The number of data breaches keep increasing at a fast pace. Exposed to the issue of data leakage, companies seek to build successful compensation strategies, but little is known about what lies behind customers’ perception of compensation. Professor Thomas Kude, ESSEC Business School, and his fellow researchers unveil the mystery.
Lemons to Lemonade: Big data breaches, compensation strategies and customer reactions by CoBS Editor Olga Panashchenko. Related research: Big data breaches and customer compensation strategies, Personality traits and social influence as antecedents of perceived compensation: Thomas Kude, Hartmut Hoehle, Tracy Ann Sykes, IJOPM.
You cash in or you pay out
Today, the boundaries between digital and objective reality are fading. Information systems are now integrated into all spheres of our lives, both public and private. At a personal level, we rely on all kinds of gadgets to hold connection with people, keep up with the latest events as well as manage our contacts, emails, calls and documents. ‘Smart homes’, artificial intelligence and self-driving cars are no more elements of fantastic novels, but developments already engrained in the daily lives of millions of people.
With the world moving rapidly online, it is becoming increasingly harder to keep data private. Even if you are on a permanent digital detox, you cannot totally avoid data sharing if you have a bank account and pay your bills. In order to benefit from a vast range of opportunities offered by technological advancement, you have to give something in return – and the bargaining chip is information.
Amid increasing competition and changing trade realities, companies have become involved in the hunt for customer data. Large customer-centred firms, such as Target, Home Depot, eBay and Sony, process more than 1,000,000 transactions per hour through multiple channels including physical stores, online shops, and mobile applications. They constantly collect sensitive customer data such as shopping behaviour, credit card information, and address details. Real-time analysis allows them to quickly make decisions as to what, to whom and where to offer a product. In short, Big Data Analytics has become an essential strategic tool for customer-oriented industries.
Big data: The other side of the coin
The other side of the coin is that collecting large pools of sensitive customer data may entail large-scale data breaches. These have been reported over the past several years by Sony, Adobe, Target, and Home Depot and many other companies all over the world, caused by both external (hacking incidents) and internal factors (software glitches). In the case of the Home Depot data breach, for example, in-store registers appeared to be infected with malware designed to extract data from credit cards when they were swiped. However, whatever the causes of the breach are, the outcome is always the same: terabytes of leaked information and multimillion dollar losses.
Due to the plethora of potential sources of data breaches that include hacking, lost laptops, and unscrupulous employees, it is virtually impossible to fully protect organisations that leverage big data. As such, it is essential for firms to complement initiatives for preventing data breaches with managerial provisions to respond to such incidents when they occur. The Sony, Adobe, Target, and Home Depot cases show that breached organisations usually try to restore customer loyalty by offering compensation packages. For instance, after its 2013 data breach, Target provided customers with a 10% shopping discount during one weekend as well as a free 1-year subscription to a credit monitoring service. Other companies usually offer a similar ‘one-size-fits-all’ solution – a typical response to such incidents. However, the value of the compensation varies between different customers.
Big data breaches: All out on the table
What determines a customer‘s perception of the compensation offered? According to Prof. Kude’s research, two important determinants are customers’ personality traits and their social environment. Think of how people react to different kinds of service failures such as undercooked steak in a restaurant, overbooked flights or insufficiently clean hotel room. While some immediately ask for a refund, others let it go provided there is satisfactory compensation. Positively perceived compensation has a positive effect on service recovery, and vice versa.
In the case of data breaches, firms commonly offer two types of compensation:
- Free access to products or services (e.g., the free PlayStation network membership and free downloadable content offered by Sony after its 2011 data breach) or financial benefits (e.g., a 10% discount offered by Target in response to its 2013 data breach).
- Privacy and security compensation: basically, an extra service aiming to restore customers’ data security (e.g., a free credit monitoring offer offered to affected customers by Adobe and Target).
Clearly, the type of compensation that is perceived as more adequate is the safest method for a company to regain customer trust and limit losses. However, for a lot of people a cracked bell can never sound well. It is an extremely challenging task to make customers get past such serious incidents as personal data breaches. Wise advice for firms is to analyze their customers’ personalities and social backgrounds, and choose compensation based on these factors.
A deeper dive into personality research is useful for understanding how human personality is constructed. For one, the five-factor model suggests that we are made up of:
- Openness to experience
- Neuroticism (emotional stability).
Each of these five characteristics represents one unique aspect of an individuals’ personality. Some of them turn out be more relevant than others when dealing with the problem of data leakage. For example, Kude’s research found that agreeableness and openness had a significant and positive effect on perceived compensation for both types of compensation (Target offered the affected customers discounts and free credit monitoring).
This makes sense: agreeable individuals tend to have a sense of reciprocity and, thus, appreciate reciprocity. Open individuals tend to be tolerant toward new ideas and emerging applications, so they would be willing to try out a new free product or service. Further, highly extravert individuals appeared to be more favourable to a discount rather than to a credit monitoring service. This might be aligned with natural curiosity and a higher need for social interaction: extraverts enjoy meeting people and feel enthusiastic about in-store shopping and the associated social interaction with reps from the breached organisation.
Interestingly, conscientiousness had a negative effect on the perceived adequacy of credit monitoring. Highly conscientious individuals are goal-directed and value reliability. As such, highly conscientious individuals may be unsatisfied with the complicated process of subscribing to a credit monitoring service.
In terms of social environment, it is hard to underestimate the influence of this factor. When experiencing emotional distress, people often feel the need to share their feelings with their closest surroundings. This is especially the case with personal matters such as relationships or job. Since data breaches are also a distressing personal matter, it causes a similar need to turn to a friend for counsel. Prof. Kude’s research indeed demonstrates a high correlation between the experienced compensation (both types) and the influence of others.
Both personal characteristics and social environment have a real impact on the efficiency of compensation strategies after large-scale data breaches. Taking this into account, companies could introduce stratified compensation. For example, since compensation is more effective for agreeable and open customers, they should be primarily compensated in the case of limited budget. Similarly, discounts may be reserved to extraverted customers while credit monitoring services could be primarily provided to less conscientious individuals.
Managers might also consider customers’ social environments when deciding on how to distribute compensation. For instance, customers who have friends with a positive attitude towards a breached organisation should be primarily compensated. Through collecting and analysing customer data, another recommendation forwarded by Prof. Kude and his fellow researchers is that companies could form clusters of individuals with similar personality traits and comparable social influence. This would also help them build a more efficient corporate social media marketing strategy.
All in all, it looks likely that in the era of digitalization the issue of cybersecurity will only become increasingly pressing. Paying attention to how to compensate for data breaches in the most effective way is in the best interest of customer-oriented firms.
- Link up with Thomas Kude on LinkedIn
- Read a related article: Unlocking customer value through data-driven personalization
- Discover ESSEC Business School France–Singapore–Morocco
- Apply for the Master in Data Sciences & Business Analytics ESSEC & CentraleSupélec
Learn more about the Council on Business & Society
- Website: www.council-business-society.org
- Twitter: @The_CoBS
- LinkedIn: the-council-on-business-&-society
The Council on Business & Society (The CoBS), visionary in its conception and purpose, was created in 2011, and is dedicated to promoting responsible leadership and tackling issues at the crossroads of business and society including sustainability, diversity, ethical leadership and the place responsible business has to play in contributing to the common good.
In 2020, member schools now number 7, all “Triple Crown” accredited AACSB, EQUIS and AMBA and leaders in their respective countries.