In last month’s blog, How cyber security supports reputation management, we talked about the risks for businesses when they suffer a cyber attack that leads to a security breach.
These risks are often seen as financial only; but of course, there is a risk that you will lose customers if they think you can’t look after their personal data.
Behavioural science suggests that it’s not quite as clear cut as ‘customers will leave’. Of course, businesses do lose customers after a cyber attack. Sometimes that’s because a successful attack undermines trust in the business. Sometimes, it’s because the communications around the attack have been poorly handled. Sometimes it’s just because customers were thinking about moving anyway, and the attack spurs them on.
But plenty of customers will believe a company if it says they have managed the event and their data is ‘now safe’. LinkedIn has been hacked at least twice – people did not leave in droves.
In terms of behavioural science, the notion of commitment and consistency plays a part. In his book Influence: Science and Practice, Dr. Robert Cialdini explains how humans value commitment and feel positive about being seen as consistent. Importantly, he notes how we often defend our position in order to be consistent – even when the evidence tells us that the ‘consistent’ decision was the wrong one.
That certainly seems true of individual customers – we have committed to a relationship with a business, and we will stick with them, even if they lose our data. And, it’s a hassle to change.
Inertia keeps consumers loyal to services even after negative events like cyber breaches. This is driven by Status Quo Bias—a preference for the current situation over the effort of change (Samuelson & Zeckhauser, 1988)—and Loss Aversion, where potential losses from switching feel more significant than potential gains. Automatic renewals and perceived switching costs, such as effort and inconvenience, further reinforce inertia. According to Fogg’s Behavior Model (B=MAP), low motivation to leave, combined with the convenience of staying, often outweighs the prompt to switch. Ultimately, cognitive biases and practical barriers can make customers reluctant to abandon services, even when their data security is compromised.
The same does not apply to business customers, however. When your customers are ‘entities’ rather than people – even if you have a good relationship with your account manager or buyer – they will act in the best interests of the entity, so are much more likely to look for a new supplier straight away, if they have lost trust in your business.
So, if you are running a Business-to-Consumer operation, you might lose just a handful of customers because of a cyber attack. But if you run a Business-to-Business company, be prepared for them to jump ship far more quickly.
How can you support your customers to stay?
Most businesses will experience a cyber attack or security breach. Across the UK alone, 70% of medium sized companies and 74% of large businesses reported a cyber attack attempt in 2024.
So, whether you’re interested in preventing an initial attack, or you’re improving your systems and processes after suffering a loss, here’s what your corporate customers expect:
- That you will always be transparent with communications
- That you are honest about the systems you have in place to protect data
- That you are taking data protection seriously and understand the impact on customers
- That you can be trusted with personal and private data
Show them you’re making a difference
Can you prove that you have given your people the best cyber security training? Can you show your business customers evidence of ongoing, focused and professional commitment to keeping their data secure?
Partnering with Psybersafe gives you access to continual online training that’s rooted in behavioural science and proven to work in corporate-focused organisations of all sizes. With a user-friendly dashboard that lets you see progress across your business at any time, and carefully developed bite sized, fun episodes that genuinely engage your staff, our training forms an essential part of your wider cyber security approach, helping you to retain existing customers and attract new opportunities.
Just contact us to find out more about how we can help.
At Psybersafe, we help organisations across the UK and Europe—including financial institutions and engineering firms—strengthen their cyber defences with ongoing online training based on behavioural science research. Combining technical security measures with behavioural training creates a safer, more resilient business and reinforces a reputation for serious cyber security.
We love behavioural science. We’ve studied it and we know it works. Why not contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. to see how we can help your organisation gain better, long-term cyber security habits? If you want to know more about the science of persuasion and influence and behavioural science in general have a look at our sister site https://influenceinaction.co.uk/
Sign up to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.