A majority of consumers are willing to walk away from businesses entirely if they suffer a data breach, with retailers most at risk, according research from Gemalto, the world leader in digital security. Two-thirds (66%) are unlikely to shop or do business with an organization that experiences a breach where their financial and sensitive information is stolen. Retailers (62%), banks (59%), and social media sites (58%) are the most at risk of suffering consequences with consumers prepared to use their feet.
Surveying 10,500 consumers globally, Gemalto found that, across all ages, 93% are placing the blame squarely on businesses and would think about acting against them. Social media sites worry consumers most, with 61% concerned companies in this space don’t adequately protect consumer data, followed by banking websites (40%).
Companies held responsible as consumers act
With the rising awareness of data protection and data privacy issues, consumers now believe the majority (70%) of responsibility for protecting their data rests on the company holding it. This has made data protection a major consideration for consumers when interacting with a brand, with 82% wanting organizations to have greater online security measures. These concerns are prompted by 91% believing that there are applications and websites they currently use which pose a risk to the protection and security of their personal identifiable information (PII).
Despite consumers placing the responsibility firmly in the hands of organizations, only a quarter feel as though companies take the protection and security of customer data very seriously. Taking matters into their own hands, consumers are not giving businesses anywhere to hide, as the majority of respondents have either already provided organizations with feedback on what security methods they are offering (35%), have considered it (19%) or might in the future (33%).
“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” says Jason Hart, CTO, Data Protection at Gemalto. “Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”
A troubled past and frustrated future for consumers
It’s unsurprising that consumers are frustrated with the state of data protection within organizations. A quarter of those surveyed have already been a victim of fraudulent use of their financial information (26%), 19% through fraudulent use of their PII, and 16% of identity (ID) theft. Worse, consumers have no faith that things are going to improve, as two-thirds (66%) are worried that at some point in the future their personal information will be stolen.
Even with the fear that they may become victims of a data breach, consumers aren’t planning to change their behaviour online as they believe responsibility lies with the companies holding their data. This could explain why over half (55%) of respondents continue to use the same password across different accounts.
In addition to switching brands, young people are more prepared to go further and participate in legal action against brands that lose their data than older generations. Nearly seven in 10 (67%) 18-24-year olds revealed they would take fraudsters and brands that suffered a breach to court, compared to just 45% for 65s and over, with a further 28% of generation z (18-24 year olds) at least considering it.
“This should be a wake-up call to businesses that consumer patience has run out. It’s clear they have little faith that organizations are taking their data protection seriously, or that their concerns will be heard, forcing them to take action themselves,” Hart continues. “As young people become the big spenders of the future, businesses are risking not only alienating their current and future revenue streams but also their reputation if they continue to give the impression that they don’t take data security seriously. Moving forward businesses must start doing the basics properly; protecting their most valuable asset, data, with the correct security controls.”