Looming breach notification laws could strain customer loyalty by forcing businesses to admit that they have failed to live up to the expectations of the 70 percent of customers that expect businesses to protect their data, according to one new study.
Surveyed by Gemalto about their attitudes to data protection, consumers responding to the recent Data Breaches and Customer Loyalty Report overwhelmingly believe that businesses bear the burden of securing their personal data – yet less than 1 in 3 believe that businesses are living up to this expectation.
The figures painted a portrait of a consumer base that is both sceptical about online security, and unforgiving of those organisations that breach it through oversight.
Fully 58 percent of consumers believe they will be the victims of a breach at some point – but 60 percent said they would be unlikely to continue buying from a retailer whose poor security led to financial and other sensitive information being stolen. Similar sentiment was expressed about banks (58 percent) and social-media sites (56 percent).
The results were an interesting juxtaposition to the findings of a recent Symantec study of consumer practices, which found that Australian consumers are still regularly ignoring even basic protections for their home computing equipment and a growing number of connected home Internet of Things (IoT) devices.
With 26 percent of the 1001 surveyed users reporting that they had no protective measures in place for their home devices, those figures suggested that Australians “tend to be aware of the risks, but at the same time they are somewhat complacent” when it comes to performing basic security practices, Symantec technology strategist for information security Mark Shaw previously told CSO Australia.
“These are threats that are affecting Australian consumers,” he said, “and simple practices aren’t being taken to try and mitigate some of that risk.”
The latest Gemalto figures found similar complacency on the part of consumers, 53 percent of whom admitted to using the same password across some or all of their online accounts.
Many consumers have learned to accept online risk as inevitable, with 80 percent of respondents using social media despite 59 percent agreeing that such networks pose a great security risk. Similarly 87 percent said they use online or mobile banking – even though 34 percent believe it leaves them vulnerable to cybercriminals. And 11 percent said, incorrectly, that there are no Web sites that pose threats to their personal information.
Those same consumers won’t be so complacent in dealing with organisations whose breaches led to leaks of consumers’ private information. This increases the tension around long-mooted breach notification laws – which would, based on these results, put businesses in a difficult position of admitting they had violated the trust consumers had given them and the attendant privacy requirements that trust entails.
Gemalto’s findings suggest that consumers have reason to be concerned: some 21 percent of consumers said they had been affected by fraudulent use of financial information, while 15 percent had experienced fraudulent use of their personal details and 14 percent said they had been victims of identity theft.
Although 36 percent blamed a fraudulent Web site, 34 percent blamed a bad link, and 33 percent blamed phishing, fully 27 percent blamed the breach on a failure of the company’s data security solutions.
Consumers aren’t the only ones suffering from a trust deficit in the wake of a breach: Yahoo last week pushed back the timing of its acquisition by Verizon after the online property suffered several major data breaches.