for brand longevity. Yet, for the most part, cybersecurity has not featured prominently in these discussions.
Cybersecurity measures are vital to protect a business, but they’re also an important way to strengthen trust, loyalty and transparency with customers.
As customers increasingly value the protection of personal information, businesses have an opportunity to develop a competitive advantage with a robust security strategy and response.
Sarah Jarvis, communications and propositions director at loyalty specialist Eagle Eye, pointed to Target as an example of customer-centric incident response.
A little over a decade ago, cyberattackers stole the financial and personal information of as many as 110 million Target customers.
The retailer’s efforts to recover from the incident demonstrate several effective strategies for rebuilding customer trust, with a focus on transparent communications, according to Jarvis.
“Despite criticism for the initial delay in notifying the public, Target communicated transparently with customers about the incident and its response efforts,” Jarvis said.
As the number of incidents grows, brands can expect consumers to become more discerning about how their personal information is protected. This presents both a challenge to develop customer-centric incident response planning and an opportunity to use cybersecurity measures to support their CX efforts.
Developing customer-centric cybersecurity
A best-practice customer-centric response will support those affected, aim to minimize regulatory and reputational damage, and reduce the overall negative impact of a data breach, according to a 2024 Deloitte report on taking a customer-centric approach to a data breach.
The customer response needs three key components: notifying affected people with details of the incident and remediation activities; resources to quickly handle an increase in customer queries and provide appropriate information; and offering protective services such as dark web monitoring to limit exploitation of personal information.
When faced with a cyber breach, brands adopting a customer-centric response need to demonstrate competence and consider the impact on the customer, according to Jarvis.
“It could help to enhance the brand’s reputation over the long-term as a trustworthy and reliable organization,” Jarvis said.
Target bounces back
A loyal customer base and the strong brand reputation provided Target a foundation of support during its 2013 crisis.
“The retailer's positive relationships with customers helped to mitigate the impact of the breach on its reputation and customer trust,” she said.
There was substantial work to be done in the aftermath. Target increased the number of customer service employees to rebuild trust and renewed the brand’s commitment to improving security.
After the CEO and president stepped down, Target strengthened its security systems on the back-end, including better system monitoring and more two-factor authentication for staff accounts, and rolled out more secure Target-branded credit and debit cards.
With a multi-pronged approach and transparency about the remediation efforts, Target was able to begin rebuilding trust and maintain loyalty.
“It reassured customers the company was taking steps to protect their data and prevent similar breaches in the future,” she said.
The link between cybersecurity measures and CX
Growing regulatory requirements and the threat of fines and other penalties for cyber incidents have increased substantially in recent years, which has directed the priorities for cybersecurity and business considerations.
Organizations tend to think about cybersecurity in terms of regulatory requirements and risks and what that could mean for their business, according to Robert Boyce, managing director of security and global cyber resilience services lead at Accenture. However, this may inadvertently reduce customer experience considerations in relation to cybersecurity.
“The focus on regulatory compliance could lead to a neglect of the customer experience, potentially resulting in a lack of focus on managing customer fallout,” Boyce said.
There’s an opportunity for more organizations to lean into digital trust — the notion that the brand values the protection of customer data — as a differentiator when it comes to their customers.
“Outside of financial institutions, I’d expect to see it used more, given its importance in today's data-driven world,” Boyce said.
However, if a business focuses on regulatory cybersecurity requirements at the expense of meeting customers’ desires on data security, it could find itself falling out of favor with customers who don’t know what the business is doing to keep their data safe.
“Customers are still willing to give away their data for small favors, but there may come a point where they refuse to do so,” he said.
Similarly, Jarvis thinks the relationship between cybersecurity and customer loyalty may become even more intertwined as incidents become more common. Businesses can mitigate risk while strengthening customer loyalty by demonstrating a commitment to protecting customer data and communicating such pledges to customers.
“Let them know that you’re prepared for emerging threats, such as ransomware, data breaches and social engineering attacks,” Jarvis said.
