UK consumers demand to be told of all data breaches
The UK public wants to be informed whenever an organization suffers a data breach, and that more needs to be done to punish companies that lose sensitive information, according to LogRhythm.
The survey also shows that consumers call for breach notification laws that make it mandatory for all breaches to be reported to all customers – irrespective of scale.
In the survey of 1,000 consumers, conducted by OnePoll, two-thirds of respondents (66 percent) said that there should be legislation forcing organizations to declare any data breaches experienced, with the same percentage stating that customers should be told immediately.
While current EU legislation requires only affected customers of telecoms operators or ISPs to be notified, 64 percent of respondents reported a desire for all customers to be informed, regardless of whether their data was comprised. On a similar note, the majority of respondents feel that not enough is being done to uniformly punish organizations that lose sensitive data.
“The barrage of data breaches this year has clearly impacted the way in which consumers perceive the security of their personal information, which points to an urgent need for organizations to up the ante on data protection,” said Ross Brewer, VP and managing director for international markets at LogRhythm.
“EU data privacy laws go some way toward mandating full breach disclosure, but the feedback from consumers is that much more needs to be done – across industries far beyond the telecoms sector. However, with 53 percent of respondents admitting that they would think twice about doing business with breached organizations, businesses face a very difficult dilemma indeed.” Brewer added.
When it comes to consumer confidence, the results were equally bleak, with 48 percent believing it inevitable that their data will be compromised by hackers at some point. Echoing the results of a similar survey in November 2012, social media and gaming websites were deemed the least trusted keepers of personal information, while healthcare providers and financial services institutions were favored for security.
“Interestingly, when compared to last year’s results, the inevitability of data breaches is more apparent, which could be signalling a worrying era of data breach malaise. Perhaps, as initiatives such as the EU’s 24 hour breach notification regulations develop, we’ll see confidence increase and consumers becoming less resigned to the fate of their privacy. However, organizations should not be motivated solely by the threat of regulatory fines to keep data secure, and they must implement their own safeguards in an effort to reassure customers their information is safe – particularly with so many people willing to boycott the victim organizations.”
In light of ongoing allegations of government-sponsored espionage, respondents reported concern over the level of information sharing between large organizations and internet companies – with 63 percent worried about the impact this has on who sees their private data. In terms of national cyber security, 16 percent of British consumers believe government organizations are doing enough to protect national assets from cyber security threats, compared to just 11 percent in 2012.
“This year, the UK government has been very outspoken about its drive to commit more resources to cyber security, which could be a reason for the slight increase in public confidence – however, it has been a tough few months, and as NSA and GCHQ spying headlines continue to mount, confidence is understandably still low,” continued Brewer. “In any case, the research proves that more needs to be done by governments, industry regulators and organizations themselves to restore the confidence of those who matter most – the people handing over their private information. As consumers become more wary of how their data is used, there really is no room for excuses or lax security.”