Lessons in Wonga woes.
A cyber security expert at the University of Surrey, Professor Alan Woodward, said it is: “’looking like one of the biggest’ data breaches in the UK involving financial information.”
Of course, cyber-attacks are becoming ever more sophisticated – as Wonga themselves state in the generic statement on their website – and no organisation is immune to potential incidents (look at Yahoo and TalkTalk last year), so it’s vitally important that businesses are well-equipped to deal with any fall out.
Indeed, with focus on user experience and care, it would be interesting to get customer feedback on the way in which Wonga has handled the situation: it is believed that they knew about the breach at some stage last week but, because they didn’t initially think that personal data was involved, they didn’t start contacting customers until Saturday.
The final straw?
In addition, the company buried its initial statement about the security breach in one corner of its website (so it was barely visible) and even passed responsibility back to the customer as to whether to take action, stating: “We believe that your account is secure and you do not need to take any action. However, if you are concerned then you may wish to change your Wonga password.”
I mean, come on, surely putting the onus on to the consumer is tantamount to asking a technophobe to write a software programme for a space probe?!
Unfortunately for Wonga, this breach – along with the way they are handling it – could well be one crisis too many: the firm has been working to rebuild its relationship with customers since 2014, when they had to write-off $340 million in unpaid loans following an investigation carried out by the UK’s Competition and Markets Authority, who also fined them for sending fake lawyers’ letters to customers.
They also took a hit – and their losses doubled – in 2015 when the UK financial regulator tightened short-term loan criteria.
Putting protocol in place
We don’t know whether Wonga has procedures in place for reacting in such an instance but if they don’t, they should: as should all organisations: in this technical age, cyber-security is the one worry that keeps business owners and board members awake at night and it is business-critical that plans are in place for how and when to inform affected parties, what to tell the media and any regulatory bodies and for repairing the vulnerability.
And, of course, it’s not just data breaches that have to be planned with military precision.
Unfortunately, a lot of organisations don’t have incident response plans in place: a 2015 security survey by Ernst & Young revealed that: “only 43% of respondents said they had a formal incident response program”. A rather shocking statistic and one that needs to change.
Large firms and corporations generally have the financial capacity to recover but unplanned events can have a devastating impact on small and medium-sized businesses, resulting in a loss of customers and, potentially, cessation of the company, so it’s vital to plan ahead for all eventualities.
Think about the things that may impact you: it could be anything from flood or fire to IT system failure, the loss or illness of a key staff member or product recall. Think of the effect the crisis would have and aim to put plans in place to minimise potential fallout.
If an incident does occur, no matter what your line of business, open, honest and timely communication with users is critical. Not only can this prevent the problem from escalating but also, how you respond to customers can influence their future user experience: if they feel they are sufficiently valued to warrant a candid insight into the issues you are facing, they may think twice before considering taking their business elsewhere.
Of course, consumer satisfaction and loyalty don’t just start and end in a crisis. To deserve a favourable response in times of trouble, you need to have met and exceeded customer requirements and expectations at all stages of your relationship.
Your business is your customers. Without them, your reason for being ceases and having a monopoly on your market is highly unlikely: there will always be someone that can step in and fill a void if your users find you lacking.
So don’t wait for things to go wrong, do your customer satisfaction surveys and user experience research now to learn more about customer behavior, needs and beliefs. Get that right and connect with your customers now and they are more likely to stand by you and show their loyalty when you need them most.
For assistance with analysing customer experience and building connections, get in touch with the team at The Monachie Project.