Home Page » Backup Systems Disaster Recovery Blog » New research shows how cyber-attacks damage customer confidence

New research shows how cyber-attacks damage customer confidence


British Airways (BA) has yet again been involved in a cyber-attack. The second high-profile attack in as many years. This time the firm that manages the data of BA’s executive club members got hacked. So how does this affect customer confidence?

We tend to think of cyber-attacks as a problem the IT Department needs to solve, but if it damages the reputation of the brand then the Marketing team need to also be concerned.

To add some evidence on the issue, we commissioned independent research with a very simple question; “After a company has been the victim of a cyber-attack and personal data has been stolen, how would you react if you were a customer?”


The result from over 200 UK consumers is on the chart.

Some may take comfort from the fact that 27% would continue to use the company affected, and only 28% would use a new company.

But perhaps the most damaging result is the 45% that ‘may’ use a new company. They are the largest cohort and are people that could easily be persuaded by a competitor to switch allegiance.

Even more worrying is they are highly unlikely to recommend the brand to friends and family. Their confidence has been damaged.

The rising number of attacks affects everyone

High profile attacks, such as BA, Woodland Trust and Amey, grab the headlines, but they mask the huge number of phishing, ransomware and cyber-attacks that affect thousands of organisations every day.

In the latest attack, BA did the right thing and informed all the customers that may have been affected in an email on Friday 5 March. No doubt Sita, the Swiss-based company that manages executive club data on behalf of BA and many European airlines, would also have informed the data regulators as part of their GDPR commitment.

Although Switzerland is not part of the EU, it must still inform the data regulators within 72 hours of a data breach if the data includes information on EU citizens.

Organisations in the UK also have a legal duty to inform the Information Commissioner’s Office (ICO) and any customers affected. So there is nowhere to hide if you are a victim. Everyone will know.

A third attack on BA, whether it’s on BA’s systems or an outsourced supplier, would leave travellers questioning if their personal data is in safe hands. Very few companies have a monopoly and customers always have a choice of supplier.

The role that data security plays in customer acquisition and retention has not really been explored – but our research shows it has an effect.

We will be conducting more research on this and other data security subjects, if you want to be kept informed please sign-up for our Backup Bulletin.

Share with colleagues: