Last night, I was scrolling through the BBC website to get an update on the English premiership results. I was suddenly taking aback, when I saw a headline that read: “Almost 2,000 Vodafone customers’ open to fraud.” As a Vodafone UK customer, I was worried and read through the complete article. In the statement, Vodafone said criminals may have potentially gained customer names, their mobile phone numbers, bank sort codes and the last four digits of their bank numbers.
About a week ago, a cyber-attack occurred on the Talk Talk’s website. The broadband and phone provider believe that the personal and banking details of about four million customers could have been compromised. Non-encrypted customer data like names, addresses, date of birth, email addresses, telephone numbers and bank details were believed to have been at risk. The share price of Talk Talk dropped by 10% at the London Stock Exchange upon the news of the Cyber-attack.
How far is too far?
1) The nature of data accessed: A consumer’s trust for the digital credibility of a company is likely to wane if important details are breached. The trust of the customer will not be so stretched if only their emails are accessed by a cyber-attacker. The trust of the customer is expected to be pushed to the limit when more sensitive data such as bank account details and date of birth have been obtained.
2) Proportion of customers affected by a cyber-attack: The total number of customers affected as a proportion to the total customer base determines how far is too far with a customers’ trust. With the case of Talk Talk, it is believed that hackers gained access into about 1.2 million email addresses, names and phone numbers. Shockingly, they were able to access about 21,000 unique bank account numbers and sort codes. Talk Talk further revealed that these hackers also retrieved a maximum of 28, 000 obscured credit and debit cards (with the middle six digits removed) and 15,000 dates of births. With an estimated customer base of 4.1 million, the total number of customers affected is more significant than that of Vodafone. It is stated that about 2,000 out of the 19.5 million Vodafone UK customers have had their details compromised. The company stated that the information gained by hackers is not enough to access customers’ bank accounts.
3) The rate of response: A customer’s digital trust for your company depends on the speed at which you act when there is a cyber-attack. When I read the news about the Vodafone Cyber-attack, I was perturbed but as I read the actions taken by the company my trust and confidence was kept in shape. The company took decisive steps in contacting the customers and their respective banks immediately.
4) Speculation Vs Accuracy of data: The gravity of the cyber-attack on Talk Talk was a bit speculative when the first statement was made. The nature of data accessed and number of affected customers were unknown. On the contrary, Vodafone came out of the blocks with an exact number of affected customers of about 1827. Vodafone also stated the customer information that was likely affected by the Cyber-Attack. Important data like customer name, sort codes and last four digits of the bank account was likely to be accessed by hackers. As customers, it is important for companies to relay actual numbers of affected persons as quickly as possible, than mere generalisation. Speculative statements in the face of cyber-attacks do stretch the customers trust beyond the point of no return.
5) The frequency of cyber-attack: My trust as a customer for the digital security put in place by a company will be lost when there are too many cyber-attacks. One cyber attack in a couple of years is not as bad as three cyber-attacks in 12 months. Talk Talk customers are believed to have expressed their utter frustration for what is believed to be the third cyber attack in 12 months. The irony is that this cyber-attack took place during the “get safe online week.”
6) Nature of advice during cyber-attack: The nature of advice issued out to customers in the wake of a cyber-attack determines their digital trust for a company. An infuriated Talk Talk customer said telling customers to keep an eye on their accounts does not cut it as an advice. In the case of Vodafone, the affected customers are being contacted and they are being helped to change their accounts. There is a big difference between the two companies. Talk Talk puts the responsibility on customers to watch their account while Vodafone is contacting and helping customers change their account details. One makes the customers trust wane and the other wax.
7) Emotional intelligence: Companies are expected to be emotionally aware of their customers’ fears and goals, as such effectively manage stressful situations like cyber-attack more effectively. Communication is a key part of managing customer emotions. What a company says and how it says it is very important to safeguarding customer trust. In the wake of the cyber-attack, Talk Talk initially stated that all customers may have been affected and that they should keep an eye on their accounts. This caused much panic amongst Talk Talk customers and they complained about being unable to get through to customer services. On the flip side, Vodafone stated an exact figure of 1827 affected customers and promised to reach out and help these affected customers change their accounts. Without attempting to pass a verdict, one company seems to be emotionally aware of the stress a cyber-attack threat could cause to a customer and effectively putting out an exact number of affected customers than mere speculating and also offers to reach out and help customers. A brands emotional intelligence in these situations is vital in maintaining or losing consumer trust.
Trust in the security of data in a digital age is gaining much importance; companies are expected to ensure customer details are not compromised. In the face of cyber-attack, the measures put in place by a company will determine if her customers trust will wane or wax. In the words of Frank Sonnenberg: “Trust is like blood pressure. It’s silent, vital to good health, and if abused it can be deadly.”