It’s official: Most consumers do not feel like their private data is indeed being kept private.
Looking around at the headlines, where high-profile breach after high-profile breach is documented, the lack of trust in data security is no surprise. Whether it be through a corporate breach, where consumers’ confidential information is revealed as part of thousands of records stolen or inappropriately handled, or an attack that they themselves initiate via inappropriate use of their personal computer or mobile phone, or anything in between, breaches have caused consumer distrust to become rampant when it comes to whether or not their personal information is being kept safe. This is hammered home in a recent Global Survey on Internet Security and Trust report from CIGI-Ipsos, in which only 38 percent of consumers surveyed trusted that their activities on the internet are not being monitored.
Stop for a moment and think about how much of our lives are now conducted online, or are connected in some way. When you wake up in the morning, you likely check personal and perhaps work email from a tablet or mobile device. You might update Facebook, Instagram or Twitter. You may ask your Amazon Echo what the weather and traffic is like on your way to work. You might place a grocery order online, or order a new supply of toilet paper. On the ride into work, you might use a Bluetooth headset to listen to voice mails or catch up on the day’s headlines. When a large majority of our everyday life is conducted online, how did the industry get to a point where the consumers who have bought into this “connected vision” don’t feel safe being online?
Symantec conducted a survey on privacy within the European Union, and found that 59 percent of respondents have experienced a data protection issue in the past. Reported issues included being notified of a data breach by a company that had access to some of their personal information, having an email or social media account hacked, having bank details stolen, being a victim of online identify theft, getting a computer virus, or responding to an online scam or fake email. Overall, 57 percent of respondents reported being worried that their data is not safe.
The National Telecommunications & Information Administration (NTIA) in May released a report that correlates how connected we are online with a higher risk of data breaches. The report found that while 9 percent of online households that used just one type of computing device (such as a desktop, laptop, tablet, Internet-connected mobile phone, wearable device, or TV-connected device) reported a security breach, 31 percent of those that used at least five different types of devices reported a breach.
Furthermore, there is a potential economic impact to consumers’ distrust. The report also found that consumers are so concerned with privacy and security on the Internet that their household opted out of participation in certain online activities. Forty-five percent of online households reported that these concerns stopped them from conducting financial transactions, buying goods or services, posting on social networks, or expressing opinions on controversial or political issues via the Internet, and 30 percent refrained from at least two of these activities. In households that experienced a breach, these percentages are even higher.
This fear and distrust is not without good reason. In Symantec’s April 2016 Internet Security Threat Report (ISTR), the security firm estimated that if all breaches that occurred in 2015 reported the number of consumers worldwide impacted, it would total an estimated half-billion people.
Financial information such as credit card numbers are still coveted information, although their per-card value is going down and their shelf life is short since credit card companies and credit card owners are using technology to shut down fraudulent transactions quickly. Instead, the new sought-after information is information from insurance, government and healthcare organizations that is being targeted. The more details someone has about an individual, the easier it is to commit identity fraud, and targeting these groups provides more complete profiles of individuals to criminals. Real names are still the most common (78 percent) type of information exposed, according to the ISTR, followed by home addresses, birth dates, Government IDs (such as Social Security numbers), medical records, and financial information.
Businesses can and should be doing much more to secure customers’ private and oftentimes sensitive information, reducing the risk for everyone. History has shown that when encryption solutions—including email encryption—are deployed properly, they work well. But communications with customers requires a different set of criteria than internal communications or communications with partners. User experience is key, according to a recent research note from Gartner, consumers are likely to resist the installation of third-party software or apps on their devices to access secured content.
In summary, consumers today have become much more discerning about their online activities, and know controlling their online activity plays a role in helping protect their privacy. However, the organizations they do business with need to take the security of customers’ private data just as seriously, and invest the time, effort and budget into ensuring its safety.
By Greg Aligiannis, Senior Director of Security at Echoworx
CIGI-Ipsos Global Survey on Internet Security and Trust
Symantec State of Privacy Report
U.S. Census Bureau NTIA Computer and Internet Use Supplement
Symantec Internet Security Threat Report Vol. 21
Gartner Guide to Email Encryption