Brand Trust Can Be Eroded By A Single Cyber Breach: Why All Brands Are At Risk From Exploitation

Brand Trust is “the confidence that customers have in a brand’s ability to deliver on what it promises.” As in any interpersonal relationship, that trust grows the more the brand or company meets, with consistency, the expectations of its customers. According to Qualtrics, the number one driver of brand trust among global consumers is the respect and protection of customers’ data, privacy and security.

Brand trust, or equity, is therefore arguably an organisation’s highest value, intangible asset.

Why Brand Trust is Synonomous with Digital Resilience

Digital connection is fast becoming the default way of engaging with customers and consumers, vastly accelerated by the remote-first culture necessitated by the restrictive measures of the COVID pandemic. There is rarely a brand that doesn’t interact or transact with, its customers and constituents online; a fine balance of reliability whereby companies are entrusted with Personal Identifiable Information (PII) and other sensitive data. Brands and companies are now custodians of data on our lives, and as such, have a deep ethical accountability to keep that data safe from cybercrime perpetrators.

If a brand has an online presence, they are subject to brand exploitation attacks. Mimecast’s inaugural ‘State of Brand Protection Report’ discovered that entities on the BrandZ Top 100 Most Valuable Global Brands 2020 list experienced a 381% rise in brand impersonation attacks over May and June 2020 compared to before the pandemic.

We have long moved away from the classic ‘castle and moat’ model of perimeter defence. Castles have crumbled and given way to soaring, highly interconnected and accessible skyscrapers, where data flow within and outside of an enterprise is fluid, vast and burgeoning. 

Attackers can very easily imitate your brand by sending fake emails from your owned domains, or by simply registering a similar brand domain designed to dupe customers, partners and employees. An organisation’s security perimeter is now nebulous and under constant attack, with geographically dispersed employees; a plethora of third-party integrations risking back door intrusions; and the accessibility of phishing kits and other enablers for malicious actors. 

Once Bitten, Twice Shy

Back to trust – once that trust has been breached, it is almost insurmountable to regain that loyalty. Consumers hold the data custodians accountable for criminal data breaches – 71% of Mimecast’s survey respondents agree that is the brand’s responsibility to protect itself from email impersonation, and 73% agree the same for domain spoofing.

Mimecast’s research found that 59% of Australian consumers would vote with their wallets and stop spending money with their favourite brand if they fell victim to a phishing attack masquerading as that brand (tip: use a separate credit card with a small credit limit for your online purchases). Trust is paramount to a brand’s financial robustness and credibility. Trust is hard won but it is also very easily lost.

52% of B2B purchasers will take their business elsewhere if their trust is violated. This is higher for B2C purchasers, and scales with Gen Z and younger.

Mimecast’s research found that 59% of Australian consumers would vote with their wallets and stop spending money with their favourite brand if they fell victim to a phishing attack masquerading as that brand.

Brand tainting is, with social media, literally viral and unstoppable. Reputational damage can avalanche into years of lost revenue and may take years of rebuild. Basic consumer psychology means that brands cannot cover up cybersecurity failures – instead, these failures are explosively and dramatically amplified through mainstream and social media avenues.

The repercussions of a data breach include: financial loss, customer attrition, measurable loss of brand value, regulatory / government fines, and the severing of third party relationships.

The widely reported Optus data breach of September 2022, compromising almost 10 million current and former customers’ PII, had an initially reported cost of $140 million. This estimate is dwarfed by Brand Finance Australia’s measure of the loss of brand equity – a staggering $1.2 billion. The Optus brand valuation plummeted from a forecast of $4.5 billion in 2022 to $3.3 billion. This is also excluding ongoing litigation via class action, estimated to settle in the billions.

Mark Crowe, Managing Director of Brand Finance Australia, states, “When you have a one-off event like that, the pernicious effect of it can be very profound…A one-off event that creates negative sentiment can wipe out five years of continual growth in brand strength.”

He continues, “Brand is the most value-creating asset in the business,” viewed through the lens of a company’s board, reputational damage has a massive impact on the tangible bottom line. Fortunately for Optus, it does have great brand equity, which acts as a ballast against more extreme financial and market repercussions. Mr Crowe predicts that Optus’ recovery “needs to be brand-led.”

The Flip Side – Getting Brand Trust Right

McKinsey’s research involving 1,300 business leads and 3,000 consumers globally indicates that organisations that successfully build digital trust are 1.6X more likely to experience annual growth rates of more than 10 percent on their top EBIT and bottom lines.

Being able to securely store and use customer data directly converts to improved brand reputation over the long-term, and subsequently greater revenue, growth and brand resilience in the face of adversity.

What do digital trust leaders do differently?

Here is our checklist:

  1. Set & Propagate Goals. Go ahead and answer that higher calling. Clarity about the why your brand can serve and drive value goes a long way in setting the path towards brand advocacy.
  2. Engage In Best Practices. The boring but important stuff. Implement industry-compliant policies for data storage and access. Map out a water-tight risk management strategy. Be dogmatic about the performance metrics that matter.
  3. Be Transparent. 85% of consumers want to know your privacy policy prior to making a purchase. 58% of APAC consumers often or always consider another brand if they are unclear about how a brand will use their data. Consumers rank digital trust tenets (ethical and trusted reputation; amount of personal data required) almost as important as product fundamentals (price, quality, convenience), and the same as the speed of delivery.
  4. Nurture Change From The Grassroots. Falling prey to social engineering can be catastrophic for organisations. Brand impersonation exploit the human psychology. Really invest in employee awareness and cyber literacy. Transcend those silos within your organisation to truly collaborate on managing risk, operations, data privacy. Change your company culture and address cyber security as a whole-of-business imperative, rather than just an IT problem. 
  5. Partner With A Tech Leader. Brand protection is your oganisation’s lifeblood, and you would only entrust it with a leading technology vendor that can proactively and with surgical accuracy pinpoint live attacks and potential threats before they become active – at scale and in real-time.

Empower the Frontlines of Your Defence

The OWASP statistic of email being the point of entry for 91% of all cyberattacks remains more or less true.

Skjaldborg in Old Norse is a military defence manoeuvre that was commonly used in medieval warfare. Vikings used to stand shoulder to shoulder holding their shields so they would abut in a phalanx formation. These shield walls were three or more ranks deep, forming a solid battle line.

Likewise, Sekuro advocates for multiple layers of defence at the frontline to shield against malware, viruses, spam, phishing, and advanced persistent threats. We strengthen our clients’ defences through a whole-of-organisation approach, utilising the maturity framework within our holistic Zero Trust Strategy and the world’s leading cyber security technologies.

Sekuro strategically partners with leading technology providers to combine machine learning and targeted scans to identify potential attacks in the early stages, block compromised assets before they become live attacks, and take down active attacks to quickly minimise damage.

Contact us today to consult on how we can progress your perimeter defences and protect against brand imitation threats, and proactively hunting and remediating attacks that rely on fraudulent, lookalike domains.

Nick Flude | Sekuro
Nick Flude

Chief Marketing Officer, Sekuro

Nick leverages more than 20 years of B2B marketing experience to set and execute Sekuro's marketing strategy and plans, partnering closely with Sales to exceed growth and revenue targets. Nick is a vocal advocate of the value that a data-driven and revenue focused marketing team can bring to an organisation.

Scroll to Top