The continuous evolution of digital transformation is outstripping the pace of cyber security in organizations. As a result, we're witnessing a fundamental disconnect between consumer expectations and concerns, and the ability of organizations to meet those expectations, according to KPMG's Consumer Loss Barometer report. 

The global survey of more than 2,000 consumers and 1,800 Chief Information Security Officers (CISOs) identified a mismatch between the priorities of CISOs and consumers in the event of a breach. 

Consumers continue to have reservations about the possible misuse of their private details. They are more worried about how these breaches will affect them personally and are less concerned about the impact of a breach on an organization. The survey found sixty-nine (69 percent) of consumers reported concerns about their technology being compromised while thirty-seven (37 percent) of consumers reported having their financial information compromised. On the other hand, two-thirds of CISOs say they prioritize financial loss and reputational risk over the impact on customer trust.  

“It's clear that organizations are still prioritizing their bottom line ahead of consumer expectations and concerns, despite the opportunity to use effective cyber security strategy to build consumer confidence and engagement,” says Akhilesh Tuteja, KPMG Global Co-Leader, Cyber Security. 

When an apology alone may not suffice

In the event of a breach, consumers prefer proof of a fix over an apology (42 and 24 percent respectively). Conversely, CISOs say they would prioritize an apology over provision of those details (47 and 8 percent respectively). 

Tuteja continued, “Organizations can redesign the relationship with their customers by placing trust at the center of how they do business. By reinforcing consumer trust, this can actually improve a company's ability to retain customers and propel growth.”

Key sector findings:

• Financial services: Almost half (48 percent) of consumers believe their financial institutions have full or joint responsibility for ensuring that mobile devices used for banking are secure. Regardless if financial institutions see it as their responsibility, they need to show they take the security of their customers' personal information seriously.
• Automotive: 56 percent of consumers are worried about their car being hacked now whereas 73 percent are concerned about being hacked five years from now. For a car manufacturer to succeed, it needs to build trust in its ecosystem data security. Car makers are being held accountable for trust in a complex ecosystem  - where dealers, software vendors, hardware vendors, telecommunications providers and, ultimately consumers, all have differing perspectives of the role they play in ensuring vehicle security.
• Retail: Alarmingly, 71 percent of consumers are more concerned about retailers misusing their personal information than information being taken by hackers (68 percent). This highlights a societal lack of trust in business that organizations must address.

Other notable findings: 

• Value within the organization: The vast majority, 83 percent, of CISO respondents brief the board on at least a quarterly or semi-annual basis demonstrating that executives now rate cyber security threats as a significant risk to organizational growth. But when cyber is omitted from the digital business value chain, a trust ecosystem is not delivered and a significant commercial opportunity is missed.
• Cloud and connected devices: 75 percent of consumers believe there should be additional security and privacy measures embedded into the design of their connected devices. But this does not necessarily translate into action: only 35 percent limited the use of sensitive, personal data on their devices and only 35 percent were willing to pay a higher price for more secure devices.
• Mobile technologies: 75 percent of consumers said they were concerned about theft or misuse of personal information collected by their mobile device. Mobile device makers and network providers can differentiate themselves by building consumer trust in digital channels for such sectors as healthcare and banking, not just in the mobile products and services they provide.

To view additional information about the report, please visit kpmg.com/consumerlossbarometer. 

The data published in this report are based on a survey of 1,802 CISOs (or equivalent) in 24 markets, across 12 industries. The respondents were from companies with annual revenues between US$100 million to US$10 billion or more. Consumer data was based on a survey of 2,151 consumers in 24 markets. The sample included all age categories, with a higher percentage of Millennials and Gen Xers, as well as being diversified by gender.

Michelle Ashford
mashford@kpmg.ca
+1 416 777 3468

KPMG is a global network of professional firms providing Audit, Tax and Advisory services. We operate in 153 countries and territories and have 207,000 people working in member firms around the world. The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity. Each KPMG firm is a legally distinct and separate entity and describes itself as such.