VF Corp., owner of the North Face and Vans,
suffered a recent ransomware attack, exposing the personal data of 35.5 million customers. It’s just the latest, with cyberattacks, pfishing and malware sweeping some of the biggest names in
retail. A new report from Apple says 2.6 billion records were leaked in 2021 and 2022. We asked Amber Boyes, an analyst at Gartner, to explain what these attacks do to brands.
Retail
Insider: These breaches feel constant. And I remember going back to Target’s massive breach in 2013, hearing that they erode consumer trust and tarnish brands. Is that true? Target’s
still here, and so are Home Depot and eBay. Consumers forgave them. As attacks becoming more common, are consumers just shrugging them off?
Amber Boyes: Our clients certainly
aren’t. They are paying close attention to risks, and investing more in safety. But for consumers, breaches do seem ubiquitous. People see the headlines all the time. But I wouldn't say that
means they are ho-hum about it. We track online data security in our omnibus data, and consumers still say they are very or extremely concerned about the security of their data. Just because
they’re used to breaches doesn’t mean it doesn’t bother them. As far as eroding trust and reputational damage, it depends on the breach's severity and the data's sensitivity. It also
depends on the nature of the organization. If a company has touted itself as a secure organization, such as a large bank, it will have more damage.
Retail Insider: Can you quantify
reputational damage? Put another way, are any North Face customers saying, "That’s it! From now on, I’ll only shop at Patagonia!" Do people switch brands because of breaches?
Boyes: We don’t know. When companies can hold that kind of commercial impact close to the vest, they do. But even if there is no sign of brand switching, it is still a concern for the
communications and brand leaders. They're doing a lot of scenario planning around this. And organizations are putting a lot of resources and time into preparing appropriate responses.
What’s frustrating is that often, as in the case of VF, for example, there’s just no information for consumers to respond to.
Retail Insider: So, companies should be more
transparent?
Boyes: Often, they can’t. They don’t know. There's this weird period of ambiguity.
Retail Insider: What is the best messaging?
Boyes: It depends. There are regulations about notifying the Securities & Exchange Commission. Sometimes, breaches turn into full-blown operational issues. Last fall, a breach at MGM
resulted in casinos shutting down and people posting all over social media.
The people we work with are trying to get the right sensing mechanisms in place to understand how things are
escalating after an incident, what's generating more news coverage, and how things will be expected to grow from there.
It’s tricky. Often, the breach involves a third party, but
it’s crucial for companies not to sound as if they are shifting blame. Comms teams need to build muscle so they are ready to work closely with IT, legal, and HR. That includes cyberattacks and
the growing threat of malicious content using generative AI.
Retail Insider: Are there generational differences in those concerns?
Boyes: Yes. Boomers are the most
worried, with 53% saying they are very or extremely concerned, and it declines with age to 45% for Gen Z. But it is still a top 6 concern across the board.
Retail Insider: How
should marketers and retailers address cybersecurity in their marketing? Are vague “your data is safe with us” messages effective at a moment when more people believe no data is ever
safe?
Boyes: Companies have to center the message around what benefit they are delivering to their audience: "Here’s how we’re helping you achieve your goal."
Retail Insider: Apple is doing that well in its iPhone campaigns, which seem to enhance brand value. How is that working for others?
Boyes: In our recent reputation research,
we studied “Safer with Google” ads, including the website for consumers. Google does a good job of better explaining the kind of information that customers typically underappreciate. It
explains what it does for users, like blocking something like 25 billion spam pages, and how it encrypts user payments.
It also transfers some of the ownership of security issues to users,
encouraging them to actively protect their data. It offers easy-to-use tools for keeping accounts private, safe, and secure, as well as security checkups. The company goes way past conventional
storytelling, more than Apple, and stood out to us because those videos in the series went above and beyond.