Many organizations have taken the first steps toward interweaving the concepts and principles of customer experience (CX) as a management discipline into their respective companies. With the support of company executives, employees, and credentialed CX professionals, foundations have been built around CX strategy, experience design, employee engagement, metrics, and voice of the customer practices. We've seen some fabulous, pioneering work in customer feedback, process improvements, cross-disciplinary teaming, journey mapping, and digital tools, for example. That’s work to be proud of!
Now, in the spirit of innovation, if you have some of those basics in place, it's time to step back and assess:
Are the practices and principles of customer experience as management discipline at work in all corners of the business? Where aren't the practices in place? Where should they be? What does that look like on a practical level?
I ask these questions because if the ultimate goal is to create a customer-centric organization, then the concepts and principles of CX as a management discipline cannot be off limits to any corner of your organization. Yet for many businesses, there are many "uncharted territories," so to speak, where CX practices haven't been utilized, but should, in a quest to become truly "customer-centric."
This post is the first in a multi-part series of condensed chapters from my Kindle eBook where I talk about those "uncharted" territories.
The concepts I have to share aren't about the basics. I won’t be covering the tactical aspects of survey design, metrics, empathy, or journey mapping, for example. These posts are intended to go beyond the basics, toward a practical understanding of where and how CX practices and concepts can be applied throughout the organization.
Part 1: The connection between data security and customer experience.
Data security breaches, hacks, and leaks have become so ridiculously common that you can't help but wonder, "Should customers just expect to have their personal and transactional information stolen at some point, as part of their experience?" Data security and customer experience are two things that go hand-in-hand. But we’ve never really explored the reasons why the two are not mutually exclusive. Sarah Evans and I also talked about this in our recent interview for Growth Matters Network.
No industry has been immune to breaches. Tens of millions of customers of well-known organizations like Target, Panera, Delta Airlines, Verizon, Deloitte, Yahoo, Saks, Jason’s Deli, Orbitz, and the U.S. Office of Personnel Management (OPM) have had their personal bank account numbers, credit card numbers, social security numbers, e-mail addresses, passwords, and home addresses and phone numbers stolen, exposed, held for ransom, or offered for sale on the dark web. Equifax, the consumer credit reporting agency that collects and sells credit information on hundreds of millions of consumers, and also sells fraud prevention services to customers, experienced a breach in 2017 that exposed more than 145 million consumers to fraud.
That's not ok.
Breaches impact customers in significant ways, sometimes to an extreme that includes personal identity and financial cost and loss. After the 2017 Equifax breach, one survey found that consumers spent a collective $1.4 billion on credit freezes in the hopes of mitigating identify theft risk.
Ready for the one-two punch?
Costs up to and into the hundreds, of millions of dollars also loom for businesses and agencies themselves— cost which inevitably wind up being passed along to customers. OPM after its 2015 breach awarded a $133.2 million contract to a company “for identity theft protection services for 21.5 million individuals whose personal information was stolen in that breach,” according to a press release on OPM's website. Of course, taxpayers footed that bill. Retailer Target, after its 2014 breach, which was said to have impacted up to 100 million customers, partnered with a credit monitoring company to offer one year free of identity protection to victims of the breach, which almost certainly eventually wound up costing customers in the way of higher prices.
Congress has become involved, and the business community is participating. In March 2018, a group of retail-oriented trade associations sent a letter to the House Financial Services Committee supporting a uniform federal law that would govern what all businesses have to do to inform customers after a breach. The letter is worth noting because it highlights a reality that some consumers may not know about: recent draft legislation and some older rules make it mandatory for retailers, but voluntary for financial services institutions to report breaches to customers. More breaches happen in financial services institutions compared to retailers, as the letter to the HFSC points out. Should any company be off the hook when it comes to notifying customers of a breach? Companies and their customers may have a difference of opinion on the matter.
Customers are ready to take their business elsewhere with a couple of swipes on their smartphones.
Customers aren’t sitting idly by waiting for new assurance of security after a breach. In fact, some are getting pretty pissed off about not being notified, specifically, in the context of a breach. Some customers are even ready to take their business elsewhere with a couple of swipes on their smartphones. In 2017, SAP surveyed more than 20,000 consumers all over the world. In that survey, consumers said they expect brands to protect consumer interests, including privacy and protection of their personal data. From the same survey:
“More than 83% of those in Europe and Latin America said they would break up with a brand if they used consumer data without their knowledge. Those in the U.S. and Canada find breaches in consumer data use and unresponsive customer service almost equally unforgivable.”
Customers are saying it loud and clear. Data security is connected to their experience. Customers expect the companies they do business with to respect and protect their data. That means CX leaders need to explore and support data security endeavors with just as much vigor as the voice of the customer, metrics, employee engagement, customer research, journey mapping, governance, and design thinking work.
I’m not saying it is necessary for CEOs, COOs, or CX pros to become IT experts. It is necessary, however, to get behind the company's data security work. It is necessary to be the voice that humanizes the conversation around data security, breaches, and hacks. The CX leader should be the first person to raise a hand, advocate for, and offer to help with a customer notification effort.
Close your eyes and think about the concept of a data breach. What do you see in your mind’s eye? If it’s a computer mainframe, or inanimate object of any kind, you’re on the wrong track in your thinking. If it’s a customer’s face, or a group of customers’ faces, then you’re on the right track.
Customers assume a certain level of trust in your business when they share credit card information, e-mail addresses, home addresses, and cell phone numbers with you. That trust must be honored.Security is now a part of the customer’s reality. That’s why it should also be part of the CX leader’s reality.
In upcoming posts, I'll share more concepts that outline the "what, why, and and how" of the potential, practical connections you can explore between CX and policy development, agile methodologies, strategic planning, marketing and public relations, and business risk.
All views are mine. Follow me on Twitter: @stephaniethum.
Sources
Equifax breach impacted 2.5 million more people than originally thought. Source: CNN Money, October 2, 2017. Link.
Another company blows off breach notification for months, lies about affected customers when it's exposed. Source: Tim Cushing via Techdirt.com, April 9, 2018. Link.
Nearly 1 in 5 Americans Froze Credit After Equifax Breach. Source: Fundera.com, March 7, 2018. Link.
OPM, DoD Announce Identity Theft Protection and Credit Monitor8ing Contract: Victims of Cybercrime to Receive Three Years of Services. Source: OPM.gov, September 1, 2015. Link.
What Target customers should know about identity theft protection. Reuters, January 14, 2014. Link.
Free credit monitoring and identity theft protection with Experian’s ProtectMyID now available. Source: Target.com, January 13, 2014. Link.
Retailers ask House committee to close ‘significant loopholes’ in data breach notification bill. Source: NRF.com, March 7, 2018. Link.
The dating game: Love and loss in the modern era. Source: SAP Hybris, December 2017. Link.