As interest rates and prices soar, the Bank of England has warned the UK faces its longest recession since records began. After the upheaval of Brexit and the Covid-19 pandemic, it’s exactly what business leaders don’t want to hear. Tough economic circumstances mean investments will become harder to justify and many will be looking for efficiencies to protect cash flow.
But privacy and security are two areas experts believe are almost ‘recession proof’ because they are as important, if not more so, during downturns as they are during more economically secure times. Here’s why:
Privacy leads to more trust
As the cost of living crisis bites, customers tend to think more carefully about the money they spend, as the cash available for non-essential purchases falls. Many shift to buying cheaper brands or do more research before they make a purchase. But the more loyal a customer is to a company, the less vulnerable that relationship is to external factors.
Privacy is a real USP for brands. Apple and Google, for example, have both recently invested considerable amounts in campaigns that champion their stance on privacy. It’s known that a third of UK companies lose customers after a data breach, and four in 10 say they won’t return after a security issue. In these tough economic times, businesses won’t want to give a single customer a reason to shift elsewhere. Instead, they need to inspire confidence they take care of the customer information that they hold.
Hackers are about to get more active
Cyber attacks and data breaches can happen any time. But it’s known that hackers tend to take advantage of a slower economy, looking for new vulnerabilities to take advantage of. During the Covid-19 pandemic, for example, around 35% of cyber attacks used previously unseen malware. A recent PwC poll found business leaders rank cyber security as the number one risk facing their companies, posing a bigger threat than inflation or a recession.
Privacy doesn’t have to be on the chopping block during a downturn, providing organisations invest in a cost-effective privacy management programme. Businesses need to build a culture of continuous privacy compliance for the long term, enabling leaders and their teams to understand and confidently implement what’s required.
Hybrid teams increase security risks
Human error is a factor in 90% of data breaches and it could be as simple as a member of staff clicking on an erroneous phishing link in an email, or sending records to the wrong recipients. One of the vulnerabilities hackers were able to take advantage of during the pandemic was more staff working from home. Employees had less supervision and fewer technical controls, many were using personal devices or unsecured Wi-Fi networks, and some were more likely to be the victim of a phishing scam in a relaxed home environment. That risk isn’t going away post pandemic, particularly as many companies have continued to allow staff to work remotely, travelling into the office one or two days a week.
It’s almost impossible to prevent these sort of mistakes with technology. Human error can only be tackled with good privacy training. The upside (beyond preventing data breaches) is that businesses can empower employees to make the best use of the data at their fingertips without creating a security risk. That boosts innovation and productivity, and stops security incidents that could derail the whole company. When employees understand privacy they care about it, and they’re willing to do their bit to keep information safe – wherever they’re working.
The regulator is clamping down on bad behaviour
The UK’s Information Commissioner recently gave notice of his intention to fine TikTok £27m for breaching the Children’s Code. But it’s not just large businesses in his sights. The ICO has already fined more than 25 companies this year, many of which have been SMEs. Easylife Limited for example, made more than a million unsolicited direct marketing calls to customers after profiling them to predict their health conditions, and was subsequently fined £1.48m. And Halfords was fined £30,000 for sending half a million unsolicited marketing emails.
When money is tight, the last thing any business leader wants is a fine – Amazon, for example, was recently fined €746m by the European Union for how it handles personal data. Any UK or EU business caught out on privacy could be subjected to a fine of up to 4% of its worldwide turnover, or £17.5m, whichever one is higher. When the worst happens, everyone sits up and pays attention. But of course, it’s often too late by then.
Making the business case for privacy
It’s a difficult time for many organisations who may feel they can’t continue with ‘business as usual’. But privacy continues to be a real business imperative and it pays to prioritise it – whether the UK is in recession or not. Those fighting for budget should be clear that it’s an investment rather than a cost, and that it’s something customers and investors are increasingly concerned about.
Research has shown almost half of UK consumers are happy to exchange data with businesses as long as there is a clear benefit for doing so. But more than two thirds (69%) are concerned about online privacy, and 88% want more control over the information they share with companies. Trust in an organisation is the number one factor when determining customer willingness to share information. People want to do business with ethical, legally compliant organisations that treat personal data with the care, respect and security that it deserves. After all, privacy is a fundamental human right. And we all have a role to play in protecting it – now and in the future.