Consumers put responsibility for protecting their personal data firmly at the hands of the organisations holding their data, according to the 2016 Data Breaches and Customer Loyalty report released by Gemalto.
According to the 9 000 consumers surveyed in across the world, 70% of the responsibility for protecting and securing customer data lies with companies and only 30% of the responsibility with themselves. Yet, less than a third (29%) of consumers believe companies are taking protection of their personal data very seriously. This comes as consumers become increasingly fearful of their data being stolen, with 58% believing it will happen to them in the future. Over 4.8 billion data records have been exposed since 2013, with identity theft being the leading type of data breach accounting for 64% of all data breaches.
Where consumers see most risk
Despite becoming more aware of the threats posed to them online, only one in 10 (11%) believe there are no apps or websites out there that pose great risk to them – and consumers are not changing their behaviour as a result:
- 80% use social media, despite 59% believing these networks pose a great risk
- 87% use online or mobile banking, with 34% believing they leave them vulnerable to cybercriminals
- Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2% increase online versus -2% decrease in store), despite 21% admitting the threat of cybercrime increases significantly during these periods
Consumers attitudes on data breaches
Nearly six in 10 (58%) consumers believe they will be a victim of a breach at some point, and organisations need to be prepared for the loss of business such incidents may cause. The majority of consumers who currently use the following, say they would stop using a retailer (60%), bank (58%) or social media site (56%) if it suffered a breach, while 66% say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen.
How data breaches affect consumers
The study found that fraudulent use of financial information has affected 21% of consumers, with others experiencing fraudulent use of their personal details (15%) and identity theft (14%). Over a third (36%) of those who have been a victim of a breach attribute this to a fraudulent website. Clicking a bad link (34%) and phishing (33%) were the next highest methods consumers have been caught by. In keeping with the theme of blaming organisations, over a quarter (27%) attributed their breach to the company’s data security solutions failing.
Lack of security measures influence consumer confidence
The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods – used by 84% for online and 82% for mobile banking, and more advanced transaction security the next highest for both (50% and 48% respectively). Solutions like two-factor authentication (43% online and 42% mobile) and data encryption (31% online and 27% mobile) trail behind.
Similar results can be seen in both the retail space, with only 25% of respondents who use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21% using the authentication for all platforms. Only 16% of all respondents admitted to having a complete understanding of what data encryption is and does.
“Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they will blame the business,” says Jason Hart, CTO, Data Protection at Gemalto. “The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the potential threat of consumers taking legal action against companies, businesses need to educate consumers about the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions will show consumers that the protection of their personal data is being taken very seriously.”
Neil Cosser, Identity and Data Protection Manager for Africa at Gemalto, notes that the results mirror trends that Gemalto is seeing in the South African market, “As data breaches and threats become local realities, consumers are starting to take security and the protection of their sensitive data more seriously. This is making them increasingly critical of the measures put in place to protect them and their data. With cyber threats expected to increase and become more sophisticated in 2017, companies have to ensure they have robust effective solutions in place – to protect not only customer data, but also their own reputations,” he says.