Who is Responsible for a Data Breach?

Cybersecurity is clearly a hot topic of discussion as cyberattacks grow in scale and continue to impact all industries. While it is safe to say that most individuals, financial institutions, business organizations, etc., are all hyperaware of the growing online security threats, a new report from Gemalto indicates that consumers hold organizations - not themselves - chiefly accountable for protecting their personal data, and thus are primarily at fault when it comes to data breaches. Over 9,000 consumers were surveyed for the report across the globe. Overall, 70% of respondents reported they think the responsibility of protecting and securing customer data lies with companies, and only 30% of individuals believe they are responsible.  

Top Threats

Over 87% of respondents have online/mobile banking accounts, 80% have social media accounts and 79% have online retail accounts. These stats show that as nearly every transaction moves online, from financials to shopping to entertainment, there is a growing risk for cybercrime in nearly every aspect of a consumer’s life.

When it comes to data breaches, 21% of respondents reported that they’ve had had their financial information stolen, 20% reported that their personal details have been used fraudulently and 14% have been victims of identity theft.

As the data shows, there are a number of different ways a consumer can be subjected to a breach, ranging from the innocuous such as reading the wrong email, to phishing scams, to even a few that can be attributed to an individuals’ own negligence. Corrupt websites and fraudulent web links top the chart where fraudsters often target consumers. Skimming, which has been a growing issue over the past few years, accounted for 20 percent. Yet aligned with the idea of primarily placing blame on an organization, over a quarter (27%) of respondents attributed the breach to a company’s inadequate data security solutions.

Ramifications of a breach – Consumer Confidence

Only 29% of respondents think that companies take protection of their data seriously indicating extremely low consumer confidence in the organizations they are doing business with.  This could be due to the fact that many consumers report weak security measures. 84% reported that passwords are still the most common authentication method used for online banking – stronger solutions such as two-factor authentication and data encryption fall behind.

Companies need to take notice of this low consumer confidence– besides the massive financial losses that go along with a data breach, there are many intangible effects that happen when an organization is hacked. Take Target for example - going beyond the huge financial losses the company suffered following its breach in 2013, the company’s reputation also took a huge hit.

With 66% of respondents saying they would be unlikely to do business with an organization that has undergone a breach again, there is a big need for companies to put the online security measures in place, or more strongly communicate that they are taking the steps to protect clients’ data, in order to instill greater trust and brand confidence.

In early 2015, we wrote about the the most common data security misconceptions organizations make. Most of that is still applicable today. Check it out below: