sdecoret - stock.adobe.com
UK consumers threaten data breach backlash
Most UK and global consumers are willing to walk away from businesses that fail to look after personal data, with retailers most at risk, research shows
Seven out of 10 UK consumers and two-thirds, on average, around the world would stop doing business with a brand that suffers a breach of users’ financial or personal data.
Retailers are most at risk globally, with 62% of respondents willing to walk away after a data breach, followed by banks (59%) and social media sites (58%), according to a survey of 10,500 consumers by digital security firm Gemalto.
The survey found that, across all ages, 93% place the blame squarely on businesses and would think about acting against them. Social media sites worry consumers most, with 61% concerned that these companies do not protect consumer data adequately, followed by banking websites (40%).
With the rising awareness of data protection and data privacy issues following the Facebook-Cambridge Analytica data-sharing scandal and a growing number of personal data breaches, 70% of consumers now believe the responsibility for protecting their data rests with the company holding it.
As a result, data protection is now a major consideration for consumers when interacting with a brand, with 82% wanting organisations to have greater online security measures and 91% believing that there are applications and websites they currently use that pose a risk to the protection and security of their personal identifiable information (PII).
Despite consumers placing the responsibility firmly in the hands of organisations, only a quarter feel that companies take the protection and security of customer data very seriously, with 35% saying they have already provided organisations with feedback on the security methods they are offering, while 19% have considered dong so and 33% say they might in the future.
“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” said Jason Hart, CTO, data protection at Gemalto.
“Social media sites, in particular, have a battle on their hands to restore faith in their security and show consumers they are listening. Failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”
Read more about data protection
- Data protection is critical for all businesses.
- ICO fines Uber £385,000 for data protection failings.
- Data protection as a competitive advantage.
The survey showed that consumers are frustrated with the state of data protection within organisations, with a quarter of those polled saying they had already been a victim of fraudulent use of their financial information, 19% through fraudulent use of their PII and 16% through identity theft, while 66% are worried that their personal information will be stolen at some point in the future.
However, despite the fear that they may become victims of a data breach, consumers are not planning to change their behaviour online because they believe responsibility lies with the companies holding their data. This could explain why more than half (55%) of respondents continue to use the same password across different accounts, the Gemalto report said.
As well as switching brands, young people are more prepared to go further and pursue legal action against brands that lose their data than older generations, with 53% of UK consumers saying they would consider taking legal action against any of the parties (companies or hackers) involved in a breach, compared with 67% globally among 18 to 24-year olds and 45% among those aged 65 or more.
“This should be a wake-up call to businesses that consumer patience has run out,” said Hart. “It’s clear they have little faith that organisations are taking their data protection seriously, or that their concerns will be heard, forcing them to take action themselves.
“As young people become the big spenders of the future, businesses are risking not only alienating their current and future revenue streams, but also their reputation if they continue to give the impression that they don’t take data security seriously. Moving forward, businesses must start doing the basics properly – protecting their most valuable asset, data, with the correct security controls.”