Organisations have been put on notice that they need strong cyber security protections to limit customers’ exposure to cyber threats or risk serious brand damage, new research has found.

And companies that don’t protect Australians from cyber threats can expect to see people abandon them.

Almost 60 per cent of Australian consumers say they would stop spending money with a brand if they fell victim to a phishing attack involving that brand, and 60 per cent say they would lose trust in the brand if it disclosed personal information to a spoofed version of their website, according to a new Mimecast Brand Trust report.

“Online brands need to consider the cost of customer acquisition, as losing customers due to a cyberattack – which could have been prevented – is a major concern,” Garrett O’Hara, field chief technologist at Mimecast APAC, told Information Age.

In a digital-first world, companies have a mandate to keep people’s data safe and take steps to prevent them from falling victim to cyberattacks involving their brand name, the research found.

"Organisations need to put brand protection measures in place, as it is clear that in the event of an attack, the customer is likely to walk away and turn to a more trustworthy brand,” O’Hara said.

It’s a clear and present threat, with the global survey including responses from 1,000 Australian consumers finding no country is immune and consistently high averages across all the surveyed countries.

In Australia, 77 per cent of respondents reported having received phishing emails in their inboxes and 49 per cent of respondents were directed to a spoofed website from a web search.

Consumers are clear that businesses have a responsibility to secure their email communications and guard against fake versions of their websites.

Some 78 per cent of Australian respondents expect services to be safe to use, and more than two-thirds believe the buck stops with the brand.

O’Hara said people want to feel safe in the knowledge the “brands they are interacting with online are legitimate and confident they’re not handing over their details to cybercriminals”.

Why the most trusted industry is also the most common threat

When it comes to trust, not all industries are created equal.

In Australia, the top three most trusted industries are online banking, healthcare, and utilities, the research found.

In particular, online banking is one of the most trusted industries.

Consumer trust in this industry is in part due to the role banks play in communicating with customers about threats and scams, providing advice on what to watch for, and how consumers can best protect themselves.

However, most phishing emails are related to banking, putting people at considerable risk.

Knowing this, cyber attackers exploit the trust consumers place in banking brands – and they are becoming more sophisticated, making it harder for people to distinguish real emails from fake ones and, as a result, which messages to trust.

But O’Hara pointed to one positive that has come from this – banks have been forced to invest more in communication with customers about threats and scams, provide advice to consumers on what to look out for and offer tips on how they can protect themselves.

“Other sectors should be encouraged to learn from them,” he added.

When it comes to the biggest fears consumers face engaging with brands, it’s disclosing personal information to scammers and losing money.

If either of these happen, not only will consumers stop trusting the involved brands, but they will stop spending money regardless of whether it’s their favourite brand, one they regularly use, or just one they’re familiar with.

And in terms of the most leveraged for phishing attacks, there were delivery services, online banking and entertainment services.

“With the recent lockdowns and a peak in online communication, it makes sense that the most leveraged industries for phishing attacks were delivery services, online banking and entertainment services,” he added.