Brand Trust - Mimecast
Brand Trust:One cyberattack is enough to loseconsumer trust and custom
It takes years to builda brand. A cyberattackthat exposes customerdata or even simplypaints the companyin a negative light cancause catastrophic lossof trust in an instant.
Trust is a cornerstone of anysuccessful business. Someprofessions – hairdressers, forexample – spring to mind more thanothers. But the fact remains: everybrand is built on trust, and once it’sbroken, a loss of custom almostcertainly follows.In today’s digital economy,consumers have more choice thanever when it comes to spendingtheir hard-earned cash. In such afiercely competitive environment,companies are going to great – andsometimes headline-grabbing –lengths to win customers’ attention.The investments are significant,the expected return high. However,most companies either ignore orunderestimate the most importantcompetitive differentiator of all –trust. All the marketing in theworld counts for nothing whencybercriminals use the brand todupe loyal customers by preyingon that trust.It takes years to build a brand. Acyberattack that exposes customerdata or that even simply paints thecompany in a negative light cancause catastrophic loss of trust in aninstant. In the last twelve months,attack volumes skyrocketed, asbad actors sought to exploit thepandemic. Experts don’t expectthreat levels to abate, if anything,it may well continue to rise, ashackers look to exploit the fearand confusion stemming from thepandemic and the slow return tosome form of ‘new normal’.Fortunately, all is not yet lost.Cybersecurity companiesare continuing to fend offcybercriminals and consumers areslowly but surely becoming wiserto everyday threats. But there’sstill more to be done in this neverending battle.Mimecast’s latest round of research,which features insights from over9000 adults (aged 18-65) in theBenelux, Nordics, United Kingdom,Germany, South Africa, Australiaand the Middle East.The goal? To raise awareness, getbrands on the front foot, and makeloss of trust a problem CTOs andCMOs never have to face.
Understanding the cyberthreat landscapeWhen it comes to understandingcyberthreats, it’s promising to see thatover three-quarters of respondentsagree that anyone can be a victimof cybercrime – and that they alsounderstand the risks involved.Knowing the risks and being able tomitigate them are two very differentchallenges, however. As the sayinggoes, awareness is the first stepto action.SADEmiddle aged menmost knowledgeable18-24 year oldsleast knowledgable78%75%agree anyone can be avictim of cybercrimeunderstand the risksof phishing or spoofingUnderstanding the risks of phishing or spoofingPerhaps unsurprisingly, it’s a similar story whenunderstanding the risks – if you’re more aware that anyonecan be a victim, it seems logical that you’d be more mindfulof the risks of phishing and spoofing.In summary, middle aged South African men are the mostknowledgeable when it comes to cybersecurity risks. On theother end of the spectrum, 18-24 year old Germans wouldbenefit from brushing up on their cybersecurity awarenesstraining and improving their cyber hygiene.
92%of South Africanrespondents are awareof their susceptibility tocybercrime71%of Danish respondentsare aware of theirsusceptibility tocybercrimeUnderstanding anyone can be a victimLooking across all the markets surveyed, South Africa is the countrymost aware of its susceptibility to cybercrime (92%). This is followedclosely by 81% of Saudi and UAE respondents and 80% of Australians.Denmark, on the other hand, is more (perhaps blissfully) unaware ofthe risks (71%).The generational gap when it comes to cyber awareness is even morestriking, with Gen X (45-55 YO) appearing a lot more savvy comparedto the (supposedly) digital native Gen Z (18-24 YO). 75% of millennials(25-34 YO) agree that anyone can fall victim to cybercrime, whichseems to follow a trend to more mature reasoning than their youngercounterparts.80%85%females agree45-55 YO agree76%75%males agree25-34 YO agree70%18-24 YO agree
How often are consumers being targeted?Since the start of COVID-19, cybercriminals have worked tirelessly to expose thevulnerabilities that come with widespread remote working. In Mimecast’s State ofEmail Security 2021 report (SOES), it was revealed that email-based security threatssoared by 64% in 2020.These latest findings return equally worrying results, and it seems no country isimmune, with consistently high averages across all the surveyed countries. SouthAfrica and the UAE battle it out for top spot. Over a quarter of respondents from bothcountries have landed on a spoofed website from social media or search engines orhave been directed to a fake website from a phishing email. This is in contrast to theNetherlands and Germany where only around 4 in 10 reported the same.79%received a phishingemail to their inbox50%received a forwardedphishing email54%have opened aphishing email
58%have landed ona spoofedwebsite fromsearch engines56%have landed on aspoofed websitefrom social media55%have beendirected to a fakewebsite from aphishing email
Threat-spotting: how are consumers mitigating risk?Most respondents check before they clickIt’s promising to see that most respondents from all regions do at least applysome form of checking before opening an email or landing on a website.While around a half of respondents in most of the regions carry out thenecessary checks, only around a quarter to a third of respondents in theMiddle East do the same. Meanwhile Australia appears to be consistentlygood at looking out for warning signs.There are a few ways consumers keep an eye out for anything untoward. Buta minority are still unaware of the overall threat. Of those who don’t carry outany checks (6%), 53% don’t know or are unsure of what they shouldbe looking for and over a quarter (27%) wouldn’t know how to check whetheran email is valid.Perhaps more worryingly, 2% said they would just open an email, regardlessof whether they thought it was suspicious. Brave or downright reckless? We’lllet you be the judge of that.Younger vs OlderDespite a majority of respondents from every region taking the rightmeasures on their email and landing page checks, can the same be said for allages?You might assume that doing the relevant checks would be second natureto the younger, digital natives, but surprisingly they fell behind the othergenerations with only 43% taking the necessary precautions. On averagearound half of respondents in all the other generations did the four mainsecurity checks. It’s clear that for Gen Z, more needs to be done when it comesto cyber hygiene.
Who is checking what is in phishing emails?53%52%47%43%check spelling ofthe email addresscheck spellingwithin the emailcheck emailsubject linecheck URLs withinthe email60% UK58% BE57% AUS54% DK54% DE53% SE53% NL53% SA35% KSA27% UAE59% BE59% SE57% AUS57% UK54% DE53% DK53% NL50% SA29% UAE25% KSA54% RSA54% AUS52% SE49% UK48% DE47% BE45% DK40% NL28% KSA27% UAE49% RSA48% NL46% BE46% UK41% SE41% AUS41% KSA37% DK35% UAE34% DE
Top 10 most trusted industries acrossall countries70%Healthcare69%Online banking65%Utilities63%Entertainment59%Local council/gov57%Online sWhat are the most(and least) trustedindustries?Once again, our findings return someinteresting results; and it’s clear that whenit comes to trust, not all industries arecreated equal. Healthcare leads the wayin terms of being most trustworthy andranks well above the least trustworthyindustry: holiday providers. This is despite asurge in cyberattacks targeting healthcareorganisations amid the pandemic – fromemails impersonating the NHS and theWHO to vaccine scams and DDoS attacks onhospitals.
What are the most(and least) targetedindustries?There is surprisingly little correlationbetween consumers’ perception of brandtrustworthiness and cyberthreats targetingthose industries. For example, while onlinebanking was the second most trusted verticalwe surveyed, it is also the most targetedacross all geographies. This trend maybe explained by a surge in cybersecuritymeasures among banks over the pastfew years. In effect, banks have revisitedtheir entire operating models, setting updedicated fraud desks handling any possibleissues customers may face around theclock and communicating extensively aboutit. Offering this level of security is now aUnique Selling Point (USP) for many banks,particularly for online and mobile customers.Holiday providers, on the other hand, areamong the least trusted, despite facing oneof the lowest rates of attacks.Consumers received phishingemails from brands in thefollowing industries28%Online banking26%Delivery23%Online retailers21%Entertainment16%Insurance13%Holiday providers16%News12%Utilities10%Local council/gov10%Healthcare
55%most commonmessage is ‘you’vewon a prize’Congratulationsyou’ve won a prizeDigging a little deeper, it also seemscybercriminals have some go-to tacticsand messages of choice. It won’t come asa surprise that the most common threatis emails or texts claiming that ‘you’vewon a prize’ (55%).Often, phishing attempts are soridiculous it’s clear they’re fromuntrusted sources. But occasionally,especially as bad actors refine theirtactics, consumers could be forgiven forconfusing those communications withthose sent by legitimate organisations.Other popular phishing email or textmessages includes40%Claim your payment now37%You’ve received an offer32%Your delivery is delayed or on hold32%Check your account NOW32%Someone has been trying toaccess your account
Just how much do consumerstrust their favourite brands?Unfortunately, as we’ve alluded to previously, whileconsumers can spot many phishing attempts,cybercriminals are unrelenting in their efforts to trickthe masses. In recent years, we have seen a surge inimpersonation attacks – starting with emulating popularbrands. While many consumers are cyber-aware,these attacks are still successful for over one third ofrespondents.46%of consumers don’t hesitate toopen an email from brands theyuse regularly36%of consumers don’t hesitate toclick on links in emailsfrom their favourite brandsBrand trust: how do the countries fare?Looking across the surveyed countries there’s also a disparity when it comes to brand trust.Sixty nine percent of South Africans don’t hesitate to open an email from brands they useregularly and 69% in the UAE don’t hesitate to click on links from their favourite brands. TheEuropean countries and Australia tend to be more neutral on the matter, with only 24% of theDutch not hesitating to click on links in emails from their favourite brands and 35% openingemails from brands they use regularly.One statistic that tells a slightly different story, however, is the fact that almost a third (30%) ofconsumers think they’re just as likely to open a phishing email as it is for their sensitive data tobe stolen due to a data breach suffered by a brand they use regularly.In the grand scheme of things, this final point doesn’t reflect too kindly on brands, and wemust ask the question: can they be doing more? In the following section, we explore theconsumer-brand relationship in more depth and the damage that almost inevitably ensuesonce trust is broken.
Being the subject of spoofing or phishingspells bad news for brandsThe jury is in: the impersonation of household brandsby bad actors can have a huge impact on the trust (andspending) of consumers.In fact, 61% agree they would lose trust in theirfavourite brand if they disclosed personal informationto a spoofed version of its website. Similarly, 61%agree they would lose trust in their favourite brand ifthey disclosed personal information to a faked websitespoofing that brand.And as is probably to be expected, this loss of trust isdirectly related to a loss of revenue. Over half (57%)of all respondents agree they would stop spendingmoney with their favourite brand if they fell victim to aphishing attack involving that brand.61%would lose trust in their favourite brand if that brand disclosed personal information to aspoofed version of its website61%would lose trust if theirmoney was stolen due toimpersonation57%would stop spending moneywith a brand if they fellvictim to a phishing attack
Breaking the research down on acountry-by-country basisThe Middle East and Africa are by far andaway the least forgiving towards theirfavourite brands if their money is stolen dueto a phishing email impersonating them.South Africa leads the pack.ME is also leading the way in agreeingthey would stop spending money withtheir favourite brand if they fell victim to aphishing attack involving that brand. TheUAE would be the first to stop spendingmoney.On the surface of things, it might seem thatDanish respondents are more forgiving.But the fact just under half (45%) would alsostop spending money would be a significantfinancial dent for brands.This data makes for a sobering read forcompanies relying on consumer trustand loyalty: despite spending yearsbuilding a strong rapport with their targetaudience, all it takes to lose that trust isone single cyberattack. This alone shouldmake companies more cautious when itcomes to their cybersecurity – and makedeploying tools to better monitor their emailcommunication or find and remove fakedversions of their website a strategic priority.loss of trust in theirfavourite brand if theirmoney is stolen dueto phishing orimpersonationcustomers that would stopspending money with abrand they use regularlyif they fell victim to aphishing attack81% RSA77% UAE78% KSA75% KSA78% UAE74% RSA67% UK64% UK62% AUS58% AUS53% DE48% DE50% SE48% SE49% NL47% NL48% BE47% BE45% DK45% DK
Consumers expect brandsto keep them safe78%expect services tobe safe to useBrands could be doing moreIt would certainly seem they need to, owing to the overwhelming volumeof consumers (78%) who expect their favourite brands to ensure theirservices are safe to use, be it websites, email, or any other form ofcontact with consumers.This figure shoots up to 93% in South Africa, with the UK (86%), UAE(82%) and KSA (81%) not far behind. But even the more forgivingGermans had 69% of respondents saying that they expected brandsto keep their services safe. Consumers are therefore showing a unitedfront on this opinion, regardless of age, gender or geography. In adigital-first world, having good products and responsive customerservice is no longer enough for companies: they now also have amandate to keep people’s data safe and take steps to prevent themfrom falling victim to cyberattacks involving their brand name.
Should brands take accountabilityfor cybercriminals?And it doesn’t stop there. Beyond keeping consumerssafe, a fair chunk of respondents also expects brandsto bear the brunt of responsibility should they ever becompromised. Be it failing to compensate customers,not being accountable, or simply being the brandassociated with a spoofed website or phishing emailthat resulted in a loss of money, failing to avoidcyberattacks or handling them in ways that meetconsumer expectations can impact perception of yourbrand.Brands hope it never comes to this, but ensuringconsumer safety is easier said than done. Since fakewebsites or phishing emails that impersonate brandsare outside of the company’s traditional systemsand processes, they’re difficult to spot – and mostorganisations are blind to them as a result. Evenunsophisticated attackers can easily register a domainthat looks similar to a legitimate one and create a fakewebsite that is virtually identical.Incidents most likely tonegatively impactperception of a brand35%Brands refusing to compensatecustomers33%Brands refusing to takeresponsibility for customersbeing deceived31%Losing money as a result ofinteracting with a faked website30%Losing money as a result ofinteracting with a phishing email
“I’m excited byDMARC. I think it willclose down anotherloophole exploited bycybercriminals, therebymaking the interneta safer place for ourcustomers and staff”Customer Testimonial
Stop direct domain spoofingwith DMARCIn today’s digital age, where onecyberattack is enough to loseconsumer trust (and custom),brands need to be doing everythingwithin their power to ensureconsumer safety – and to protecttheir own positive brand image.One way to do so is by stoppingdirect domain spoofing. In theongoing mission to safeguard theirbrands, more and more companiesare achieving this with Domainbased Message Authentication,Reporting and Conformance –better known as DMARC.In a nutshell, DMARC is an emailvalidation system designed touncover anyone using a brand’sdomain without authorisationand then block the deliveryof all unauthenticated mail,preventing customers, partners,and employees from receivingemails from impersonators. Thereare three key phases to DMARCdeployment:1. Monitor: The first phase ofenforcing DMARC highlights all theemails that come from, or appear tocome from, your brand’s domains.Some may be from legitimate thirdparties engaged by marketing orother groups within the business.Others may be illegitimate.2. Analysis: The next step is tosuss out illegitimate senders. Thisrequires a collaborative effortbetween the security team andmarketing; it could also involveother departments according toyour setup and how serious thethreat is. Depending on how manyservice providers are sending outemails on behalf of the organisation,this can be a lengthy process.With a block and allow list in hand,you can set your DMARC policy toquarantine suspicious emails bysending suspicious emails into therecipient’s spam folder.3. Rejection: The ultimate goal ofDMARC is to reach a reject policy,whereby any time an unauthorisedsender uses a brand’s domain, thatemail is rejected by the receivingemail server – so it never reachesthe intended recipient.It’s likely for this reason that in thisyear’s State of Email Security 2021report, more than eight out of 10(85%) respondents indicated thattheir companies are already makinguse of DMARC, are in the process ofimplementing the protocol, or planto do so in the next year.
“If you have brandprotection by way oftrademark or copyright,you must consideronline brand protectionas part of the samestrategy”Customer Testimonial
Find and neutralise brand imitationwith Brand Exploit ProtectBrand impersonation attacksthat compromise customers andpartners are devastating. Theydestroy trust, are extremely difficultto uncover, and even harder to shutdown. Unfortunately, they’re also alltoo easy for criminals to create.Even unsophisticated attackers canregister domains that look like yoursand use your brand as bait to targetthe people who trust it. And, whileDMARC can help, it’s only designedto be effective against domainsyou own. Ultimately, it’s no longerenough to protect just what’s yours– it’s time to move from defence tooffense.One of the most effective ways toblock brand attacks before theycan launch, as well as stoppinglive attacks in their tracks, is withMimecast’s Brand Exploit Protect(BEP). Our innovative service usesa combination of machine learningand quadrillions of targeted scansto identify even unknown attackpatterns at an early stage, blockingcompromised assets before theybecome live attacks. Or, if activeattacks are discovered, they canbe rapidly remediated to minimisedamage.Of the many ways cybercriminalsexploit your brand, linkmanipulation, or the registering ofdomains with names very similarto legitimate brand web pages, is apopular choice for bad actors – withmanipulated links often directingusers to fake websites that hostmalicious content.Often, this works in conjunctionwith website spoofing: the term weuse to describe spoofed websitesbuilt by cybercriminals that looklike legitimate brand sites, whichusers are usually directed to viamanipulated links.Unfortunately, anyone can be avictim of brand impersonation –especially if they have a websitewith a customer login. But thebigger your brand, the harder thephish, with larger companies oftentargeted as they can siphon awaypotential money or credentials.Fortunately, Mimecast’s BEP hasyou covered, regardless of yourbrand’s size. Combined with fullDMARC visibility, reporting andenforcement, it helps you protectagainst the misuse of your owneddomains as well as spoofeddomains, covering both externaltargets and your own organisationand employees.That’s end-to-end email and brandexploit protection from a single,trusted leader in the market.
Key takeawaysConsumer trust is paramount to abrand’s financial success and reputation.57%% of respondents agree they wouldlose trust in their favourite brand:61%respondents agree they would stopspending money with their favouritebrand if they fell victim to a phishingattack leveraging that brand.if they disclosed personal informationto a spoofed version of the website.61%if their money was stolen due to aphishing email impersonating them.The onus is on brands to secure theiremail communications and theirwebsites; their customers expect it.78%69% AND 70%respondents agree it is the brand’sresponsibility to protect itself from emailimpersonation and from fake versions ofits website respectively.respondents expect theirfavourite brands to ensuretheir services (website,email, communications etc.,)are safe to use.Brands’ biggest loss of reputation comes from:35%33%refusing to compensate customers who werevictims of cyberattack leveraging their brandnot taking responsibility for cyberattacksleveraging their brandTop trusted industries:Most leveraged for phishing attacks:Healthcare, Online Banking, UtilitiesOnline banking, delivery services, and online retailers
Protect your brand1. To best protect against brandimpersonation, marketers andcybersecurity teams must begin aproductive, constructive partnership.2. Enforce DMARC- an email authenticationprotocol to stop bad actors from deliveringharmful emails that appear to come fromyour brand’s domain.3. Use third-party brand protection services,like Mimecast Brand Exploit Protect.4. As the research shows, transparency withcustomers is key.
GL-3438
Brand Trust: One cyberattack is enough to lose consumer trust and custom . It takes years to build a brand. A cyberattack that exposes customer data or even simply paints the company in a negative light can cause catastrophic loss of trust in an instant. Trust is a cornerstone of any
providing them with rich contextual information, enhancing their SharePoint experience; Mimecast Archive Power Tools is an add-on that offers superior mailbox management features to improve user experience and remove further load from Exchange; Mimecast File Archive is an add-on that extends the Mimecast archive to include files .
Mimecast for Outlook You can send attachments safely and securely via Large File Send in Mimecast for Outlook. Once a Large File Send message has been successfully sent, a notification will confirm the message was sent. Should a Large File Send message fail, use the Large File Send Manager to attempt to resend or cancel the message in question.
Brand trust refers to consumers’ perception about the ability of a brand to perform in accordance to its promise (Chaudhuri & Holbrook, 2001). According to Esch et al. (2006), brand trust accelerates a level of commitment consumers have with a brand. It implies an at
Strategic Brand Management Exeter MBA and MSc –Day 2 Brand Strategy Jack Buckner Aaker’s Brand Identity System BRAND IMAGE How the brand is now perceived BRAND IDENTITY How strategists want the brand to be perceived BRAND POSITION The part of the brand identity and value pro
brand equity, brand image, brand personality and brand extension. 2. Brand Extension. Brand extension is a marketing strategy in which new products are introduced in relation to a successful brand. Various experts have defined brand extensions differently . though, these definitions look quite similar. Kotler and Armstrong (2002) defined brand
Brand values help to remain true to your brand values and will increase employee engagement. Benefit 2 Brand values make your brand more memorable. Benefit 3 Brand values will create deep emotional connections with your audience. Benefit 4 Brand values will maintain brand authenticity. Benefit 5 Brand values will guide everyone on your team .
brand awareness, brand association, perceived quality and brand loyalty to estimate brand equity [11]. Reference on Aaker, we define brand asset with four dimensions: brand awareness, brand association, perceived quality and brand loyalty. Brand awareness is the ability to consumers or potential consumers to realize relationships between a certain
opinions about the courts in a survey conducted by the National . criminal justice system, and that black women are imprisoned at a rate seven times greater than white women. The report indicates there has been an increase in their incarceration rate in excess of 400% in recent years. Further, three-fourths of the women, according to the report, were mothers, and two-thirds had children .
