Consumers Overwhelmingly Blame Businesses for Breaches

The majority of consumers—70%—would stop doing business with companies following a data breach; yet they fail to take any responsibility for their own poor data security habits.

According to a Gemalto survey of more than 10,000 consumers worldwide, only a quarter (27%) feel businesses take customer data security very seriously, and 70% would take their business elsewhere after a breach.

While 62% of consumers feel businesses are responsible for data security, many have their own poor security hygiene. For instance, 41% fail to take advantage of security measures available to them, such as two-factor authentication for social media accounts. In addition, more than half (56%) still use the same password for multiple online accounts.

This state of affairs is resulting in businesses being forced to take additional steps to protect consumers and enforce robust security measures, as well as educate them on the benefits of adopting these. Retailers (61%), banks (59%) and social media sites (58%) were found to have a lot of work to do, with these being sectors that consumers would leave if they suffered a breach.

“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” said Jason Hart, CTO, Identity and Data Protection at Gemalto. “In the face of upcoming data regulations such as GDPR, it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start—otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”

Despite their lack of secure behavior, consumers’ security concerns are high, as two-thirds (67%) worry they will be victims of a data breach in the near future. Consequently, consumers now hold businesses accountable—if their data is stolen, the majority (93%) of consumers would take or consider taking legal action against the compromised business.

When it comes to the businesses that consumers trust least, over half (58%) believe that social media sites are one of the biggest threats to their data, with one in five (20%) fearful of travel sites—worryingly, one in 10 (9%) think no sites pose a risk to them.

On the other hand, a third (33%) of consumers trust banks the most with their personal data, despite their being frequent targets and victims of data breaches, with industry-certified bodies (12%), device manufacturers (11%) and the government (10%) next on the list for trustworthiness.

Hart continued, “It’s astonishing that consumers are now putting their own data at risk, by failing to use these measures, despite growing concerns around their security. It’s resulting in an alarming amount of breaches—80%—being caused by weak or previously stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”

What’s Hot on Infosecurity Magazine?