CX vs. Data Security: Striking a Balance for Success
In an ever-digital world, customer experience can demarcate the line that separates a successful business from an unsuccessful one. However, does having a thriving customer experience implementation mean companies have to do away with the appropriate cybersecurity? Read on to know.
- In an ever-digital world, customer experience can demarcate the line that separates a successful business from an unsuccessful one.
- However, does having a thriving customer experience implementation mean companies have to do away with the appropriate cybersecurity?
A seamless customer experience that is personalized and relevant can make or break a business. About 85% of the respondent executives in Oxford Economics and Adobe’s State of Digital Customer Experience (CX) said improving the customer experience is a top or significant business priority.
Oxford Economics found that prioritizing CX leads to higher new customer acquisition rates (+23%), higher lead generation (+18%), greater referral rate (+17%), increased chance of repeat business from the customer (+12%), and a higher profit per customer or account (+9%).
Even the U.S. government seeks to reap the benefits of a well-implemented CX strategy. Last year, the Biden administration requested $500 million as part of the fiscal 2024 budget for nine federal agencies, including Homeland Security, Treasury, Labor, Census Bureau, Social Security Administration, and more.
The half-a-billion funding request follows President Biden’s 2012 Executive Order for Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government. It precedes the 2023 National Cybersecurity Strategy that aims to build the public’s trust.
Even as the government realizes the importance of the two, the question is: are public or private organizations doing enough to coordinate data security with CX?
How Can Security Protocols Impact CX?
One of the more crucial elements of a great CX is something that the average user is increasingly becoming wary of the risks of sharing with a business over the internet: their valuable data. This directly prohibits companies from offering personalized experiences.
As many as 60% of respondent customers in the State of Digital CX said they would stop interacting with businesses because of the need for more transparency over how data is used. Because in case the organization suffers a data breach, the customer is at risk from adversaries and the typical scammer who obtained the breached data illicitly.
Moreover, a substandard user experience marred by heedless security mandates may lead to an unsatisfactory CX. “Security can sometimes require extra steps to accomplish the same goal, such as requiring multi-factor authentication when logging into an account or the requirement for a complex password, and when these things are implemented poorly, they can cause considerable friction for the end user or customer,” Erich Kron, security awareness advocate at KnowBe4, told Spiceworks over email.
“Unfortunately, some organizations don’t consider the impact on the user experience when laying out requirements or looking at the customer journey.”
It can seem like a typical catch-22 situation—businesses want to deliver a fabulous CX without compromising on cybersecurity and privacy frameworks mandated by regulations. In contrast, the appropriate cybersecurity can lead to a degraded CX.
Except, it isn’t. It is essential to shed the lens that puts CX in conflict with data security and view the two as they are—highly intertwined.
For businesses, building trust should pave the way for CX.
Data security, privacy, and regulatory compliance are thus non-negotiable aspects of creating a good CX.
But how can organizations appropriately address the contradiction of the tradeoff between CX and security?
Can CX and Data Security Co-Exist?
“Data security can co-exist with a good customer experience; however, it needs to be well thought out, and in some cases, some security requirements could be made optional as opposed to being mandatory,” Kron added.
In other words, lose what is unwarranted, implement what is needed, and implement it well enough to avoid impacting the CX.
In fact, Aberdeen Strategy & Research discovered that integrating identity and privacy into the broader context of proactively managing digital customer experiences can improve e-commerce performance by lowering cart abandonment rate, improving conversion rate, and increasing the average order value.
The right customer identity and access management solution allows businesses to address data privacy compliance requirements with minimal friction and greater convenience to shoppers, per Aberdeen’s Integrating Identity And Privacy With Digital Customer Experience: Turning Negatives Into Positives report.
FIDO Alliance’s survey of 10,000 consumers in 10 countries, including the U.S., the U.K., Germany, India, and China, revealed that 43% of shoppers had abandoned a purchase at least once and 59% of people had abandoned accessing an online service at least once because they couldn’t remember their password.
Moreover, the right customer identity and access management tool helps to address growing cybersecurity threats – 84% of respondents in Aberdeen’s research said that some number of their online users had experienced a successful account takeover in the trailing 12 months.
So, the question shouldn’t be whether CX and data security co-exist. It should be: Why aren’t CX and security more intertwined?
See More: Can the CxO Turn a Blind Eye to SSE?
How Can CX and Data Security Co-Exist?
1. Greater collaboration between CX and cybersecurity teams
One of the first things organizations can do is to bridge the gap between cybersecurity and CX teams. Siloed development hasn’t and can never help to achieve both objectives simultaneously. The two teams, which have varied outlooks, must work together if the end goal is to deliver a safer CX.
“Simply put, the CX needs to be considered when implementing security controls. However, it often seems that step is skipped. In addition, testing security controls with a limited audience that will provide feedback can help identify areas of friction or difficulty that can sour the CX.”
For example, consider DevSecOps, which evolved to integrate security in the product, application, or software development lifecycle. The intention was to make software security a shared responsibility from the onset of development. Similarly, CX must be incorporated within the security component of the product development.
2. Use non-personally identifiable information for CX where possible
Non-PII data such as IP addresses, cookies, and device IDs can be leveraged to provide specific degrees of personalization. “Determining the language being displayed could be done through basic geolocation [based on the user’s IP] without associating it with the account or user,” Kron said.
Device IDs can help with targeted marketing based on the browsing patterns of the device. This disassociates users from the marketers, though it may offer a different level of personalization than leveraging PII.
“This may not always be perfect,” Kron continued, but “can be a low-effort way to improve the experience for the user.”
3. What are you protecting?
It is vital to base security decisions on the data in consideration. It can be imprudent to allocate unnecessary resources to secure inconsequential data with little value.
“Organizations need to consider the type of data being protected and the level of security required to protect it. There should be stronger security requirements to protect PII or PHI, or financial data, compared to an account used for ordering pizzas online or one that contains other less sensitive information,” Kron said.
Organizations can ensure the appropriate security by performing regular audits and instituting best practices accordingly. For sensitive data, leveraging role-based access strategies and zero trust on a broader level should be the way to go.
Using the right, and not the best, security is also essential for user-facing applications. “Far too many times, I’ve seen access to basic accounts that are overprotected through controls, such as not allowing the pasting of a password into a login field. This can make using security tools, such as password managers, ineffective because, in those cases, people are far more likely to reuse passwords than using a unique one generated by a password manager.”
4. Adopt a privacy-by-design approach
- Establish transparency mandates and create a team specifically to address customer concerns on privacy.
- Communicate when the data is being collected and for what purpose.
- Design products using automatic timed logouts and allow easy opt-outs from services.
- Educate customers on the ramifications of sharing sensitive information and proactively inform the latest updates to privacy regulations.
- Highlight the organization’s successful adherence to regulations.
How does your company balance CX with cybersecurity? Share with us on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock
MORE ON CUSTOMER EXPERIENCE AND CYBERSECURITY
