August 10, 2022

More than Money: Understanding the Role of Data Security in Protecting Corporate Reputations

In 2021, the telecommunications giant T-Mobile experienced a major data breach where hackers gained access to more than 48 million current, former, and prospective customers’ data. The sensitive data stolen in this attack included customers’ social security numbers, first and last names, dates of birth, and driver’s license/ID information.

T-Mobile lost around $5.3 billion in value, dropping from $145 per share to $140, in the aftermath of announcing the data breach. When explaining this drop in share price, financial analysts mentioned that the company could face legal trouble but pointed to an even bigger problem: T-Mobile’s reputational damage had the potential to cost the company more than a million current and potential customers.

T-Mobile is not the only company that suffered reputational damage after sensitive information was stolen. Just a couple years earlier, Capital One experienced a data leak affecting more than 100 million people in the U.S. The bank estimated that the leak could cost them up to $150 million, but investors feared a greater issue. Capital One’s shares dropped nearly six percent, in part because financial experts “worr[ied] about longer term reputational damage” to the company.

The reasons for the market reaction to both the Capital One and T-Mobile incidents show that the damages caused by an unintentional information disclosure could be more than recovery costs and legal fees. Poor data security can break the trust a company has built with its customers, investors, employees, and other stakeholders. Reputational damage could harm businesses long after they resolve a data leak. To understand the value of proper information security, leaders should first understand how data breaches can cause both immediate financial and long-term reputational damages to businesses.

Information Security Is Top-of-Mind for Consumers

As more companies collect sensitive information, consumers are growing more concerned about data protection and privacy. In fact, Shred-it’s 2021 Data Protection Report found that 90 percent of Canadian consumers rank personal information security as “extremely high” in importance. Although, most Canadians do not feel like their data is safe. According to PwC Canada, 74% of Canadians believe they have less protection of their personal information than they did ten years ago.

This expanding concern for data security is likely a result of skyrocketing information attacks. Shred-it’s Data Protection Report found that 49% of large businesses have experienced a data breach. For many companies, the stakes of comprehensive data protection have never been higher.

How Data Breaches Can Damage Corporate Reputation

Reputation defines how consumers, employees, and other stakeholders perceive a company, which can have major business implications. Consumers want to do business with organizations they perceive as honest, ethical, and aligned with their values, especially when it comes to data protection. According to Shred-it’s 2021 Data Protection Report, 83% of Canadian consumers decide who to do business with based on their reputation for data security.  

When data is compromised, consumers can feel like companies do not operate ethically nor care about their sensitive information. As a result, 42% of Canadian large businesses surveyed by Shred-it in 2021 reported a damage to their reputation and credibility as a result of a data breach.

This damage in corporate reputation might not have immediate financial impacts as fines or recovery costs would, but it can affect a business’ bottom line. A study from KPMG found that approximately 84% of Canadians will switch brands if a company did not keep their data safe. To build trust and long-lasting relationships with customers, companies should prioritize effective information security.

Reputation Management Tips

Data protection should play a role in every brand reputation management strategy. Shred-it’s information security tips help businesses keep their data and reputation safe:

  • Create a culture of security: Effective data protection requires participation from all company employees. To mount the best possible defense against information thieves, organizations should create a culture of security by establishing policies that prepare employees to help prevent data breaches. A security-minded culture should include regular employee data protection trainings and workplace policies such as a Shred-all policy.
  • Understand the risks: Companies could struggle to develop an effective data protection program if they do not know where, how, and how long they store sensitive information. Information security professionals can help leaders understand their current data management procedures and help identify potential security vulnerabilities.
  • Invest in solutions and personnel: A business could have a very hard time preventing information security threats without investing in data protection technology and personnel. For example, all in-office and portable computers should have protections including encryption, firewalls, and password protection. Information security professionals can help identify and address potentially new data protection threats on a regular basis. These investments might appear costly but could ultimately save companies millions in financial and reputational damages.
  • Have a response plan: A company’s response to a data leak can also impact its long-term reputation. Organizations with data breach response plans in place can work quickly to minimize damages to customers and clearly communicate the situation to all stakeholders. Those without a response plan risk worsening the reach of a data attack and alienating customers.
  • Remember to protect physical data: While the majority of data breach media coverage focuses on data stored on computers and the internet, physical data such as confidential documents and hard drives also carry a significant data security risk. Secure information destruction is one of the most effective practices to prevent physical data theft. Leaders should partner with a document shredding company that offers document destruction best practices including locked consoles, secure on or off-site destruction, and a certificate of destruction after every shred.

Shred-it’s experienced team of information security professionals helps organizations of all industries and sizes keep physical data secure. Learn more about our services and contact us  to get started.