2005 Most Trusted Companies
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View 2005 Most Trusted Companies as PDF for free.
More details
- Words: 3,825
- Pages: 11
2005 Most Trusted Companies for Privacy Study ©
Summary Report Prepared by Ponemon Institute, LLC Report Dated September 20, 2005
Ponemon Institute© Please Do Not Use Without Express Written Permission.
2005 Most Trusted Companies for Privacy
©
I. Executive Summary We are pleased to present the results of our second annual Most Trusted Companies for Privacy Study. The purpose of the study is to have consumers assign a rating to companies according to how much they trust these organizations to protect the privacy of their personal information. The study was conducted by Ponemon Institute and TRUSTe. Why is trust important for companies? Based on previous consumer studies conducted by Ponemon Institute, it has been shown that companies perceived as trustworthy are rewarded with a higher degree of customer loyalty and retention. Moreover, according to the 2005 Online Consumers Permission Study conducted by Ponemon Institute, it was found that consumers are willing to share more personal information with companies when they have a trusted relationship. Understandably, the more informed a company is about the purchasing habits and preferences of its customers, the more likely it is to increase sales and revenues. We offer one cautionary note about the results of the 2005 Most Trusted Companies for Privacy study. Based on previous consumer studies we have conducted, we have found that consumer perceptions about privacy and trust can be influenced by a number of factors. In fact, the ratings may not reflect at all the actual privacy practices of the company and its efforts to protect the personal information of its customers and employees. Further, what a company does in the area of privacy and data protection can be invisible to the customer until he or she experiences a problem and seeks redress or has a question that needs to be answered. Some factors influencing consumers’ perceptions can include a favorable (or unfavorable) opinion about a company’s brand and products, a personal experience with a call center employee or other employee or how well the company’s advertising messages resonate with them—especially if privacy and protection of identity are included in the promotion. Trust may also be earned when a customer receives an order on time and in good condition. We also believe media coverage of companies experiencing a security breach can affect not only an individual company but the industry as well. It is interesting to note that in this year’s study the trustworthiness rating of the banking industry has slipped from Number 3 to Number 7. The decline in trust could perhaps be attributed to the rash of news reports on security breaches of credit card information. The most trusted industries in this year’s study are healthcare organizations, Internet Service Providers (ISPs) and consumer product companies. Considered not as trustworthy for privacy commitments are the toy, hospitality and food service industries. II. Survey Method Our Web-based research study asked respondents to name one to five companies in 23 industries listed in the study they believed to be the most trustworthy when handling their personal information. Company names were not provided in the survey instrument to allow each participant to freely select the organizations believed to be most trusted for privacy. Participants were asked to apply the following definitions when determining the companies they trusted most for privacy: •
Personal information – Information about yourself and your family. This information includes name, address, telephone numbers, e-mail address, Social Security number, other personal
Ponemon Institute ©: Private & Confidential Document
Page 2
identification numbers, access codes, age, gender, income and tax information, shopping information, account activity and many other pieces of data about you. •
Privacy trust– Your belief that the company is honoring its privacy commitments to you, and keeping your personal information safe and secure. This includes its commitment not to share your personal information unless there is a just cause or you have given your consent.
Our fieldwork ended on August 9, 2005, with the collection of 6,792 useable responses over an eight-week period. We asked participants to list one to five companies in various industry sectors that they believed to be the most trustworthy for honoring their privacy commitments. According to their responses, we compiled a list of the most trusted companies for privacy. The aggregated list in our analysis contained 203 different company names, compiled from almost 28,000 individual company ratings. Using the same ranking procedures as in our 2004 study, we careful executed the following decision rules to compile this year’s list of most trusted companies for privacy: 1. All companies with 20 or more individual positive ratings were included in analysis. Companies with less than 20 positive ratings were excluded from further inspection. 2. A combined rating system composed of three ranking procedures was used to determine the overall rank of a given company. Following are the three different rating schemes: •
R1: The rank order of a given company based on the net positive responses. While this metric is unambiguous, it is biased. Larger companies or those with a bigger brand name would be more likely to earn a higher net response.
•
R2: The rank order of a given company based on the percentage of “first place” ratings. This is an unbiased metric because the percentage is not associated with the size of a company.
•
R3: The rank order of a given company based on the ratio of positive to negative ratings. Unlike R1, this metric is biased to smaller companies because they are more likely to have very few negative ratings (as opposed to larger companies).
3. Because the focus of this work was the group of companies “most trusted” for privacy, all aggregated negative ratings were excluded from further analysis after compiling the master list of 203 companies. Table 1 shows the sample and response statistics of our study: Table 1 Sample Characteristics Sample frame size Total responses Total rejections Net responses Total positive & negative ratings Average number of ratings per subject Average number of positive ratings Average number of negative ratings Number of separate companies identified Number of companies with ≥ 20 positive ratings Ponemon Institute ©: Private & Confidential Document
Total 51,895 7,140 348 6,792 27,847 4.10 2.52 1.58 417 203
Pct % 100.0% 13.8% -0.7% 13.1%
Page 3
Table 2 and the Pie Chart show the distribution of subjects across the United States. Please note that this study only obtained information from people living in the United States (43 states in the sampling frame). A separate study was conducted from subjects residing in nine Canadian provinces. These results will be provided in a separate report.
Table 2 Geographic Regions Northeast Mid-Atlantic Southeast West/Pacific Southwest Mid-West Total
1,243
Freq 1,518 1,532 957 1,046 844 1,243 7,140
Pct% 21% 21% 13% 15% 12% 17% 100%
1,518
844
1,532 1,046 957 Northeast
Mid-Atlantic
Southeast
West/Pacific
Southw est
Mid-West
III. Results Bar Chart 1 shows the top 10 list of most trusted companies in ascending order based on the combined rank scores from R1, R2 and R3 (described above). Please note that 11 companies are displayed because of ties in combined rank scores. The number next to each bar reflects the combined score for every one of the top 10 most trusted companies for privacy. A low combined score indicates a positive result and a high combined score indicates a negative result. Please note that Dell and IBM achieve tied scores for eighth place, and EarthLink and Google earn tied scores for tenth place. The overall average score for the top 10 companies shown in the bar chart is 96 points. The overall average score for all 203 companies ranked in the most trusted list is 305 points, and the score for the bottom 10 companies contained in the most trusted list averaged 574 points. Bar Chart 1: Top Companies Based on Combined Scores A merican Express
65
A mazo n
67
P ro cter & Gamble (all brands)
83
Hewlett P ackard
90
eB ay
92
A OL
100
US P o stal Service
105
Dell
111
IB M
111
Earthlink
114
Go o gle
114
0
20
Ponemon Institute ©: Private & Confidential Document
40
60
80
100
120
Page 4
Table 3 lists the top twenty companies that consumers’ believe are most trustworthy for honoring privacy commitments. For comparison purposes, the prior results from our 2004 study are shown in Panel A and results from the 2005 study are shown in Panel B. The ranking is based on a combination of three different ranking procedures for R1, R2 and R3 as explained above. Rank 1 2 3 4 5 6 7 8 9 10 11 12 13 14 14 16 17 18 19 20
Table 3 Panel A 2004 Top Companies eBay American Express Procter & Gamble (all brands) Amazon Hewlett-Packard U.S. Postal Service IBM EarthLink Citibank Dell Disney Bank of America Harley-Davidson Johnson & Johnson (all brands) US Bank Fidelity E-Loan VISA Apple Washington Mutual
Rank 1 2 3 4 5 6 7 8 8 10 10 12 13 14 15 16 17 18 18 20 20
Table 3 Panel B 2005 Top Companies American Express Amazon Procter & Gamble (all brands) Hewlett-Packard eBay AOL US Postal Service Dell IBM EarthLink Google Charles Schwab Apple (including iPod brand) Johnson & Johnson (all brands) WebMD E-Loan Washington Mutual Federal Express Yahoo USAA Disney
Because of tied ranks, Panel B lists more than twenty organizations. Many of this year’s top ranked organizations are computer technology or Internet firms. We also see new entrants to this year’s top 20 list, including AOL, Google, Charles Schwab, WebMD, Federal Express, Yahoo and USAA. R1 Companies with highest net positive ratings (Net = ∑Positive – ∑Negative). Table 4 reports the top 10 companies in terms of RI. As can be seen, IBM achieves the highest RI rank with a net positive result of 367 responses, followed by Amazon and American Express. R1 1 2 3 4 5 6 7 8 8 10
Table 4: Top Companies for Privacy IBM Amazon American Express Hewlett-Packard AOL Procter & Gamble (all brands) US Postal Service eBay MSN Johnson & Johnson (all brands)
Ponemon Institute ©: Private & Confidential Document
Positive 449 377 369 347 276 275 271 260 293 222
Negative 82 39 36 47 32 32 34 30 63 31
Net 367 338 333 300 244 243 237 230 230 191
Page 5
R2 Companies with the highest percentage of ratings in first position on survey (Pct% first = total first Place divided by positive). Table 5 shows E-Loan, Fifth Third Bank, and American Express achieving the top three places using this ranking procedure. It appears that E-Loan, Fifth Third Bank, American Express, PGP and Amazon all achieve percentages in excess of 90%. R2 1 2 3 4 5 6 7 8 9 10
Table 5: Top Companies for Privacy E-Loan Fifth Third Bank American Express PGP Amazon Netflix Procter & Gamble (all brands) Hewlett- Packard IBM Charles Schwab
Total 31 58 405 23 416 32 307 394 531 147
First Place 30 43 341 19 341 26 245 307 390 112
Pct% First 96.8% 95.6% 92.4% 90.5% 90.5% 89.7% 89.1% 88.5% 86.9% 86.8%
R3 The following table ranks companies with the highest ratio (Positive ÷ Negative). The ranking below assigned the highest rank to companies with the highest positive response for those companies where ∑Negative = 0. R3 1 1 3 4 5 6 7 8 9 10
Table 6: Top Companies for Privacy E-Loan NRA Hallmark Priceline.com WebMD Weight Watchers Bristol-Myers Squib (all brands) Diner's Club Kodak AG Edwards
Positive 31 22 68 49 47 46 38 37 108 34
Negative 0 0 1 1 1 1 1 1 3 1
Positive/ Negative
α α 68.00 49.00 47.00 46.00 38.00 37.00 36.00 34.00
The top ranking organizations with respect to the R3 variable is E-Loan, National Rifle Association (NRA) and Hallmark. The note α in Table 6 means that the computed value cannot be defined. Table 7 provides a summary of top ranked companies by 23 industry subgroups. The table shows significant variation in the average rank by industry, where health care, consumer products and package and delivery services achieve much higher average rankings than companies in the toy, food and hospitality industries, respectively. It is also interesting to observe differences between 2004 and 2005 industry subgroup rankings. For example, in 2005, banking moved from second to seventh place among all industries in our ranking. On the other hand, delivery and package moved from eighth place in 2004 to third place in 2005. One reason for the public’s privacy concerns in banking may relate to the rise of phishing and spoofing attacks on Internet users. The impact of phishing was revealed in earlier research
Ponemon Institute ©: Private & Confidential Document
Page 6
conducted by Ponemon Institute over the past year.1 Another factor that may have diminished consumer privacy trust is the wave of recent security breach incidents involving major organizations. Table 7 Average Combined Rankings by Industry Group
Industry Health care Consumer products Package & delivery Web business Entertainment Insurance Banking Computer technology Brokerage ISP & cable Auto & transportation Credit card Non-profit Health & beauty Financial services (general) Retail Pharmaceuticals Telecom Conglomerate Airlines Hospitality Food service Toy
Top Ranked Company by Industry WebMD
Industry Ranking 1
Numbers 5
Average Rank 39.20
Min 15
Max 56
Procter & Gamble
2
4
49.25
3
140
US Postal Service Amazon Disney USAA Washington Mutual
3 4 5 6
4 14 3 9
55.50 59.86 67.00 68.44
105 2 6 103
75 162 101 20
7
10
74.30
17
137
Hewlett Packard Charles Schwab America Online General Motors (all brands)* American Express National Rifle Association Weight Watchers
8 9 10
18 7 6
87.11 91.00 92.67
4 12 6
180 178 197
11 12
11 7
96.64 100.71
28 1
170 201
13 14
8 7
101.88 102.00
48 44
167 159
15 16 17 18 19 20 21 22 23
14 30 11 9 6 3 8 6 3
109.86 118.17 124.45 125.11 131.00 141.22 149.00 161.50 189.00
16 31 35 70 65 43 52 85 32
194 200 184 200 180 183 202 203 121
E-Loan Hallmark Pfizer (all brands) Verizon DuPont Air Alaska Bass (all chains) Trader Joes Lego
* Many of the positive privacy ratings attributed to General Motors concerns the company’s Onstar service offering.
Bar Chart 2 illustrates the impact of a data security breach on company rankings. This analysis looks at 14 different organizations that were included in both our 2004 and 2005 studies. All organizations in this subgroup reported a data security breach in accordance with regulatory requirements, such as SB 1386 in California.
1
See 2004 Tracking Study on Spoofing & Phishing, TRUSTe & Ponemon Institute dated 9/21/05, 2005 Online Banking Study Watchfire & Ponemon Institute dated 4/5/05, and National E-Mail Safety & Reliability Survey Goodmail & Ponemon Institute dated 7/12/05.
Ponemon Institute ©: Private & Confidential Document
Page 7
The bar chart shows computed variables, defined as the percentage distance between the subgroup and the sample average ranking for 2004 and 2005. In 2004, 187 companies were on the most trusted list and the average rank was 93.5. In 2005 there are 203 companies listed and the average rank is 101.5. Bar Chart 2: Percentage Difference between 14 Data Breach Companies and Sample Average Ranks in 2004 and 2005 10% 5% 5% 0% -5%
2004-Before Breach
2005-After Breach
-10% -15% -20% -22%
-25%
The 14 companies in this security breach analysis were 5% above the average in 2004. In other words, these companies had an average score that was slightly higher than our average rank. In 2005 these same 14 companies are 22% below the average rank after the data security breach was reported. This suggests that the average rank for the subgroup dropped considerably – perhaps as a result of the breach. Bar Chart 3 illustrates the impact of severe phishing attacks on company rankings. This analysis looks at organizations identified by TRUSTe that experienced the most persistent or frequent phishing attacks during the past year. Eleven of these companies were included in both our 2004 and 2005 studies. Bar Chart 3: Percentage Difference between 11 Companies that Experienced Persistent Phishing Attacks in the Last Twelve Months by Sample Average Ranks in 2004 and 2005 16%
15%
14% 12% 10% 8% 6% 4%
2%
2% 0% 2004-Before Major Phishing Attacks
2005-After Major Phishing Attacks
Using the sample calculation above, Bar Chart 3 shows computed variables, defined as the percentage distance between the subgroup and the sample average ranking for 2004 and 2005. As reported, in 2004 the average rank for these 11 organizations was 15% above the mean. In Ponemon Institute ©: Private & Confidential Document
Page 8
2005, the average rank for these organizations dropped to 2% -- or a 13% decline in overall ratings. It is important to note that most of these organizations are in the financial services or retail banking industry. Clearly, these data support the idea that the public’s trust is very fragile. While the analyses for data breach incidents and phishing attacks relied on small subgroups, our results suggest that companies experiencing a data breach or severe phishing attack should anticipate a potentially negative affect on consumer trust in the marketplace. Table 8 lists ten (10) factors considered important in defining a company’s privacy commitment to consumers (the public) for the 2004 and 2005 studies. The importance of each factor was determined based on the frequency of responses and the average points assigned (totaling 100 points for all factors). Table 8 What factors do you consider when judging the companies listed? Overall reputation of the company for product or service quality The privacy policy of the company The company’s privacy education and outreach Positive experience in dealing with the company in resolving a privacy concern or question (redress) Quality of advertisements and solicitations that are respectful of my privacy requirements or rights Ability to access personal information collected and used about me and my household The existence of a trust seal or audit report for privacy or data protection Media or press coverage about the company’s privacy and data protection practices Sense of security protections when providing personal information, such as access codes and other ways to identify me The company’s limits over the collection, use and sharing of personal information Additional factors (various)
2004 Freq
2004 Pct%
4,864 2,239
77.1% 35.5%
954
2005 Freq
2005 Pct%
Diff
5155 2545
72.2% 35.6%
-4.9% 0.1%
15.1%
1086
15.2%
0.1%
580
9.2%
1294
18.1%
8.9%
3,298
52.3%
4326
60.6%
8.3%
1,061
16.8%
1255
17.6%
0.8%
940
14.9%
1093
15.3%
0.4%
534
8.5%
1204
16.9%
8.3%
3,121
49.5%
3547
49.7%
0.2%
4,404 339
69.8% 5.4%
5047 412
70.7% 5.8%
0.9% 0.4%
In comparing 2004 and 2005 differences, it appears that respondents hold a consistent view of privacy trust factors over two years. The most salient change between 2005 and 2004 (Diff) concerns: (1) the organization’s redress process increased by 8.9%, (2) advertising or marketing practices increased by 8.3% and (3) media or press coverage increased by 8.3%. While still the most salient factor to consumer trust, the importance of the company’s overall reputation decreased by 4.9%. One reason for the 8.9% increase in the importance of redress (as well as the press coverage increase of 8.4%) may relate to data security breach issues analyzed in Bar Chart 2. In short, consumers who are notified of a data security breach expect the company to have adequate support practices to assist the individual (victim). A redress failure – wherein the individual Ponemon Institute ©: Private & Confidential Document
Page 9
cannot get adequate information or support from the company reporting a data breach – may have enormous negative consequences in terms of reputation, loyalty and churn. Table 9 reports individuals’ responses to the question, “What worries you most if your personal information was leaked to individuals or organizations that do not have a right to this information (please check only those items about which you have serious concerns)?” In our 2005 study, identity theft appears to be the most serious privacy concern (for 76.6% of respondents). The second most serious concern (for 55.9% of respondents) is the loss of civil liberties. Table 9 What worries respondents the most. Identity theft Stolen assets Stalking or spying activities Telemarketing Abuse Unwanted e-mail activity (spam) Unwanted junk mail Loss of civil liberties Public embarrassment
2004 Freq 4,771 2,045 1,346 2,271 3,641 2,325 3,011 1,389
Pct% 75.6% 32.4% 21.3% 36.0% 57.7% 36.9% 47.7% 22.0%
2005 Freq 5472 2104 1512 2256 3678 2125 3989 1401
Pct% 76.6% 29.5% 21.2% 31.6% 51.5% 29.8% 55.9% 19.6%
Diff 1.0% -2.9% -0.2% -4.4% -6.2% -7.1% 8.1% -2.4%
Comparing 2004 and 2005 responses, it is interesting to see the 8% increase in the category “loss of civil liberties.” This change in perception over the two year period may be caused by new national security and surveillance requirements implemented at the time of this survey (including the public debate at continuing various aspects the USA Patriot Act). It is also interesting to note the decrease in telemarketing (-4.4%) and spam (-6.2%) as serious privacy concerns. Table 10 summarizes how respondents feel about the privacy of their personal information. Clearly, results show that the vast majority of individuals view privacy as either important or very important to them. As shown, there is a 1.4% increase (Diff) in the categories “very important” and “important,” suggesting that privacy has become more important over the two year period. Table 10 How respondents feel about the privacy of their personal information. Very Important Important Not Important No Comment Total
Ponemon Institute ©: Private & Confidential Document
2004 Freq 1,193 3,998 589 520 6,300
Pct% 19.0% 63.0% 9.0% 8.0% 100.0%
2005 Freq 1456 4598 615 470 7139
Pct% 20.4% 64.4% 8.6% 6.6% 100.0%
Diff 1.4% 1.4% -0.4% -1.4% 0.0%
Page 10
If you have questions or comments about this research or you would like to obtain additional copies of the document (including permission to quote or reuse this report), please contact by letter, phone call or email: Ponemon Institute, LLC Attn: Research Department 212 River Street, PO Box 601 Elk Rapids, Michigan 49629 800.887.3118 [email protected]
Ponemon Institute, LLC Measuring Trust in Privacy & Security Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.
Ponemon Institute ©: Private & Confidential Document
Page 11
Summary Report Prepared by Ponemon Institute, LLC Report Dated September 20, 2005
Ponemon Institute© Please Do Not Use Without Express Written Permission.
2005 Most Trusted Companies for Privacy
©
I. Executive Summary We are pleased to present the results of our second annual Most Trusted Companies for Privacy Study. The purpose of the study is to have consumers assign a rating to companies according to how much they trust these organizations to protect the privacy of their personal information. The study was conducted by Ponemon Institute and TRUSTe. Why is trust important for companies? Based on previous consumer studies conducted by Ponemon Institute, it has been shown that companies perceived as trustworthy are rewarded with a higher degree of customer loyalty and retention. Moreover, according to the 2005 Online Consumers Permission Study conducted by Ponemon Institute, it was found that consumers are willing to share more personal information with companies when they have a trusted relationship. Understandably, the more informed a company is about the purchasing habits and preferences of its customers, the more likely it is to increase sales and revenues. We offer one cautionary note about the results of the 2005 Most Trusted Companies for Privacy study. Based on previous consumer studies we have conducted, we have found that consumer perceptions about privacy and trust can be influenced by a number of factors. In fact, the ratings may not reflect at all the actual privacy practices of the company and its efforts to protect the personal information of its customers and employees. Further, what a company does in the area of privacy and data protection can be invisible to the customer until he or she experiences a problem and seeks redress or has a question that needs to be answered. Some factors influencing consumers’ perceptions can include a favorable (or unfavorable) opinion about a company’s brand and products, a personal experience with a call center employee or other employee or how well the company’s advertising messages resonate with them—especially if privacy and protection of identity are included in the promotion. Trust may also be earned when a customer receives an order on time and in good condition. We also believe media coverage of companies experiencing a security breach can affect not only an individual company but the industry as well. It is interesting to note that in this year’s study the trustworthiness rating of the banking industry has slipped from Number 3 to Number 7. The decline in trust could perhaps be attributed to the rash of news reports on security breaches of credit card information. The most trusted industries in this year’s study are healthcare organizations, Internet Service Providers (ISPs) and consumer product companies. Considered not as trustworthy for privacy commitments are the toy, hospitality and food service industries. II. Survey Method Our Web-based research study asked respondents to name one to five companies in 23 industries listed in the study they believed to be the most trustworthy when handling their personal information. Company names were not provided in the survey instrument to allow each participant to freely select the organizations believed to be most trusted for privacy. Participants were asked to apply the following definitions when determining the companies they trusted most for privacy: •
Personal information – Information about yourself and your family. This information includes name, address, telephone numbers, e-mail address, Social Security number, other personal
Ponemon Institute ©: Private & Confidential Document
Page 2
identification numbers, access codes, age, gender, income and tax information, shopping information, account activity and many other pieces of data about you. •
Privacy trust– Your belief that the company is honoring its privacy commitments to you, and keeping your personal information safe and secure. This includes its commitment not to share your personal information unless there is a just cause or you have given your consent.
Our fieldwork ended on August 9, 2005, with the collection of 6,792 useable responses over an eight-week period. We asked participants to list one to five companies in various industry sectors that they believed to be the most trustworthy for honoring their privacy commitments. According to their responses, we compiled a list of the most trusted companies for privacy. The aggregated list in our analysis contained 203 different company names, compiled from almost 28,000 individual company ratings. Using the same ranking procedures as in our 2004 study, we careful executed the following decision rules to compile this year’s list of most trusted companies for privacy: 1. All companies with 20 or more individual positive ratings were included in analysis. Companies with less than 20 positive ratings were excluded from further inspection. 2. A combined rating system composed of three ranking procedures was used to determine the overall rank of a given company. Following are the three different rating schemes: •
R1: The rank order of a given company based on the net positive responses. While this metric is unambiguous, it is biased. Larger companies or those with a bigger brand name would be more likely to earn a higher net response.
•
R2: The rank order of a given company based on the percentage of “first place” ratings. This is an unbiased metric because the percentage is not associated with the size of a company.
•
R3: The rank order of a given company based on the ratio of positive to negative ratings. Unlike R1, this metric is biased to smaller companies because they are more likely to have very few negative ratings (as opposed to larger companies).
3. Because the focus of this work was the group of companies “most trusted” for privacy, all aggregated negative ratings were excluded from further analysis after compiling the master list of 203 companies. Table 1 shows the sample and response statistics of our study: Table 1 Sample Characteristics Sample frame size Total responses Total rejections Net responses Total positive & negative ratings Average number of ratings per subject Average number of positive ratings Average number of negative ratings Number of separate companies identified Number of companies with ≥ 20 positive ratings Ponemon Institute ©: Private & Confidential Document
Total 51,895 7,140 348 6,792 27,847 4.10 2.52 1.58 417 203
Pct % 100.0% 13.8% -0.7% 13.1%
Page 3
Table 2 and the Pie Chart show the distribution of subjects across the United States. Please note that this study only obtained information from people living in the United States (43 states in the sampling frame). A separate study was conducted from subjects residing in nine Canadian provinces. These results will be provided in a separate report.
Table 2 Geographic Regions Northeast Mid-Atlantic Southeast West/Pacific Southwest Mid-West Total
1,243
Freq 1,518 1,532 957 1,046 844 1,243 7,140
Pct% 21% 21% 13% 15% 12% 17% 100%
1,518
844
1,532 1,046 957 Northeast
Mid-Atlantic
Southeast
West/Pacific
Southw est
Mid-West
III. Results Bar Chart 1 shows the top 10 list of most trusted companies in ascending order based on the combined rank scores from R1, R2 and R3 (described above). Please note that 11 companies are displayed because of ties in combined rank scores. The number next to each bar reflects the combined score for every one of the top 10 most trusted companies for privacy. A low combined score indicates a positive result and a high combined score indicates a negative result. Please note that Dell and IBM achieve tied scores for eighth place, and EarthLink and Google earn tied scores for tenth place. The overall average score for the top 10 companies shown in the bar chart is 96 points. The overall average score for all 203 companies ranked in the most trusted list is 305 points, and the score for the bottom 10 companies contained in the most trusted list averaged 574 points. Bar Chart 1: Top Companies Based on Combined Scores A merican Express
65
A mazo n
67
P ro cter & Gamble (all brands)
83
Hewlett P ackard
90
eB ay
92
A OL
100
US P o stal Service
105
Dell
111
IB M
111
Earthlink
114
Go o gle
114
0
20
Ponemon Institute ©: Private & Confidential Document
40
60
80
100
120
Page 4
Table 3 lists the top twenty companies that consumers’ believe are most trustworthy for honoring privacy commitments. For comparison purposes, the prior results from our 2004 study are shown in Panel A and results from the 2005 study are shown in Panel B. The ranking is based on a combination of three different ranking procedures for R1, R2 and R3 as explained above. Rank 1 2 3 4 5 6 7 8 9 10 11 12 13 14 14 16 17 18 19 20
Table 3 Panel A 2004 Top Companies eBay American Express Procter & Gamble (all brands) Amazon Hewlett-Packard U.S. Postal Service IBM EarthLink Citibank Dell Disney Bank of America Harley-Davidson Johnson & Johnson (all brands) US Bank Fidelity E-Loan VISA Apple Washington Mutual
Rank 1 2 3 4 5 6 7 8 8 10 10 12 13 14 15 16 17 18 18 20 20
Table 3 Panel B 2005 Top Companies American Express Amazon Procter & Gamble (all brands) Hewlett-Packard eBay AOL US Postal Service Dell IBM EarthLink Google Charles Schwab Apple (including iPod brand) Johnson & Johnson (all brands) WebMD E-Loan Washington Mutual Federal Express Yahoo USAA Disney
Because of tied ranks, Panel B lists more than twenty organizations. Many of this year’s top ranked organizations are computer technology or Internet firms. We also see new entrants to this year’s top 20 list, including AOL, Google, Charles Schwab, WebMD, Federal Express, Yahoo and USAA. R1 Companies with highest net positive ratings (Net = ∑Positive – ∑Negative). Table 4 reports the top 10 companies in terms of RI. As can be seen, IBM achieves the highest RI rank with a net positive result of 367 responses, followed by Amazon and American Express. R1 1 2 3 4 5 6 7 8 8 10
Table 4: Top Companies for Privacy IBM Amazon American Express Hewlett-Packard AOL Procter & Gamble (all brands) US Postal Service eBay MSN Johnson & Johnson (all brands)
Ponemon Institute ©: Private & Confidential Document
Positive 449 377 369 347 276 275 271 260 293 222
Negative 82 39 36 47 32 32 34 30 63 31
Net 367 338 333 300 244 243 237 230 230 191
Page 5
R2 Companies with the highest percentage of ratings in first position on survey (Pct% first = total first Place divided by positive). Table 5 shows E-Loan, Fifth Third Bank, and American Express achieving the top three places using this ranking procedure. It appears that E-Loan, Fifth Third Bank, American Express, PGP and Amazon all achieve percentages in excess of 90%. R2 1 2 3 4 5 6 7 8 9 10
Table 5: Top Companies for Privacy E-Loan Fifth Third Bank American Express PGP Amazon Netflix Procter & Gamble (all brands) Hewlett- Packard IBM Charles Schwab
Total 31 58 405 23 416 32 307 394 531 147
First Place 30 43 341 19 341 26 245 307 390 112
Pct% First 96.8% 95.6% 92.4% 90.5% 90.5% 89.7% 89.1% 88.5% 86.9% 86.8%
R3 The following table ranks companies with the highest ratio (Positive ÷ Negative). The ranking below assigned the highest rank to companies with the highest positive response for those companies where ∑Negative = 0. R3 1 1 3 4 5 6 7 8 9 10
Table 6: Top Companies for Privacy E-Loan NRA Hallmark Priceline.com WebMD Weight Watchers Bristol-Myers Squib (all brands) Diner's Club Kodak AG Edwards
Positive 31 22 68 49 47 46 38 37 108 34
Negative 0 0 1 1 1 1 1 1 3 1
Positive/ Negative
α α 68.00 49.00 47.00 46.00 38.00 37.00 36.00 34.00
The top ranking organizations with respect to the R3 variable is E-Loan, National Rifle Association (NRA) and Hallmark. The note α in Table 6 means that the computed value cannot be defined. Table 7 provides a summary of top ranked companies by 23 industry subgroups. The table shows significant variation in the average rank by industry, where health care, consumer products and package and delivery services achieve much higher average rankings than companies in the toy, food and hospitality industries, respectively. It is also interesting to observe differences between 2004 and 2005 industry subgroup rankings. For example, in 2005, banking moved from second to seventh place among all industries in our ranking. On the other hand, delivery and package moved from eighth place in 2004 to third place in 2005. One reason for the public’s privacy concerns in banking may relate to the rise of phishing and spoofing attacks on Internet users. The impact of phishing was revealed in earlier research
Ponemon Institute ©: Private & Confidential Document
Page 6
conducted by Ponemon Institute over the past year.1 Another factor that may have diminished consumer privacy trust is the wave of recent security breach incidents involving major organizations. Table 7 Average Combined Rankings by Industry Group
Industry Health care Consumer products Package & delivery Web business Entertainment Insurance Banking Computer technology Brokerage ISP & cable Auto & transportation Credit card Non-profit Health & beauty Financial services (general) Retail Pharmaceuticals Telecom Conglomerate Airlines Hospitality Food service Toy
Top Ranked Company by Industry WebMD
Industry Ranking 1
Numbers 5
Average Rank 39.20
Min 15
Max 56
Procter & Gamble
2
4
49.25
3
140
US Postal Service Amazon Disney USAA Washington Mutual
3 4 5 6
4 14 3 9
55.50 59.86 67.00 68.44
105 2 6 103
75 162 101 20
7
10
74.30
17
137
Hewlett Packard Charles Schwab America Online General Motors (all brands)* American Express National Rifle Association Weight Watchers
8 9 10
18 7 6
87.11 91.00 92.67
4 12 6
180 178 197
11 12
11 7
96.64 100.71
28 1
170 201
13 14
8 7
101.88 102.00
48 44
167 159
15 16 17 18 19 20 21 22 23
14 30 11 9 6 3 8 6 3
109.86 118.17 124.45 125.11 131.00 141.22 149.00 161.50 189.00
16 31 35 70 65 43 52 85 32
194 200 184 200 180 183 202 203 121
E-Loan Hallmark Pfizer (all brands) Verizon DuPont Air Alaska Bass (all chains) Trader Joes Lego
* Many of the positive privacy ratings attributed to General Motors concerns the company’s Onstar service offering.
Bar Chart 2 illustrates the impact of a data security breach on company rankings. This analysis looks at 14 different organizations that were included in both our 2004 and 2005 studies. All organizations in this subgroup reported a data security breach in accordance with regulatory requirements, such as SB 1386 in California.
1
See 2004 Tracking Study on Spoofing & Phishing, TRUSTe & Ponemon Institute dated 9/21/05, 2005 Online Banking Study Watchfire & Ponemon Institute dated 4/5/05, and National E-Mail Safety & Reliability Survey Goodmail & Ponemon Institute dated 7/12/05.
Ponemon Institute ©: Private & Confidential Document
Page 7
The bar chart shows computed variables, defined as the percentage distance between the subgroup and the sample average ranking for 2004 and 2005. In 2004, 187 companies were on the most trusted list and the average rank was 93.5. In 2005 there are 203 companies listed and the average rank is 101.5. Bar Chart 2: Percentage Difference between 14 Data Breach Companies and Sample Average Ranks in 2004 and 2005 10% 5% 5% 0% -5%
2004-Before Breach
2005-After Breach
-10% -15% -20% -22%
-25%
The 14 companies in this security breach analysis were 5% above the average in 2004. In other words, these companies had an average score that was slightly higher than our average rank. In 2005 these same 14 companies are 22% below the average rank after the data security breach was reported. This suggests that the average rank for the subgroup dropped considerably – perhaps as a result of the breach. Bar Chart 3 illustrates the impact of severe phishing attacks on company rankings. This analysis looks at organizations identified by TRUSTe that experienced the most persistent or frequent phishing attacks during the past year. Eleven of these companies were included in both our 2004 and 2005 studies. Bar Chart 3: Percentage Difference between 11 Companies that Experienced Persistent Phishing Attacks in the Last Twelve Months by Sample Average Ranks in 2004 and 2005 16%
15%
14% 12% 10% 8% 6% 4%
2%
2% 0% 2004-Before Major Phishing Attacks
2005-After Major Phishing Attacks
Using the sample calculation above, Bar Chart 3 shows computed variables, defined as the percentage distance between the subgroup and the sample average ranking for 2004 and 2005. As reported, in 2004 the average rank for these 11 organizations was 15% above the mean. In Ponemon Institute ©: Private & Confidential Document
Page 8
2005, the average rank for these organizations dropped to 2% -- or a 13% decline in overall ratings. It is important to note that most of these organizations are in the financial services or retail banking industry. Clearly, these data support the idea that the public’s trust is very fragile. While the analyses for data breach incidents and phishing attacks relied on small subgroups, our results suggest that companies experiencing a data breach or severe phishing attack should anticipate a potentially negative affect on consumer trust in the marketplace. Table 8 lists ten (10) factors considered important in defining a company’s privacy commitment to consumers (the public) for the 2004 and 2005 studies. The importance of each factor was determined based on the frequency of responses and the average points assigned (totaling 100 points for all factors). Table 8 What factors do you consider when judging the companies listed? Overall reputation of the company for product or service quality The privacy policy of the company The company’s privacy education and outreach Positive experience in dealing with the company in resolving a privacy concern or question (redress) Quality of advertisements and solicitations that are respectful of my privacy requirements or rights Ability to access personal information collected and used about me and my household The existence of a trust seal or audit report for privacy or data protection Media or press coverage about the company’s privacy and data protection practices Sense of security protections when providing personal information, such as access codes and other ways to identify me The company’s limits over the collection, use and sharing of personal information Additional factors (various)
2004 Freq
2004 Pct%
4,864 2,239
77.1% 35.5%
954
2005 Freq
2005 Pct%
Diff
5155 2545
72.2% 35.6%
-4.9% 0.1%
15.1%
1086
15.2%
0.1%
580
9.2%
1294
18.1%
8.9%
3,298
52.3%
4326
60.6%
8.3%
1,061
16.8%
1255
17.6%
0.8%
940
14.9%
1093
15.3%
0.4%
534
8.5%
1204
16.9%
8.3%
3,121
49.5%
3547
49.7%
0.2%
4,404 339
69.8% 5.4%
5047 412
70.7% 5.8%
0.9% 0.4%
In comparing 2004 and 2005 differences, it appears that respondents hold a consistent view of privacy trust factors over two years. The most salient change between 2005 and 2004 (Diff) concerns: (1) the organization’s redress process increased by 8.9%, (2) advertising or marketing practices increased by 8.3% and (3) media or press coverage increased by 8.3%. While still the most salient factor to consumer trust, the importance of the company’s overall reputation decreased by 4.9%. One reason for the 8.9% increase in the importance of redress (as well as the press coverage increase of 8.4%) may relate to data security breach issues analyzed in Bar Chart 2. In short, consumers who are notified of a data security breach expect the company to have adequate support practices to assist the individual (victim). A redress failure – wherein the individual Ponemon Institute ©: Private & Confidential Document
Page 9
cannot get adequate information or support from the company reporting a data breach – may have enormous negative consequences in terms of reputation, loyalty and churn. Table 9 reports individuals’ responses to the question, “What worries you most if your personal information was leaked to individuals or organizations that do not have a right to this information (please check only those items about which you have serious concerns)?” In our 2005 study, identity theft appears to be the most serious privacy concern (for 76.6% of respondents). The second most serious concern (for 55.9% of respondents) is the loss of civil liberties. Table 9 What worries respondents the most. Identity theft Stolen assets Stalking or spying activities Telemarketing Abuse Unwanted e-mail activity (spam) Unwanted junk mail Loss of civil liberties Public embarrassment
2004 Freq 4,771 2,045 1,346 2,271 3,641 2,325 3,011 1,389
Pct% 75.6% 32.4% 21.3% 36.0% 57.7% 36.9% 47.7% 22.0%
2005 Freq 5472 2104 1512 2256 3678 2125 3989 1401
Pct% 76.6% 29.5% 21.2% 31.6% 51.5% 29.8% 55.9% 19.6%
Diff 1.0% -2.9% -0.2% -4.4% -6.2% -7.1% 8.1% -2.4%
Comparing 2004 and 2005 responses, it is interesting to see the 8% increase in the category “loss of civil liberties.” This change in perception over the two year period may be caused by new national security and surveillance requirements implemented at the time of this survey (including the public debate at continuing various aspects the USA Patriot Act). It is also interesting to note the decrease in telemarketing (-4.4%) and spam (-6.2%) as serious privacy concerns. Table 10 summarizes how respondents feel about the privacy of their personal information. Clearly, results show that the vast majority of individuals view privacy as either important or very important to them. As shown, there is a 1.4% increase (Diff) in the categories “very important” and “important,” suggesting that privacy has become more important over the two year period. Table 10 How respondents feel about the privacy of their personal information. Very Important Important Not Important No Comment Total
Ponemon Institute ©: Private & Confidential Document
2004 Freq 1,193 3,998 589 520 6,300
Pct% 19.0% 63.0% 9.0% 8.0% 100.0%
2005 Freq 1456 4598 615 470 7139
Pct% 20.4% 64.4% 8.6% 6.6% 100.0%
Diff 1.4% 1.4% -0.4% -1.4% 0.0%
Page 10
If you have questions or comments about this research or you would like to obtain additional copies of the document (including permission to quote or reuse this report), please contact by letter, phone call or email: Ponemon Institute, LLC Attn: Research Department 212 River Street, PO Box 601 Elk Rapids, Michigan 49629 800.887.3118 [email protected]
Ponemon Institute, LLC Measuring Trust in Privacy & Security Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. We do not collect any personally identifiable information from individuals (or company identifiable information in our business research). Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevant or improper questions.
Ponemon Institute ©: Private & Confidential Document
Page 11
Related Documents
2005 Most Trusted Companies
October 2019 7
50 Most Innovative Companies
July 2020 4
The World's Most Innovative Companies
October 2019 20
Trusted Cloud
May 2020 6
Companies
May 2020 33