New research from Thales has revealed that there is a lack of consumer trust across industries to protect their personal data. The 2022 Thales Consumer Digital Trust Index: A Consumer Confidence in Data Security Report, conducted by Opinium, and in partnership with the University of Warwick, found that Social Media companies (18%), Government (14%) and Media & Entertainment organisations (12%) all had the lowest level of consumer trust when it comes to keeping their personal data secure.
In contrast, the research found that Banking & Finance (42%), Healthcare Providers (37%) and Consumer Technology Companies (32%) were the most trusted industries by consumers to protect their sensitive information. Based on a survey of more than 21,000 consumers worldwide, the report highlights how global citizens react to data exposures – both in personal behaviours and in attitudes towards companies that experienced a data breach, and the levels of trust they place across a wide range of industries as well as governments.
There were also significant differences between the levels of trust consumers have across countries when it comes to the security of their personal data. Consumers across Germany (23%), Australia, the UK and France (20%) were the least trusting nations when it comes to the protection of personal data and digital services. In comparison, consumers across Brazil (95%), Mexico (92%) and UAE (91%), reported the highest levels of trust. These differences in trust among countries are likely the result of the data protection regulations, such as GDPR, that generate a broader awareness of the right to privacy and lack of trust.
Consumers feel the impact
The report found the vast majority (82%) of consumers worldwide reported a negative impact on their lives following a data breach. Fraudulent use of their financial information (31%), fraudulent use of their Personal Identifiable Information (PII) (25%) and targeted for tailored scams based on their information (25%) being the main impacts. Interestingly, financial fraud was reported the highest across each country, with the only exception being:
- Germany (PII fraud: 31%)
- Japan (identity theft: 30%)
- UK (tailored scams: 25%)
Consumers protecting themselves
When it comes to protecting themselves, a fifth (21%) of consumers worldwide have stopped using a company that have suffered a data breach. In fact, one in ten (8%) have taken legal action against a company, with a similar figure (9%) considering it.
Furthermore, Banking & Financial Services are where the majority of consumers (69%) are likely to spend most of their time adding additional security measures to protect and secure the personal data they store with them. This is followed by securing email communication (54%), social media (48%) and online shopping or ecommerce (44%). Only a third (33%) of consumers spend time implementing additional security measures in healthcare and only a quarter (24%) implement it for travel-related industries.
Carsten Maple, Professor of Cyber Systems Engineering, WMG and the University of Warwick, comments: “Data breaches are so commonplace now, it is interesting and important to ascertain what consumers feel about this issue, which sectors they trust and what they feel needs to be done. This report provides new insights into these issues, highlighting that there is a lack of trust in social media companies protecting consumer data, which might be expected. However, there is also strong distrust in governments protecting data. What’s more, it shows that a significant number of those that have suffered a breach have taken clear action, including withdrawing from the service or taking legal action.”
Actions speak louder than words
When it comes to what should happen to organisations that suffer a data breach, consumers across the world agree that better data security measures, such as encryption and user authentication protocols, should be implemented. More than half (54%) believe this should be mandatory. This was closely followed by, compensating victims (53%), employing specialists to ensure it doesn’t happen again, (46%), being responsible for finding victims data and having it returned (43%), following more stringent regulation (42%).
Of interest to regulators, is that the lowest priority from consumers to take action against those companies that had a data breach was for them to receive large fines, with just above three in 10 (31%) believing that this should be done.
Philippe Vallée, Thales’ Executive Vice-President, Digital Identity and Security, comments: “Consumers around the world have shown how important security is to them when it comes to digital services and their personal data. Whilst many would assume that compensation would come out top of the agenda, it is the protection of the system and future users that came out on top. What’s more, almost twice as many consumers wanted to ensure that the risks of future data breaches were mitigated by implementing better encryption and authentication protocols than receiving large fines, which indicates that they want to see real tangible change when it comes to security practices used.
“It’s clear that there is growing acceptance amongst consumers that there is risk and reward to their own cybersecurity; putting more time and emphasis on securing those parts of their online lives that mean the most to them. However, with data continually becoming more valuable, this should serve as only a lesson to those across other industries in practicing best practice and implementing good cyber hygiene.”