A new study has shown that 70% of surveyed consumers would consider taking their business away from companies that suffer data breaches, yet those same users won’t come to the party by taking small actions that could prevent said breaches.
This is according to research done by digital security company Gemalto, which sought the opinions of over 10 000 consumers across the globe, including South Africa, on the matter of data security. All of those surveyed actively use online/mobile banking, social media accounts or online retail accounts.
Only just over a quarter of the consumers surveyed (27%) said they feel businesses take the security of their data very seriously. The remainder believe security is not up to them, but rather up to the businesses that hold their data.
The survey revealed that users don’t take full advantage of all the security measures offered, like two-factor authentication, when it comes to securing their accounts with service providers like banks, social media companies, and retailers. The study indicated that over half of all surveyed people (56%) use the same password across multiple online services, a habit that is strongly discouraged by security best-practice.
This lack of robust security makes those service providers vulnerable to cyberattack, and puts their customers’ data at risk. A little unfairly, then, 70% of those same consumers say they will stop doing businesses with companies that suffer a data breach.
“Consumers are evidently happy to relinquish the responsibility of protecting their data to a business, but are expecting it to be kept secure without any effort on their part,” says Jason Hart, CTO, Identity and Data Protection at Gemalto.
“In the face of upcoming data regulations such as GDPR [in Europe and POPI in South Africa], it’s now up to businesses to ensure they are forcing security protocols on their customers to keep data secure. It’s no longer enough to offer these solutions as an option. These protocols must be mandatory from the start – otherwise businesses will face not only financial consequences, but also potentially legal action from consumers.”
Should businesses not enforce the use of proven security mechanisms by their users, Hart says it could spell disaster. “It’s resulting in an alarming amount of breaches – 80% – being caused by weak or previously-stolen credentials. Something has to change soon on both the business and consumer sides or this is only going to get worse.”
Tarsus On Demand‘s Kevin Reaper adds that “In our opinion, part of the problem is that too many security and IT professionals pay lip service to user education. Having enforceable policies in place is one thing, but having processes that have been tested and user education that helps the user to understand and comply with the chosen security measures goes further towards mitigating both user and company risk than policies alone do.”
To view the report in full, download it here.
If you have questions about your own enterprise data security, leave a message for the Tarsus SecureData team, or call +27 (0)11 790 2500.