Over-two-thirds (69%) of global consumers say they’d boycott any company they believe does not take data protection seriously, with many resorting to submitting false details in a bid to safeguard their personal info (PII), according to RSA Security.
The security vendor polled over 7500 adults in the US, UK, France, Germany and Italy to compile its Data Privacy and Security Report.
Surprisingly, it found that 41% of consumers are actively submitting erroneous personal data with companies when signing up for products and services because they have little faith in that information being kept safe or not being used for intrusive marketing.
A further 78% said they try to limit the amount of personal data they share.
The findings send a clear message to firms: data security is not only coming under growing scrutiny from regulators, but it could also be a competitive differentiator.
Nearly two-thirds (62%) of consumers said they’d blame the company first in the event of a data breach, before the hacker.
Some 90% of global respondents said they were concerned about their personal data being lost, manipulated or stolen, while 82% of UK consumers said they’d boycott a company that repeatedly demonstrated having no regard for customer data.
However, on the flip side, 50% of consumers polled said they’d be more likely to shop with a company that could prove it takes data protection seriously, while 26% said they’d gladly trade their data for improved customer service.
It remains to be seen whether forthcoming EU privacy regulations will help stem the tide of data breach incidents that have so undermined consumer confidence in businesses.
RSA Security EMEA field CTO, Rashmi Knowles, believes the regulation will at least start to change the behavior of businesses.
“The fact is it isn’t just the cost of the fine, there are much wider ramifications that will hit the business. Customers will have to be notified, which will impact trust and encourage churn. It could have a serious impact on share price and as we can see through the Yahoo sale, it could even hurt valuations and M&As,” she told Infosecurity.
“It has also been suggested that the authorities could remove a company’s ability to process data entirely if they are repeatedly in violation with GDPR. For example, if you are a US cloud provider you may be told that you are not allowed to store EU citizen data. So in practice, the fines will be the least of their worries if a business does actually become a victim of a breach or fails to comply.”