The Dark Side of Big Data
Determining the toll of customer data vulnerability—whether perceived or real
Data breach.
The thought alone can send us into a panic of existential dread. It’s the unavoidable byproduct of our increasing tendency to shop and socialize online, triggering a pervasive anxiety that our identity or finances will be stolen or misused.
A new study from the University of Washington Foster School of Business and its Center for Sales and Marketing Strategy gets to the core of customer data vulnerability, determining its causes, effects and ways it can be eased.
The Foster School’s Abhishek Borah and Robert Palmatier, working with Kelly Martin of Colorado State University, establish that simply giving personal and financial information to companies is enough to trigger feelings of vulnerability. This vulnerability exacerbates the financial cost to firms—and sometimes their competitors—when they fall victim to a data breach.
“Our examinations confirm that vulnerability generates negative outcomes for firms, including abnormal stock returns and damaging customer behaviors,” says Borah, an assistant professor of marketing at Foster. “But we also find that firms can suppress these detrimental effects by offering data transparency and offering customers control over how their data is collected and used.”
Promise and problems
The era of “Big Data” offers great promise but also serious potential problems. By collecting personal information and tracking customer behavior, firms can devise more personalized and useful marketing strategies than ever before.
But this comprehensive data mining also creates new feelings of vulnerability from entrusting so much of our personal and financial information to retail and social media companies whose privacy policies are often hazy and security measures appear less than impenetrable.
This information can be misused, sold or, most frighteningly, stolen as in the recent Yahoo! hack that compromised an estimated one billion accounts.
These events may be occasional. But, like a break-in at a house five blocks away, they make us all feel more vulnerable even if we were not targeted in the crime.
And when we do become victim of a data breach, that sense of vulnerability intensifies.
How vulnerable?
Vulnerability, of course, is a matter of perception. In a first series of experiments, Martin, Borah and Palmatier establish that simply knowing that a firm has access to customer data initiates feelings of violation and reduces trust.
These feelings can lead customers to engage in a number of behaviors that are detrimental to a firm, including falsifying personal information (such as using a fake birth date), spreading negative word of mouth, and switching to a competitor.
“The negative customer effects appear mainly due to anxiety about the potential for data misuse and feelings of violation rather than actual data misuse,” says Martin, an associate professor of marketing at Colorado State.
Hack attack
When a firm is exposed in an actual breach of data security, the perceived vulnerability of its customers becomes all too real. And serious consequences follow.
A second analysis of data breaches affecting 414 public companies confirms that the stock prices of hacked firms take an immediate hit as customers and investors react.
But it’s not only the firms targeted by hackers that are affected. Competitors also feel an impact, though the extent depends on the severity of the hack. The spillover of a small-scale data breach results in the closest competitor losing, on average, half as much of its market value as the targeted firm. But a major data breach to one firm can send its rivals’ stock prices soaring.
Soften the blow
A third study engaged customers of the five largest companies in three industries to better understand how varying policies of transparency and customer control affect data vulnerability and the damage it can cause.
The researchers confirm that all levels of vulnerability—from merely giving up personal data to having that data stolen—are linked to customers fudging personal information, disparaging the firm and taking their business elsewhere.
But this vulnerability is mediated by feelings of violation and trust. And firms can decrease violation and increase trust among customers—and suppress the negative effects of vulnerability—by enacting policies that are clear about how they are managing customer data and by extending to customers greater control over how their data can be used.
“High transparency and control reduces the spread of negative chatter, deters customers from switching loyalties, and suppresses negative stock market returns,” says Borah.
In practice
Big Data can be good for the bottom line. But it can cost, too, if not managed properly. Offering customers transparency and even limited amounts of control can help ease the feelings of vulnerability that can harm a firm financially.
Among their historic sample of data breach cases, Martin, Borah and Palmatier determined that the financial blow was softened for firms that offered customers a clear explanation of how they collected and used their data, as well as opportunities to opt out of certain data practices.
And for those that did not, they applied the study’s insights retroactively. For instance, when Citigroup was hacked in 2011, exposing the financial data of more than 360,000 customers, its privacy policy was low on both transparency and control. The hack cost the firm $836 million in stock value. But the authors estimate that simply offering customers more transparency and control in their data management policies might have reduced the toll to $16 million in stock value—saving Citi about $820 million.
“Our findings suggest that firms need a more tempered approach to data and analytics initiatives that involve the collection and use of customer information,” concludes Palmatier, the John C. Narver Endowed Professor in Business Administration and research director of Foster’s Center for Sales and Marketing Strategy. “Customer data practices may help the firm identify and better understand customers and segments, but these same practices can create feelings of vulnerability throughout their customer base.”
“Data Privacy: Effects on Customer and Firm Performance” is forthcoming in the Journal of Marketing.