Two surveys have been released recently that show the way consumers think about enterprise data breaches.
The first survey, conducted by HyTrust, isn’t surprising. It found that the majority of consumers will take their business elsewhere after discovering their information was compromised in a breach. And consumers aren’t patient on this matter. For approximately 45 percent of survey respondents, data security is a one strike and you’re out deal – they aren’t going to wait around for your company to get its act together and fix the security holes.
Also, that 45 percent wants to see companies held criminally negligent when a data breach occurs. Eric Chiu, president and co-founder of HyTrust, told eWeek that this survey result may have been the most surprising statistic to come out of the survey, adding:
This is a good indication that consumers are frustrated, perhaps even angry, that breaches like this continue to happen so often and on such a large-scale basis; they’re tired of companies not doing enough, and perhaps not even caring enough, and feeling like they're essentially playing Russian roulette with their private information.
At the same time, consumers are angry and threatening not to put up with lax security practices anymore. A study by Software Advice found that consumers are suffering from data breach fatigue and, with few exceptions, tend to forget about major breaches of the recent past.
In May 2014, HyTrust’s Chiu wrote about the eBay breach in a blog post, stating that more than 100 million users were affected. The Software Advice survey found that, only four months later, 77 percent of consumers had forgotten all about the eBay breach or had no idea that it ever happened. In fact, it seems like the only breach that has remained on our minds is the Target breach from last year, and more are aware of the Target breach than the Home Depot breach that was revealed just a few weeks ago. (This may have to do with the Target breach being used as the standard to which every other breach is compared by the media and security experts alike.)
Data breach fatigue can be just as problematic for companies as an actual data breach. As Dave Frymier, CISO for Unisys, stated in a Baseline Magazine article, consumers are growing weary of the “endless drumbeat of incidents,” adding:
This is bad news for businesses, because the average consumer has little incentive to avoid risky online behavior. Businesses and banks will have to decide at what point it becomes more cost-effective to improve their security than to bear the costs of cyber-crime.
This circles right back to the HyTrust survey. Consumers have options. Consumers believe companies should be held liable when personal data is compromised. And they are also tired of hearing that companies aren’t doing enough about security on their end. As Chiu said in a statement:
Every security breach clearly has a direct impact on operations, but there’s now clear evidence that there’s extensive brand damage as well, and the executives involved will have to pay the price.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba