What is your first response when you hear about the latest security breach by a company? If you are like most people, you’ve probably become quite desensitized – possibly unconcerned – by these security lapses. However, there is no doubt that these events have eroded consumer confidence.
The 2022 Thales Consumer Digital Trust Index: A Consumer Confidence in Data Security Report, found that Social Media companies (18%), Government (14%), and Media & Entertainment organizations (12%) all had the lowest level of consumer trust when it comes to keeping their personal data secure.
And whilst consumer confidence may be diminished, you have to wonder about the extent of the damage. Specifically, does a data breach seal an organization’s fate?
In the latest Security Sessions podcast, I joined host Neira Jones, and Carsten Maple, Professor of Cyber Systems Engineering, WMG and the University of Warwick to explore this very question. Here’s what we spoke about…
Do the global population trust in the protection of personal data?
One-third of the global consumer population has been impacted by a data breach. Interestingly, the level of trust varies significantly based on consumer geography. Consumers across Germany (23%), Australia, the UK and France (20%) were the least trusting nations when it comes to the protection of personal data and digital services. However, consumers across Brazil (95%), Mexico (92%) and UAE (91%), reported incredibly high levels of trust. It's likely that these differences can be accounted for by a broader awareness of the right to privacy and the result of data protection regulations, such as GDPR.
Geography isn’t the only factor that affects trust levels in the global population, it fluctuates based on industry too. Even though many organizations have made a concerted effort to protect data, the highest trust level (afforded to the Banking & Finance industry) does not exceed 42%. Meaning that more than half of the consumers surveyed have low data protection confidence in every industry, which is a sobering thought indeed. It is probably no surprise that social media has the lowest trust level amongst all populations globally.
What is it that impacts trust so negatively?
When we spoke, Carsten pointed out that trust directly correlates to breaches, reasoning that if an organization has strong data protection and privacy practices, they should be less susceptible to security events: hence, increased trust.
Contrary to the report, Carsten suggests that consumer awareness is less of a determinant of trust than a breach. That is, a breach rapidly decays trust. But there is also argument for a more practical approach, as there is no way to fully quantify the cause of trust erosion.
The regulatory approach is also important to address. The Thales report revealed that consumers want to see more action than just the imposition of fines against companies that violate privacy laws. Many of the fines are perceived as insignificant towards correcting the problems. Mandatory data encryption and multi-factor authentication are two such actions that many of the respondents would like to see codified into law.
Active remediation or compensation - what do consumers want?
Carsten explained two interesting points. Firstly, that consumers don’t necessarily want to be compensated for a data breach, but would rather the company correct the error instead. Secondly, he noted that most consumers would still use a product or service even after a breach, although, this may be out of sheer need, rather than any other factor.
It is surprising that the customers we work with prefer active remediation rather than fines against breached companies. Since encryption keeps even stolen data safe, customers would prefer that companies invest in implementing that technology. Hopefully, lawmakers take note of this finding. However, accurate inventory of data is an absolute necessity for any organization that endeavors to achieve change.
Where are we now?
So, what is the current landscape? Has privacy and data protection improved? Have budgets increased to enable better security? Moreover, does a data breach automatically seal an organization’s fate? If not, how many breaches might it take for a significant number of people to stop using a product or service?
Listen to the Thales cybersecurity podcast session to find out our thoughts…