UK consumers threaten data breach backlash

Such is the public awareness of data security today, that customers are now prepared to pass by businesses that cannot take care of personal information, a Gemalto study finds.

In a survey of 10,500 consumers, the digital security leader found discovered that two thirds (66%) of consumers would no longer do business with an organisation that experienced a data breach that saw their personal data stolen.

From a global perspective retailers (62%) are most at risk from this changing attitude, with banks (59%), and social media sites (58%) also in danger of being shunned if they fail to handle data responsibly.

The study also found that across all ages, 93% of those surveyed put the blame wholly on businesses and would think about acting against them. Social media sites worry consumers most, with 61% concerned companies in this space don’t adequately protect consumer data, followed by banking websites (40%).

High-profile intrusions

This year we’ve seen an increasing number of big-name brands embroiled in data breach trouble, such as Facebook / Cambridge Analytica, each of which has added to the rising tide of awareness about the importance of data protection and data privacy issues.

Presently, 70% of consumers consider the companies holding personal data must take full responsibility for protecting that data. Consequently, data protection has become a serious consideration for consumers when interacting with a brand, with 82% feeling an organisation should have stronger online security measures.

Belief is held by 91% of respondents that some of the applications and websites they use regularly may put the security of their personal identifiable information (PII) at risk.

Even though most consumers put responsibility for good data keeping on the shoulders of the organisation, only 25% feel companies take this responsibility very seriously.

Taking matters into their own hands, consumers are not giving businesses anywhere to hide, as the majority of respondents have either already provided organizations with feedback on what security methods they are offering (35%), have considered it (19%) or might in the future (33%).

Jason Hart, CTO of Data Protection at Gemalto said:

“Businesses have no choice but to improve their security if they want to address frustrated consumers that don’t believe the onus is on them to change their security habits.”

“Social media sites in particular have a battle on their hands to restore faith in their security and show consumers they’re listening – failing to do so will spell disaster for the most flagrant offenders, as consumers take their business elsewhere.”

It’s little shock that consumers are frustrated with the data protection situation on display within organisations, as a quarter of those surveyed have already been a victim of fraudulent use of their financial information (26%), 19% through fraudulent use of their PII, and 16% of identity (ID) theft.

Worse, consumers have no faith that things are going to improve, as two-thirds (66%) are worried that at some point in the future their personal information will be stolen.

Even with the fear that they may become victims of a data breach, consumers aren’t planning to change their behaviour online as they believe responsibility lies with the companies holding their data. This could explain why over half (55%) of respondents continue to use the same password across different accounts.

In addition to switching brands, young people are more prepared to go further and participate in legal action against brands that lose their data than older generations.

Nearly seven in 10 (67%) 18-24-year olds revealed they would take fraudsters and brands that suffered a breach to court, compared to just 45% for 65s and over, with a further 28% of generation z (18-24 year olds) at least considering it.

“This should be a wake-up call to businesses that consumer patience has run out. It’s clear they have little faith that organizations are taking their data protection seriously, or that their concerns will be heard, forcing them to take action themselves,” Hart adds.

“As young people become the big spenders of the future, businesses are risking not only alienating their current and future revenue streams but also their reputation if they continue to give the impression that they don’t take data security seriously. Moving forward businesses must start doing the basics properly; protecting their most valuable asset, data, with the correct security controls.”


The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.

Pre-registration for DPWF 2019 will be opening in the coming weeks.

https://www.dataprotectionworldforum.com/