cybercrime Magazine recently conducted a podcast to discuss the relationship between cybersecurity, customer experience and trust. The podcast featured two Deloitte leaders:
· Emily Mossburg – Principal and Deloitte Global Cyber Leader
· Ashley Reichheld – Principal, Deloitte Digital, and creator of the HX TrustID™
Below are some highlights from the conversation.
To start off, could you tell us about delivering a better customer experience – and the role of trust within that?
Ashley Reichheld: A couple years ago, we at Deloitte set an ambition to elevate the human experience. We purposefully chose the word “human” because you don’t wake up every day as a customer or employee – you wake up as a human being. And in order to elevate the human experience, you have to start with a foundation of trust.
Unfortunately, trust has been on the decline for quite some time – with corporations, governments, NGOs, health care companies and so on facing significant trust deficits. When thinking about how to help our clients build trust and elevate the human experience, we knew there needed to be a way to measure trust more effectively. So we created the Human Experience (HXTM) TrustIDTM, drawing on data from 7,500 customers and employees of travel, hospitality, retail and automotive companies. We’ve since gathered data for more than 500 brands across industries from more than 200,000 respondents.
This new measure breaks trust down into four integrated signals: humanity and transparency (which, together, form an organization’s intent) and capability and reliability (which form an organization’s competence). In addition to examining the components of trust, we also ran analyses to show specific, quantifiable and predictable behaviors driven by trust – such as greater brand loyalty and repeat purchases from consumers, and on the employee side, increased motivation to work.
To recap, though, the bottom line is that you can’t elevate human experiences without engendering trust.
What’s the role of cyber in all that? How does cyber drive transparency and contribute to overall trust?
Emily Mossburg: You can’t have trust without a strong cyber program. Cyber focuses on governance, the implementation of regulatory and legal standards, and the protection and security of assets. Of course, when you’re talking about gaining trust, the asset you need to protect is often an individual’s data.
So to really have the trust components that Ashley talked about, organizations have to understand the data lifecycle. That is, you need visibility into how you’re going to collect data, store it, retain it, use it, and even destroy it, and all the associated data flows. Then, organizations also need to share with individuals intentions for how their data will be used and how it will be protected – so consumers and employees feel their information is safe. Cyber is at the core of driving that transparency and trust.
Are the goals of marketing teams (to collect and use customer data for better experiences) and the goals of cyber teams (to protect data and adhere to privacy regulations) at odds? How can CMOs and CISOs work together to balance their priorities and execute all those areas successfully?
Ashley Reichheld: At the end of the day, the entire C-Suite is working toward the same thing: building trust among their workforce and customers, and working to deliver the best possible experience for them – one that’s both elevated and protected. Marketers know that the more data they get, the better and more personalized experiences they can create – taking into account individuals’ behaviors and preferences, when and how they want to be engaged, etc. But of course, with more data comes more potential risk. So one of the most important things CMOs can do is to bring in cyber much earlier in their campaigns – working together to not just get the right data, but to also understand the implications of the choices they’re making and any risks that are introduced.
Emily Mossburg: To that point, from a cyber perspective, when we speak with our clients and their CISOs, we often discuss the concept of “shifting cyber to the left.” That means getting the cyber team involved sooner – whether it’s in a marketing campaign, a new business venture, a new way of engaging customers, etc. – to really understand the organization’s business goals and objectives for that particular initiative. The cyber team also engages in dialogue with stakeholders about potential security risks – so that organizations can develop, from the beginning, a solution that focuses on the end goal while also meeting cyber requirements.
Involving cyber from the get-go can also prevent the CISO or cyber department from being known as “the Department of ‘No’” – that is, the team that raises issues and concerns at the 11th hour, and vetoes projects that are already in advanced stages. It’s much more beneficial for everyone involved to bring in cyber early in the process: so all parties can move faster and toward the same goals, in a safe and secure manner, and with trust embedded throughout.
With various data privacy laws today, such as GDPR [General Data Protection Regulation] in Europe and the CCPA [California Consumer Privacy Act], do you think we’ll see the emergence of a global privacy law?
Emily Mossburg: GDPR and the CCPA have their roots in previous regulations and directives from the early 2000s – namely, EUDPD [European Union Data Protection Directive] and California SB 1386, which also caused a ripple effect across the US. That’s all to say, governments have been tackling data privacy issues for quite some time. It’s unlikely in the US that we’ll get a national law – much less a global one – given all the intricacies around data ownership and the implications from a governance, management and usage perspective. Ultimately, we’ll see continued fragmentation in the legal and regulatory space around data protection and privacy. Organizations will need to collaborate and look to other places for consistency and efficiency, and to put forward a framework that consumers can trust.
Ashley Reichheld: Ultimately, businesses and customers are going to set the standard for data privacy and protection.
Deloitte’s own research shows that customers are aware of – and largely comfortable with – brands collecting data on them. For example, 75 percent of consumers expect their favorite brands to know why they purchased a product; 52 percent expect the brand to know how satisfied they are with it. At the same time, 35 percent say they do not want brands to track their browsing history for similar products. The implications are clear: Most customers will allow brands to collect data, but only if the customer feels it is relevant to their relationship with the brand. They want a choice in what data is captured and how it is used.
If businesses lead the way, what should they be doing to create trust through a better customer experience?
Ashley Reichheld: When we did our trust research, the importance of transparency was very clear. However, most companies don’t score particularly high on transparency. So it’s not only a significant factor in building trust, but it’s also one of the areas that most companies can improve upon.
To that end, companies can make sure that they’re very clear about what customer data is being collected, why and what it’s going to be used for – and also give customers the agency to decide what they want to share and what they don’t. Most importantly, that all has to be done in simple, plain language that’s easy to understand. If you were to read every contract you’ve ever signed – whether for an app you downloaded or a program you used – you’d spend a sizeable chunk of your life buried in contracts. Nobody wants that. So the easier companies can make it for customers, the better.
Emily Mossburg: To build on that, organizations also have an opportunity to embed cyber as a differentiator in their products and services, and in the way they interact.
As part of that process, they need to understand the expectations they’ve set with employees and consumers about the data lifecycle. And organizations also need to look at what security controls and solutions should be put in place to enable that.
As we think about tying data to an individual, there’s a lot of opportunity to apply technical solutions – such as identity and access management platforms, and preference centers/management solutions – so that a user, when entering an application, can make their preferences known. Those preferences can be attached to who they are and can follow them across the customer journey.
In addition, and throughout the journey, there’s a great opportunity to embed trust across interactions. When organizations and customers have a more transparent exchange, and when trust is a key component in that exchange, there are better experiences and outcomes for all.