• United States




Data breaches are taking a toll on customer loyalty

Jan 24, 20184 mins
Data BreachSecurity

Concern about data breaches among consumers is high.

vulnerability frayed rope insecure breach weak
Credit: Thinkstock

Data breaches are happening on a daily basis. And as the number of breaches has soared, the scale of attacks has escalated as well. According to the Breach Level Index, 1.9 billion data records worldwide were compromised during the first half of 2017 due to 918 data breaches. The number of lost, stolen or compromised records increased by an overwhelming 164 percent compared to the last six months of 2016. (Disclosure: the Breach Level Index is operated by Gemalto, where I am employed.)

This year saw major security incidents affecting numerous high-profile corporations such as Equifax and Deloitte. And the consequences of such breaches now appear to be moving beyond the direct financial impact. As businesses struggle to maintain and protect consumer data, consumers are growing wary of both the attitude and practices those organizations take in order to do so.

A recent study from my employer Gemalto surveyed over 10,000 consumers worldwide and reported that the majority (69 percent) of them feel that enterprises don’t take the security of their data very seriously. Moreover, a whopping 70 percent of consumers stated they would stop doing business with an organization if it experienced a data breach.

Concern among consumers is high. Two-thirds (67 percent) of consumers fear that they will fall victim to a data breach in the future, and they know who they’ll blame if their personal information is stolen; sixty-two percent of consumers believe that companies are primarily responsible for the security of their information, and an overwhelming 93 percent of consumers said they would take or consider taking legal action against an enterprise that has been breached.

In response, and with the dawn of GDPR and other data regulations approaching, businesses will soon likely be forcing stronger security practices onto their customers. The time when these solutions were simply offered as an option is coming to a close as companies face the prospect of getting sued by consumers. 

So, who do consumers trust the most with their data? According to the survey, a third (33 percent) trust banks the most even though they are frequently targeted by hackers. Next on the list are industry-certified bodies (12 percent), device manufacturers (11 percent) and the government (10 percent). Social media is the business that consumers trust the least with 58 percent of survey-takers stating they believe it is one of the biggest threats to their data. One in five (20 percent) are fearful of travel sites, and one in ten (9 percent) think no sites pose a risk to them at all.

As for consumers’ own security hygiene, it appears that they expect to put in little effort while holding enterprises accountable for the security of their data. The Gemalto study goes on to reveal the bad habits that consumers have in regard to their own data’s security. Poor security hygiene and a failure to take advantage of available security measures is putting their data at risk. Over half (56 percent) of consumers continue to use the same password for multiple online accounts, even when more effective tools, like two-factor authentication, are available. Forty-one percent stated that they don’t use the technology offered to secure social media accounts either, therefore leaving themselves unnecessarily vulnerable. These figures support the notion that it is necessary for businesses to push their customers to follow particular protocols to ensure the security of data. Otherwise, companies will be left to deal with more problems in the long run.

There has never been a more critical time for people to practice basic cybersecurity hygiene. An alarming number of breaches – 80 percent – are a result of weak or previously stolen credentials. However, the urgency of this matter still falls largely on providers. They must ensure that their tools and technologies aren’t exposing customers to risks and is protecting their systems from malware or other harmful content.

Malicious hackers have no intention of slowing down anytime soon. Businesses and their customers will need to make improvements in order to restore a greater level of trust.


As a former ethical hacker with decades of experience in the information security industry, Jason Hart has used his knowledge and expertise to create technologies that ensure organizations stay one step ahead of the risks presented by ongoing advances of cyberthreats. He is currently CTO for data protection at Gemalto, where he is responsible for developing the company's encryption and crypto management offerings.

Hart has published numerous articles and white papers, and he often appears as an expert adviser on cybersecurity issues on national TV -- on BBC, CNN and CNBC, among other major news networks -- and on radio and in print media. In addition, he regularly provides advice on information security matters to governments, law enforcement agencies and military organizations, and he is vice chairman of E-Crime Wales.

The opinions expressed in this blog are those of Jason Hart and do not necessarily represent those of IDG Communications Inc., or its parent, subsidiary or affiliated companies.