With a potential fine of up to 4% of global annual turnover, the General Data Protection Act (GDPR) and other new regulations have left businesses fearing the fallout of failing to adequately protect customer data.
However, a data breach could have a far bigger financial impact on a business than these initial regulatory fines.
According to new research from digital security company Gemalto, in which 10,500 consumers in the United Kingdom were surveyed, some 93% of respondents said that they would blame the business should a data breach occur. Likewise, 70% of consumers said they would stop doing business with a brand entirely should it suffer a breach involving financial or sensitive information.
This is particularly concerning for retailers that increasingly rely on online sales and store customer information such as credit card numbers. Some 62% said they would stop shopping with a retailer following a breach, which could be far more damaging to turnover than GDPR.
The study also found that 59% would switch banks if their data was breached, while 58% would close their social media accounts.
“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits,” Jason Hart, Chief Technology Officer for Data Protection at Gemalto. “Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”
Consumers waking up to data protection rights
Following a number of large scale breaches this year, from the Cambridge Analytica scandal that exposed Facebook user data to third parties, to the Ticketmaster, British Airways and Marriott breaches that were reported throughout the year, consumers are becoming more aware of data privacy issues and their right to adequate data protection.
The survey found that 70% of consumers now understand that businesses are responsible for the data that they hold, with 82% expressing concerns over the online security of businesses that they interact with. Some 91% believe that they currently use an application or website that puts their personal data at risk.
Consumers are becoming more aware of their data and how it is supposed to be handled, which is likely a result of the sheer scale of recent breaches and the amount of people that they impact. The survey found that a quarter of consumers have been victims of fraudulent activity carried out using their financial information.
Likewise, 66% of consumers are concerned that their personal information will be stolen in the future. According to Sam Curry, chief security officer at Cybereason, those concerns may already be reality.
Following the Marriott hotels breach, which exposed the data of 500 million customers, Curry told Verdict:
“With mega breaches like this one, in general we have become desensitised with the astronomical numbers,
“What does 500 million, one billion or five million names mean, as when we start to get this high it’s likely that every living human on the face of Earth has been hacked?”
As the issue of data theft and fraud gets tougher for consumers to avoid, so too will the problem for businesses.
With young people, in particular, showing concern over the way their data is handled, businesses could face costly legal battles like the one recently settled by Yahoo!, in which the internet company agreed to pay out $50m to customers who had their data stolen in a 2014 hack.
The Gemalto survey found that 67% of 18-24 year olds would be willing to take legal action against fraudsters and businesses involved in a data breach. A further 28% would also consider it.
“This should be a wakeup call to businesses that consumer patience has run out. It’s clear they have little faith that organisations are taking their data protection seriously, or that their concerns will be heard, forcing them to take action themselves,” Hart said.
“As young people become the big spenders of the future, businesses are risking not only alienating their current and future revenue streams but also their reputation if they continue to give the impression that they don’t take data security seriously.
“Moving forward businesses must start doing the basics properly; protecting their most valuable asset, data, with the correct security controls.”