RSA: Quarter of UK Consumers Boycott Breached Firms

Over a quarter of UK adults have boycotted companies that mishandled their data, according to new RSA research highlighting plummeting levels of consumer trust as the volume of high profile data breaches rises.

The Dell-owned security firm polled over 2000 UK consumers recently to find out more about their attitudes to the rising tide of breach incidents sweeping the globe and upcoming regulations from Europe.

The findings should represent a wake-up call for many organizations, not least the fact that 28% of consumers have left companies which mishandled their data in favor of more secure rivals.

That stat echoes the findings of a Centrify study earlier this week which revealed that 27% of customers had discontinued their relationship with a company following a breach.

A third (34%) of those polled by RSA claimed to have lost faith in the ability of firms to look after their data, but continue to use them anyway – suggesting they feel powerless to change anything – and over half (57%) said they have no idea how many times their data has been lost.

A quarter (24%) said they’d even become immune to data loss incidents in the news, because there are simply so many.

RSA is predicting this erosion of trust will continue when the GDPR kicks in on May 25 2018, as it will force companies to disclose data breaches within 72-hours, adding to the huge number already publicized.

Only 15% of consumers had heard of the new regulation, but more than half (53%) think its maximum fines of 4% of global annual turnover is fair.

However, many of those (20%) RSA spoke to also wanted consumers to receive direct compensation in the event of data loss.

“We can see some consumers are already boycotting companies that mishandle data, so this should be a real wakeup call – particularly when you add that to the potential penalties that could be imposed,” said Rashmi Knowles, EMEA field CTO at RSA.

“Organizations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine, if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then.”

What’s Hot on Infosecurity Magazine?