A global study of consumer attitudes towards company stewardship of personal data conducted by the Economist Intelligence Unit shows that data breaches can cause major damage to the business of the companies affected.
More than 32% of respondents in the study said they “strongly agreed” with the statement that, in the event of a data breach, they would cease to do business with the organization concerned.
When they were asked whether they had personally suffered a data breach in the past two years, 23% of respondents said they had. Describing how they had reacted to a breach, 38% said they no longer did business with the organization concerned “because of the data breach.”
“Consumers clearly feel very strongly about the perceived betrayal of trust that a data breach represents,” said Paul Bantick , who heads Beazley’s Technology, Media and Business Services team in London. “The ripple effects can be very wide – the EIU research also found that 46% of respondents that had suffered a data breach had advised friends and family to be careful of sharing data with the organization.
“There appears to be a strong willingness not just to cease doing business with a company that loses your data but to tell your family and friends about it – so there’s a clear multiplier effect in terms of the reputational damage that can be inflicted,” said Bantick.
The study also revealed widespread unease about the stringency of regulation concerning the misuse of customer data. More than 70% of respondents in Europe and the US said that regulation was not strong enough, as did 69% of respondents in Asia. Incentives for businesses to protect personal data were seen as inadequate by nearly 70% of respondents, with little variation among European, American and Asian respondents.
“It is clear that one of the biggest problems is transparency and complexity,” Nellie Kroes , the European Commissioner for the Digital Agenda in Europe, is quoted in the report as saying. “People may even be protected [legally], but may not know because [the regulations or contracts] are too complex.”
The European Commission is seeking to strengthen regulation in this area and has proposed the adoption throughout the European Union of a General Data Protection Regulation to make the rights and protections of citizens clearer.
The EIU study suggests that perceptions of data security at various organizations vary widely. For example, only 10.6% of respondents thought their data “very secure” with online retailers, versus 17.2% with healthcare providers such as doctors and hospitals, and 17.6% with the government or government agencies.
By a large margin, the most secure organizations were perceived to be banks and other financial institutions, with more than 41% of respondents perceiving them as “very secure,” 49.8% as “moderately secure,” and only 6.6% as “not secure at all.”
The study reflects the views of more than 750 consumers around the world, exploring in detail the link between trends in privacy and data security with businesses’ use of consumer data. The EIU’s report also includes commentary from regulators and business leaders on the study’s findings, and you can download it here (registration required).