Consumers are passing off security responsibility to others: Gemalto

A report from Gemalto has found that consumers are increasingly aware of online security risks but hold businesses responsible for the security of their data.
Written by Asha Barbaschow, Contributor

Consumers are putting the responsibility for protecting their personal data in the hands of the organisations holding their data, rather than themselves, a report from security firm Gemalto has said.

In compiling its 2016 Data Breaches and Customer Loyalty report, Gemalto surveyed 9,000 consumers from Australia, Benelux, France, Germany, Russia, UAE, Saudi Arabia, India, Japan, the United Kingdom, and the United States, and found that as a whole, respondents believe that 70 percent of the responsibility for protecting and securing customer data lies with companies and only 30 percent with themselves.

Despite leaving the responsibility with the organisation, only 29 percent of consumers believe companies are taking protection of their personal data "very" seriously, with 58 percent of respondents fearful of their data being stolen.

"Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business," said Jason Hart, CTO for Data Protection at Gemalto. "The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe.

"With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data."

The report says that over 60 percent of respondents said they would stop using a retailer if it suffered a breach, while 58 percent and 56 percent would stop using a bank or social media site respectively if they fell victim. 66 percent said they would be unlikely to do business with an organisation that experienced a breach where their financial and sensitive information was stolen.

87 percent of survey respondents said they use online banking, 80 percent have active social media accounts, and 79 percent have accounts used for online shopping.

"Most consumers are doing a range of activities online and it is likely that a number of companies are going to hold consumers' personal data," the report says. "Most consumers are aware of the risks that online accounts pose to their personal information, but are continuing to actively use them regardless."

89 percent of respondents believe that certain apps/websites are leaving their personal information exposed, 59 percent feel that social media apps/websites expose them to the greatest risk, and 34 percent feel that banking apps/websites leave them vulnerable, but the majority actively use them, the report notes.

Of those surveyed, 53 percent use the same password across some of their accounts, while 13 percent admitted to using the one password for everything.

When it comes to identity theft, 21 percent of respondents claim to have been the victim of fraudulent use of their financial information, while 15 percent said they have experienced fraudulent use of their Personal Identifiable Information (PII). Clicking on a fraudulent link was the cause of information theft for 34 percent of those who have fallen victim.

According to Gemalto, more than 4.8 billion data records have been exposed since 2013.

Recently, online learning platform Lynda.com notified users that it recently experienced unauthorised third party access to a database that contains contact information of account holders, their learning data, and courses viewed.

The LinkedIn subsidiary -- and now Microsoft subsidiary -- said there was no evidence the breach included the leak of passwords in the compromised data, but a spokesperson for LinkedIn told ZDNet at the time it had reset the passwords for approximately 55,000 Lynda.com users as a precautionary measure.

The Lynda.com breach came merely days after Yahoo disclosed that more than 1 billion accounts may have been stolen from company systems in another cyber attack.

Yahoo said in a statement that attackers stole the accounts in August 2013, a year prior to a previously disclosed attack in September 2014 when attackers stole around 500 million accounts.

Editorial standards