One In Four People Would Be Willing To Buy Back Their Private Information From The Black Market

One in four people would be willing to buy back their private information from the black market, according to new research.

A study of 2,000 people explored the value placed on private information available online and keeping their passwords secure — and it found the number willing to buy back their information jumps to nearly 50 percent when asked of people who’ve previously experienced a hack.

In fact, a third are willing to shell out the big bucks if their personal information had been stolen. The average respondent revealed they’d be willing to spend $29,332 to buy back their stolen information on the black market.

Experts Comments

August 19, 2019
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
There’s an interesting paradox in this report. With the average respondent willing to pay close to $30,000 to recover their information, why aren’t they willing to invest a similar sum in protecting their information rather than assuming data collectors are actively protecting their personal information? This question goes far beyond just implementing better passwords, or using password management tools, but extends to asking hard questions to any organization with personal data. Key.....Read More
There’s an interesting paradox in this report. With the average respondent willing to pay close to $30,000 to recover their information, why aren’t they willing to invest a similar sum in protecting their information rather than assuming data collectors are actively protecting their personal information? This question goes far beyond just implementing better passwords, or using password management tools, but extends to asking hard questions to any organization with personal data. Key questions would be: What data do you have on me? What have you done to protect it? Have you ever at any point in time transmitted it to a third party? If so, who were they and if something goes wrong are you going to protect me? What is the process you have to detect when unauthorized access to my information occurs? How do I go about ensuring you’ve deleted all my information if I decide I don’t want to be your customer anymore? While it might seem unreasonable to ask these questions, in asking them you are signaling just how serious you take protecting your data. Interestingly enough, these are the very types of questions which form the basis for the GDPR concepts of “Right of Access”, “Right to be Informed” and “Right to be Forgotten”. At a high level, they boil down to a core principles of “you can’t secure what you don’t know you’ve collected” and “a data breach will only ever include data which is retained” which for the consumer means “you can’t monitor for privacy issues when you didn’t know a given company had your data”. The really interesting thing about these five questions is that while any answer received might be full of technical details, you’ve also signaled to the organization that you take protecting your personal information seriously. That in of itself could trigger improved security outcomes for everyone.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.