Pointing the finger: consumers blame businesses for data breaches

Despite increasing coverage of online security failings and the difficulty in preventing them, consumers hold businesses responsible for data breaches, finds Gemalto study

Data breaches consumer

'What is clear, is that UK consumers believe the responsibility for protecting personal data lies with the business and not the individual, leading to a feeling that it is not their own fault should a data breach occur'

It might sound like an obvious point: of course a consumer will blame a business for losing their data. It is an unfortunate event that is a business’s responsibility, not the individual.

However, the difficulty in preventing these type of attacks and subsequent data breaches is an incredibly challenging task, especially if those consumers are hindering security efforts, i.e. by having the same passwords and security questions. Those within the technology industry understand this, but the public is less sympathetic.

Gemalto, a digital security company, confirmed this in a recent report, revealing that consumers put responsibility for protecting their personal data firmly at the hands of the organisations holding their data – and not themselves.

According to the 9,000 consumers surveyed in Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, United Kingdom, and United States, 70% of the responsibility for protecting and securing customer data lies with companies and only 30% of the responsibility with themselves.

>See also: 7 key lessons from TalkTalk’s data breach

Yet, less than a third (29%) consumers believe companies are taking protection of their personal data very seriously. This comes as consumers are becoming increasingly fearful of their data being stolen, with 58% believing it will happen to them in the future.

More than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches.

Where consumers see most risk

Despite becoming more aware of the threats posed to them online, only one in ten (11%) believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behaviour as a result.

80% use social media, despite 59% believing these networks pose a great risk. Equally, 87% use online or mobile banking, with 34% believing they leave them vulnerable to cyber criminals.

Consumers are also more likely to shop online during busy commercial periods such as Black Friday and Christmas (2% increase online versus -2% decrease in store), despite 21% admitting the threat of cyber crime increases a lot during these periods

Consumers attitudes on data breaches

Nearly six in ten (58%) consumers believe they will be a victim of a breach at some point, and organisations need to be prepared for the loss of business such incidents may cause.

The majority of consumers who currently use the following, say they would stop using a retailer (60%), bank (58%) or social media site (56%) if it suffered a breach, while 66% say they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen.

How data breaches affect consumers

The study found that fraudulent use of financial information has affected 21% of consumers, with others experiencing fraudulent use of their personal details (15%) and identity theft (14%).

>See also: Cyber security: Tesco Bank accounts have been compromised

More than a third (36%) of those who have been a victim of a breach attribute this to a fraudulent website.

Clicking a bad link (34%) and phishing (33%) were the next highest methods consumers were caught by. In keeping with the theme of putting the blame at the organisation’s hands, over a quarter (27%) attributed the breach to a failure of the company’s data security solutions.

Lack of security measures influence consumer confidence

The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses.

Within online banking, passwords are still the most common authentication methods – used by 84% for online and 82% for mobile banking, and more advanced transaction security the next highest for both (50% and 48% respectively).

Solutions like two-factor authentication (43% online and 42% mobile) and data encryption (31% online and 27% mobile) trail behind.

Similar results can be seen in both the retail space, with only 25% of respondents that use online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media, with only 21% using the authentication for all platforms.

Only 16% of all respondents admitted to having a complete understanding of what data encryption is and does.

>See also: Who is to blame within an organisation when a data breach occurs?

“Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business,” said Jason Hart, CTO, data protection at Gemalto.

“The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously.”

The UK

The UK consumers responses differed in several areas from many other countries, most notably their willingness to blame businesses for a data breach, and their desire to do business elsewhere should a breach occur.

As the second most targeted country for data breaches worldwide, this has potentially severe consequences for UK businesses and business owners.

UK consumers are almost twice as likely to blame a failure of an organisation’s security solutions for a data breach than their European counterparts (France, 14% and Germany, 19%) at 33%.

Furthermore, UK consumers are more likely to stop using a retailer (54%) and a social media site (54%) than a bank (51%) if they suffered an online breach.

This is because UK consumers are more confident in online/mobile banking (54%) than the global average (49%), despite only 37% of respondents believing it to be a secure banking method.

>See also: Educating the end user and eliminating the biggest security risk

“In 2016 we saw a number of high profile data breaches, notably TalkTalk and Yahoo, affect UK consumers, helping raise public awareness around the very real threats to personal data. Despite this, it appears that UK consumers are less concerned about becoming a victim of a breach than their counterparts worldwide, with more than half being confident when banking online or via mobile.”

“What is clear, is that UK consumers believe the responsibility for protecting personal data lies with the business and not the individual, leading to a feeling that it is not their own fault should a data breach occur.”

“This should be a wakeup call for UK businesses – consumers expect them to provide the necessary security protocols to protect their data, without compromising the convenience they expect when using services online like social media.”

“Businesses that fail to do so could soon find themselves losing out to the competition, with consumers showing they are more than willing to take their business elsewhere should a breach occur.”

Comments (0)