One in five UK consumers (21 per cent) have had personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach, according to new research from a business advisory firm. The survey of 1,500 consumers is included in the latest Deloitte Consumer Review, Consumer data under attack: the growing threat of cyber crime.
In the report, which focuses on cyber security in the consumer sector, 41 per cent of respondents said they often feel they are being targeted by cyber criminals. Two-fifths (39 per cent) had personal data stolen or deleted after having computers affected by a virus or malware, up from 26 per cent in 2013.
The research also suggests that overall consumer awareness of data collection and storage by businesses has risen to 87 per cent this year, up from 82 per cent in 2013. However, more than half (53 per cent) do not know the detail of the personal data that has been collected by organisations, up from 37 per cent in 2013. Similarly, just 23 per cent of respondents are confident that companies are transparent when it comes to using personal data, down from 29 per cent a year ago.
Three-quarters of respondents (73 per cent) would reconsider using a company if it failed to keep their data safe. This was a far greater concern to consumers than a company charging a higher price than the competition for an equivalent level of service (51 per cent), exploiting workers overseas (40 per cent) and damaging the environment (35 per cent).
Simon Borwick, director in the cyber risk services team at Deloitte, says: “The volume and value of data available online means that consumers are now more exposed than ever before. The rapid rise in e-commerce, both at a B2C and B2B level, has increased the amount of transactional data at risk of abuse. Consumer-facing businesses, particularly those that hold a lot of data, are particularly attractive targets for cyber criminals and fraudsters looking to profit from stealing personal information.
“Many organisations are struggling to prepare themselves to deal with the wide range of different cyber attacks. Cyber security has moved beyond simply being an IT issue; it is now a business-wide risk which requires immediate attention at the highest level.”
Consumers
Over two-thirds (72 per cent) think it is the responsibility of companies to provide them with the tools they need to protect their privacy, security and identity. Since 2013, there has been a significant increase in the number of consumers taking action following a security breach. The majority of respondents would conduct a security review after a cyber attack (76 per cent, up from 52 per cent in 2013), or reduce their online activity altogether (56 per cent, up from 34 per cent in 2013).
Borwick adds: “Organisations need to understand where their critical cyber assets are, as well as the impact of different assets being attacked. Line-of-business leaders must be central to developing this knowledge, which can be used to quickly identify where to focus investment in improving security, which can include patching weaknesses in their applications, encrypting sensitive data or tightening access control.”
Ben Perkins, head of consumer business research at Deloitte, says: “Consumers have been very clear in their message to businesses and third party organisations: data security is paramount. At the same time, consumers now have greater awareness of cyber crime and internet fraud and are, perhaps understandably, more distrustful of companies looking after their data. This leads to consumers not sharing as much information as they could when spending online. As we enter the height of the online retail season, with Black Friday and Cyber Monday set to break more records, consumers must remain vigilant and technologically-savvy when it comes to protecting their personal information online.”
The report also covers the implications of proposed European Commission regulations around data protection and privacy; the General Data Protection Regulation, which could come into effect in 2017. Borwick adds: “New European laws around data protection will aim to give more control to consumers over their own data. There is a clear window of opportunity for businesses to get ahead of the new regulations by implementing robust security measures. Not only will this help improve transparency, but it will also go a long way towards maintaining consumers’ trust and loyalty.”
Comment
David Kennerley, senior manager for threat research at cybersecurity firm Webroot, says: “The results of this survey shouldn’t be surprising. They highlight the very real impact that major cyber-breaches have on individual users. The fallout from attacks like the TalkTalk breach can continue for months after the event. But online protection has to be a joint effort from both businesses and consumers. Companies must invest in appropriate security measures to ensure consumer details are safeguarded but users have to take some responsibility for monitoring the information they share online. By regularly changing passwords, revoking app permissions and disabling browser add-ons, consumers can limit their exposure when a cyber-attack takes place.”
