As fraud continues to surge during the holiday period, consumers are becoming less tolerant of companies\u2019 inadequate data-protection practices, according to new survey findings that suggest 70 percent of consumers would stop doing business with a company following a data breach at that company.Fully 69 percent of the more than 10,000 consumers surveyed in Gemalto\u2019s Data Breaches and Customer Loyalty 2017 said they don\u2019t believe businesses take the security of consumers\u2019 data very seriously. Retailers were most at threat, with 61 percent of consumers saying they would leave a retailer after a data breach \u2013 comparable to the 59 percent the said same about banks and 58 percent, social-media companies.The figures can only be worrying for companies that face growing scrutiny over their handling of consumers\u2019 personally identifiable information (PII) in coming months. Not only are consumers becoming sensitised to large-scaled data breaches after mass breaches at organisations like Uber, Medicare and the Australian Broadcasting Corporation \u2013 but many are likely to be aware that upcoming Notifiable Data Breach (NDB) legislation will force Australian companies to come clean when they suffer a data breach.Despite these pressures, many companies still aren\u2019t updating essential security practices such as privileged-account management controls, which can track and limit employees\u2019 use of sensitive PII.Users are little better, according to the Gemalto figures: fully 41 percent of respondents said they do not use two-factor authentication to protect any of their social-media accounts, and 56 percent said they use the same password across all or some of their accounts.This, despite findings that 67 percent of respondents are concerned that their PII will be stolen at some point \u2013 and that 17 percent have already been hit by fraudulent use of their PII. Yet the surveyed consumers believe companies bear two-thirds of the responsibility to protect user data \u2013 and 93 percent of consumers said they would, or would consider, taking legal action against a company that allowed their data to be breached.There is little consolation if less-sensitive data is stolen: although two-third of Gemalto respondents said they would stop their custom of a company where financial and sensitive information were stolen, 51 percent said they would still do so where passwords were stolen \u2013 and 49 percent would leave even if only non-financial information was stolen.Australian companies have already been warned about the potential hit on share price will have nowhere to hide once NDB provisions force them to expose incidents that could potentially open them to consumer action.The Gemalto findings reinforce recent Centrify research that found companies with poor security exposure saw customer churn increase by 7 percent \u2013 and that a third of Australian consumers had cut their relationship with a company after a data breach.With online shopping exacerbating security risks during the holiday season, the figures take on new currency in the wake of Jumio findings that fraud over the Black Friday-Cyber Monday period increased 182 percent from 2014 to 2016.Cybercriminals are wasting no time in exploiting fake photos and IDs as they try to turn data breaches into fraud opportunities. Increasing targeting of consumers\u2019 financial data is highlighting cybercriminals\u2019 underlying efforts to monetise PII, and companies offering inadequate protections are doing little to limit that potential.Poor protections also raise implications about the monetisation of personal information about consumers \u2013 a trend that has motivated both dark-web hackers and otherwise-legitimate businesses to straddle the line between privacy and exploitation.Concerns about the integrity of data-collection schemes have led no less than United Nations special rapporteur Joe Cannataci to warn about the unfettered collection and monetisation of personal data, with a report delivered to the UN General Assembly warning of a vacuum in international law around online surveillance and privacy. Comment on that report is open through March, when an international conference will be held in Australia to discuss its preliminary conclusions.