Learn why GetApp is free

Data security processes: What do Australians expect from organisations?

Published on 30/05/2023 by Andrew Blair

As technology advances, so do the skills of hackers seeking to exploit system vulnerabilities. Therefore, in a fast-evolving digital ecosystem, businesses must anticipate cybersecurity challenges to give consumers confidence in data security. What do consumers expect from companies to secure their data?

Consumers approving a company’s data security processes

In the past financial year, the Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports —a 13% increase from the previous year. In light of rising threats to Australia’s digital-dependent economy, cybersecurity remains a high-level priority for all Australians, including small to midsize enterprises (SMEs).

The government has pledged $101.6 million over five years in the latest federal budget to support and uplift cybersecurity efforts in Australia. However, despite this responsive planning, SMEs will still face damaging threats as long as cybercrime continues to evolve. A cyberattack can have long-lasting effects on a company’s reputation and significantly impact its bottom line. What proactive data security processes can SMEs implement to instil digital trust among their customers?

In response to the ongoing cybersecurity challenges in Australia, GetApp surveyed 991 Australians who had carried out an online transaction in the past year to find out what concerns these consumers and what measures they currently take before making online purchases. In part one of this two-part series, we looked at the implications of data mismanagement for businesses and the effectiveness of a privacy policy in building digital trust. This second report dives into what data security processes consumers expect from companies and how transparent firms should be in communicating their efforts to mitigate cyber risks. We evaluate the role of data security measures in building consumer confidence. 

The full methodology for the study can be found at the end of this report.

What cybersecurity concerns do online consumers have? 

The ACSC’s latest cyber threat report highlights the increased number and sophistication of cyber threats and crimes such as extortion, espionage, and fraud. The report also highlights the danger of more sophisticated cybersecurity threats that make it easier for online criminals to replicate these crimes on a grander scale. 

57% are more concerned about cybersecurity than a year ago

Media attention from recent data breaches in Australia, such as those affecting Medibank and Optus, has naturally brought the topic to consumers’ attention and raised concerns regarding outdated safeguards. Unsurprisingly, the overwhelming majority (98%) of respondents express cybersecurity concerns, with 38% saying they are ‘extremely concerned'. 

Over half (57%) of survey-takers said they feel more concerned about cybersecurity than a year ago. Of these, the majority (58%) are worried about cyberattacks becoming more sophisticated and harder to spot. Similarly, the ACSC’s latest report on cyber threats highlights the sophistication of cyber threats as a rising concern. 

Increased consumer concerns about cybersecurity over the past year

The increase in the number of cybersecurity attacks and personal data leaks were each cited by 57% of respondents as further concerns about cybersecurity over the past year. Frequent media attention given to the topic may increase fears; however, SMEs looking to build digital trust with consumers must navigate these concerns and ensure they address them.

Raising cybersecurity awareness

SMEs can raise awareness around cybersecurity by informing their consumers about the processes and practices they have put in place to safeguard their data. Cybersecurity software aims to prevent unauthorised access to electronically stored data and protect against data theft, malicious data, and system misuse by third parties. When communicated to online visitors, the main features of the technology deployed can reassure consumers that proactive cybersecurity measures are in place.

According to the ACSC’s cyber threat report, fraud, online shopping, and online banking were the top reported cybercrime types, accounting for 54% of all cybercrime reports in the financial year 2021-22. Regarding consumer concerns, especially around online shopping, we asked respondents what they currently do to safeguard their data when purchasing online.  

What security measures do consumers take before purchasing online?

In a similar way that consumers often look for product or service reviews to help make purchasing decisions, online reviews also serve as an aid for potential customers to gauge trust in a company they plan to do business with. In fact, when we asked our survey field what measures they take for security when purchasing online, 44% said they read online reviews about the company. Furthermore, the next common measures included talking to friends to see if the company is reliable and researching a company’s reputation (each cited by 38% of respondents).

Online reviews give consumers confidence and encourage business 

SMEs can benefit from encouraging their customers to leave reviews online as these can provide a valuable trust signal for potential new customers. Also, good reviews are a reason many customers try a new brand. Companies can use review management software to collect testimonials and reviews, respond to negative feedback, and improve consumer perception of a product or service; for example, when customers report a safe and satisfactory purchasing experience. 

Payment security systems are the top trust signal for online purchases

GetApp’s 2022 Bring Your Own Identity (BYOI) Survey found that 71% of consumers opt out of online purchases because they don’t trust companies with their personal information. As online shopping was among the most frequently reported cyber crime types in Australia, consumers have every reason to be suspicious of data security and privacy before making an online purchase. However, when we asked our respondents which three elements they trust the most before paying for a purchase online, significantly, almost two-thirds (68%) said they trust a payment security system. Data encryption was the second most frequently cited factor, by 44% of respondents. The following graph indicates other key trust signals. 

Most trusted factors before consumers pay for a product or service online

Incorporate security features and data encryption at checkout

Shopping cart software ensures compliance with web payment regulations by enabling businesses to incorporate security features and data encryption into their eCommerce website. Use of this software to provide a secure payment system can help assure customers that their data is handled safely and securely at checkout.

How can companies make online consumers feel more secure?

Businesses must pay close attention to how customers perceive their data security processes. A clear majority (94%) of survey-takers agree they expect companies to be transparent about how they actively mitigate risks regarding data security, where 57% said they want to know exactly how companies are making their data secure, and 37% said they would like to have some more information.   

Consumers expect transparency about data security 

Companies that display full transparency towards how they protect consumer data online are more likely to win consumer trust. Businesses that wish to make use of this opportunity will need to carefully consider how they inform their customers about their security measures and processes, whether via a statement on their website, by email, or through other methods. Of the respondents that expect transparency, nearly two-thirds expect companies to be more transparent about handling sensitive data and report on how they actively mitigate risks by providing a clear statement on their homepage. However, many would like to be contacted personally via email or receive updates about security in the company’s email newsletter.

Bar graph displaying how consumers expect companies to be more transparent about how they handle sensitive data and how they actively mitigate risks

69% of respondents further highlight the importance of transparency, saying they would feel more secure if they knew about a company’s processes and guidelines to protect their data. Companies that have an incident response plan in the event of a data breach can go a long way to reassuring their customers that they have planned procedures and processes to counter the breach. Evidently, over half of respondents (53%) would feel more secure in a company’s ability to protect their data if they were provided with an incident response plan.

Prepare a data breach response plan

A data breach response plan should include measures and instructions on how to act in the event of a security incident such as a data leak, ransomware attack, or loss of confidential information.

According to the Office of the Australian Information Commissioner (OAIC), SMEs should establish a response team and review data security risks and potential vulnerabilities. Additionally, they must ensure tools, services, and policies are in place to respond to a data breach. A response plan can help businesses respond quickly and appropriately, which can decrease the impact on affected individuals and the company’s reputation. 

How will AI affect consumer trust in data security?

Artificial intelligence (AI), although not an entirely new technology, has drawn an exceptional amount of attention towards its uses, functionality, and ethics recently, with developments in AI tools such as Chat GPT or Bard flooding the media landscape. However, perceptions are changing as rapidly as the technology is evolving. We investigated the topic with regard to data security and digital trust to find out how this will affect consumers’ trust in companies employing these tools.

Interestingly, of the respondents that feel more concerned about cybersecurity compared to a year ago, only 28% said the implementation of AI in business processes contributed to their concern. This sentiment was echoed when we asked respondents to what extent they trust or distrust companies that implement AI, with the most common answer being ‘I neither trust nor distrust them’. 

Gauge displaying consumer level of trust in the implementation of AI in business processes

On the other hand, 71% of respondents were very clear that transparency regarding the use of AI is important to them (39% said it is ‘extremely important’, and 33% said ‘somewhat important’). In line with earlier findings, for companies to make consumers feel secure, even if they do not consider AI to be a major data security concern as yet, transparency is vital to gaining their trust.

Digital trust and data security expectations are built on transparency

Our survey data highlights public awareness of cybersecurity threats and indicates that many consumers want companies to inform them about the online security measures and processes they take to protect their data. At the same time, over 6 out of 10 respondents ‘somewhat’ (52%) or ‘strongly agreed’ (10%) that they are happy to share personal information if it means better, more efficient products or services. 

Businesses that want to improve their products or services with the use of customer data will need to provide customers with a vital element they seek when deciding where to place their trust –transparency.  

Amid the virtual battlefield of cyber threats and attacks, businesses must ensure they have systems and processes in place that actively mitigate risks and inform customers about their data security practices in their journey towards building trust. Businesses that couple transparent procedures with online security systems that provide reassurance to customers can reduce fears around cyber breaches. Regardless of size, companies can set themselves apart from the competition by demonstrating best practices for security. 

Looking for shopping cart software? Check out our catalogue!


To collect this data, GetApp interviewed 991 Australians online in March 2023. The candidates had to fulfil the following criteria:

  • Australian resident
  • Above the age of 18
  • Must have completed at least one of the following actions in the past 12 months:
    • Purchased a product or service online 
    • Contracted or hired services from an online platform 
    • Used an application to make a purchase or hire a service
    • Created or used an account in their name on a social network
    • Used online banking

NOTE: This document, while intended to inform our clients about the current data privacy and security challenges experienced by companies in the global marketplace, is in no way intended to provide legal advice or to endorse a specific course of action. For advice on your specific situation, consult your legal counsel.

This article may refer to products, programs or services that are not available in your country, or that may be restricted under the laws or regulations of your country. We suggest that you consult the software provider directly for information regarding product availability and compliance with local laws.

About the author

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.

Andrew is a Content Analyst for GetApp, giving SMEs insights into tech, software and business trends. Interest in entrepreneurship, furthering projects and startups.