Consumers Sound Off: The Impact of Ransomware on Purchasing Behavior and Brand Loyalty

MAY 19TH, 2020

When it comes to ransomware and the effect it has on organizations, headlines scream about the amount of data lost or encrypted, or staggering ransom amounts paid. 

What is rarely reported are the immediate lost sales or long-term impact on consumer purchasing behavior and brand loyalty. When will consumers “walk away” or abandon a product or service for a competitor?  How do cyberattacks affect consumer trust in an organization?  

Results from new research found that while most consumers are taking necessary security precautions to protect their online accounts, businesses may not be doing enough to protect their information – inadvertently driving sales to competitors that can.

Key insight: Most consumers doubt their data is safe 

A survey of nearly 2,000 consumers across North America, the United Kingdom, France, and Germany found that 70% believe businesses aren’t doing enough to adequately secure their personal information and assume it has been compromised without them knowing it. Despite sweeping data privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) meant to protect consumer data, organizations continue to experience cyberattacks that result in data breaches, massive data loss, long-term downtime, and exorbitant ransom payments. 

Case in point: The hospitality and healthcare industries have been prime targets for cyberattacks, with cybercriminals exposing data ranging from personal and banking information to treatment records. For example, an attack on Marriott hotels resulted in a four-year long security breach that exposed the personal details of 500 million hotel guests. And, when a Michigan healthcare organization fell victim to a phishing campaign, cybercriminals quietly gained access to patient data for two-and-a-half months.  

Organizations clearly need a different approach to defend their systems and customers.

 

Key insight: Perceived trust is influential in consumer purchase decisions

Today’s competitive landscape offers an overwhelming number of choices, so it doesn’t help when a business loses the trust of its consumers due to a security incident. Consider this scenario: You’re looking to open a new bank account and come to find out the bank you’re considering fell victim to a cyberattack where accounts were held hostage and customers unable to access cash. It’s likely you’d think twice about this bank – and you wouldn’t be alone. 

New research indicates that 59% of consumers would likely avoid doing business with an organization that had experienced a cyberattack in the past year. And, as consumers become more educated and cyberattacks become well-known, perceived trust becomes more influential in their purchasing decisions, with the study also finding that nearly nine of ten consumers consider the trustworthiness of a business prior to purchasing a product or service.

These findings suggest businesses must act quickly, particularly given the rise of cybercriminals now making breaches public or dumping stolen data in public forums, when ransom deadlines aren’t met. 

Key insight: Consumers aren’t tolerant of ransomware-related disruptions 

In today’s on-demand economy, a single service disruption, failed transaction, or instance of inaccessible information feels like a lifetime. But, the link between disruptions and consumer behavior has not been widely understood (until now!). 

The study found that one in four consumers will abandon a product or service in favor of a competitor after a single ransomware-related service disruption, failed transaction, or instance of inaccessible information. Simply put, consumers won’t wait for your ransomware recovery. 

Further, in the aftermath of a cyberattack when many businesses scramble to recover data and get systems back online, consumers may have already moved on to the next brand. Just over 66% of respondents would turn to a competitor if an organization couldn't restore systems and applications within three days following a cyberattack. Over a third of those would be willing to switch after a mere 24 hours of waiting to access their information or make a transaction.

Consider the after-effects of the REvil attack on Travelex, a UK financial institution. Not only did cybercriminals demand $6 million in ransom, they also claimed to have consumer’s personal and credit card data. Travelex took its IT systems and websites offline for more than three weeks, reverting airport currency exchange kiosks to pen and paper and leaving customers “in limbo.” 

In the end, the hacker group encrypted the entire Travelex network, deleted backup files and exfiltrated 5GB of personal data despite Travelex paying a ransom of $2.3 million Bitcoin. While the short-term effects of the attack are heavy, time will tell how the long-term impacts on consumers will affect Travelex’s business in the future.  

The answer: Get proactive about cybersecurity with integrated data security and protection 

Let’s face it – today’s businesses can’t afford to lose customer trust. And, with the fallout from cyberattacks swift and far-reaching, there’s no room for a “wait and see” approach. The only way to effectively protect your business is through multi-layered cybersecurity and data protection that eliminates the silos and gaps in these strategies. 

In short, this is what integrated protection looks like:

  • System protection secures data against cyberattacks, using cutting-edge artificial intelligence (AI) to prevent both unknown and known threats
  • You prevent major hacking techniques, including credential harvesting, lateral movement, and privilege escalation with exploit prevention
  • In the event a threat does slip through or cybercriminals attack your backups directly (which is becoming more common), advanced disaster recovery and continuous availability capabilities ensure you don’t miss a beat
  • On-premises, cloud, and SaaS-based workloads are now secured from any threat for a first and last line of defense against cyberattacks, including ransomware

Arcserve solutions secured by Sophos does just that. Find out more about multi-layered cybersecurity and data protection for on-premises, cloud, and SaaS-based data.

For more insights, read the full report Ransomware’s Stunning Impact on Consumer Loyalty and Purchasing Behavior.