Data security processes: What do Australians expect from organisations?

As technology advances, so do the skills of hackers seeking to exploit system vulnerabilities. Therefore, in a fast-evolving digital ecosystem, businesses must anticipate cybersecurity challenges to give consumers confidence in data security. What do consumers expect from companies to secure their data?

In the past financial year, the Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports —a 13% increase from the previous year. In light of rising threats to Australia’s digital-dependent economy, cybersecurity remains a high-level priority for all Australians, including small to midsize enterprises (SMEs).

The government has pledged $101.6 million over five years in the latest federal budget to support and uplift cybersecurity efforts in Australia. However, despite this responsive planning, SMEs will still face damaging threats as long as cybercrime continues to evolve. A cyberattack can have long-lasting effects on a company’s reputation and significantly impact its bottom line. What proactive data security processes can SMEs implement to instil digital trust among their customers?

In response to the ongoing cybersecurity challenges in Australia, GetApp surveyed 991 Australians who had carried out an online transaction in the past year to find out what concerns these consumers and what measures they currently take before making online purchases. In part one of this two-part series, we looked at the implications of data mismanagement for businesses and the effectiveness of a privacy policy in building digital trust. This second report dives into what data security processes consumers expect from companies and how transparent firms should be in communicating their efforts to mitigate cyber risks. We evaluate the role of data security measures in building consumer confidence. 

The full methodology for the study can be found at the end of this report.

What cybersecurity concerns do online consumers have? 

The ACSC’s latest cyber threat report highlights the increased number and sophistication of cyber threats and crimes such as extortion, espionage, and fraud. The report also highlights the danger of more sophisticated cybersecurity threats that make it easier for online criminals to replicate these crimes on a grander scale. 

57% are more concerned about cybersecurity than a year ago

Media attention from recent data breaches in Australia, such as those affecting Medibank and Optus, has naturally brought the topic to consumers’ attention and raised concerns regarding outdated safeguards. Unsurprisingly, the overwhelming majority (98%) of respondents express cybersecurity concerns, with 38% saying they are ‘extremely concerned'. 

Over half (57%) of survey-takers said they feel more concerned about cybersecurity than a year ago. Of these, the majority (58%) are worried about cyberattacks becoming more sophisticated and harder to spot. Similarly, the ACSC’s latest report on cyber threats highlights the sophistication of cyber threats as a rising concern. 

The increase in the number of cybersecurity attacks and personal data leaks were each cited by 57% of respondents as further concerns about cybersecurity over the past year. Frequent media attention given to the topic may increase fears; however, SMEs looking to build digital trust with consumers must navigate these concerns and ensure they address them.

According to the ACSC’s cyber threat report, fraud, online shopping, and online banking were the top reported cybercrime types, accounting for 54% of all cybercrime reports in the financial year 2021-22. Regarding consumer concerns, especially around online shopping, we asked respondents what they currently do to safeguard their data when purchasing online.  

What security measures do consumers take before purchasing online?

In a similar way that consumers often look for product or service reviews to help make purchasing decisions, online reviews also serve as an aid for potential customers to gauge trust in a company they plan to do business with. In fact, when we asked our survey field what measures they take for security when purchasing online, 44% said they read online reviews about the company. Furthermore, the next common measures included talking to friends to see if the company is reliable and researching a company’s reputation (each cited by 38% of respondents).

Payment security systems are the top trust signal for online purchases

GetApp’s 2022 Bring Your Own Identity (BYOI) Survey found that 71% of consumers opt out of online purchases because they don’t trust companies with their personal information. As online shopping was among the most frequently reported cyber crime types in Australia, consumers have every reason to be suspicious of data security and privacy before making an online purchase. However, when we asked our respondents which three elements they trust the most before paying for a purchase online, significantly, almost two-thirds (68%) said they trust a payment security system. Data encryption was the second most frequently cited factor, by 44% of respondents. The following graph indicates other key trust signals. 

How can companies make online consumers feel more secure?

Businesses must pay close attention to how customers perceive their data security processes. A clear majority (94%) of survey-takers agree they expect companies to be transparent about how they actively mitigate risks regarding data security, where 57% said they want to know exactly how companies are making their data secure, and 37% said they would like to have some more information.   

Consumers expect transparency about data security 

Companies that display full transparency towards how they protect consumer data online are more likely to win consumer trust. Businesses that wish to make use of this opportunity will need to carefully consider how they inform their customers about their security measures and processes, whether via a statement on their website, by email, or through other methods. Of the respondents that expect transparency, nearly two-thirds expect companies to be more transparent about handling sensitive data and report on how they actively mitigate risks by providing a clear statement on their homepage. However, many would like to be contacted personally via email or receive updates about security in the company’s email newsletter.

69% of respondents further highlight the importance of transparency, saying they would feel more secure if they knew about a company’s processes and guidelines to protect their data. Companies that have an incident response plan in the event of a data breach can go a long way to reassuring their customers that they have planned procedures and processes to counter the breach. Evidently, over half of respondents (53%) would feel more secure in a company’s ability to protect their data if they were provided with an incident response plan.

How will AI affect consumer trust in data security?

Artificial intelligence (AI), although not an entirely new technology, has drawn an exceptional amount of attention towards its uses, functionality, and ethics recently, with developments in AI tools such as Chat GPT or Bard flooding the media landscape. However, perceptions are changing as rapidly as the technology is evolving. We investigated the topic with regard to data security and digital trust to find out how this will affect consumers’ trust in companies employing these tools.

Interestingly, of the respondents that feel more concerned about cybersecurity compared to a year ago, only 28% said the implementation of AI in business processes contributed to their concern. This sentiment was echoed when we asked respondents to what extent they trust or distrust companies that implement AI, with the most common answer being ‘I neither trust nor distrust them’. 

On the other hand, 71% of respondents were very clear that transparency regarding the use of AI is important to them (39% said it is ‘extremely important’, and 33% said ‘somewhat important’). In line with earlier findings, for companies to make consumers feel secure, even if they do not consider AI to be a major data security concern as yet, transparency is vital to gaining their trust.

Digital trust and data security expectations are built on transparency

Our survey data highlights public awareness of cybersecurity threats and indicates that many consumers want companies to inform them about the online security measures and processes they take to protect their data. At the same time, over 6 out of 10 respondents ‘somewhat’ (52%) or ‘strongly agreed’ (10%) that they are happy to share personal information if it means better, more efficient products or services. 

Businesses that want to improve their products or services with the use of customer data will need to provide customers with a vital element they seek when deciding where to place their trust –transparency.  

Amid the virtual battlefield of cyber threats and attacks, businesses must ensure they have systems and processes in place that actively mitigate risks and inform customers about their data security practices in their journey towards building trust. Businesses that couple transparent procedures with online security systems that provide reassurance to customers can reduce fears around cyber breaches. Regardless of size, companies can set themselves apart from the competition by demonstrating best practices for security.