A new poll from KPMG Canada out today underscores the impacts that cyberattacks have on consumer sentiment. Among several key findings: nine in ten respondents say they’re “leery” of sharing personal data with a company that’s been breached, and more than four in five would seek to take their business elsewhere. In response, experts with Gurucul and Stealthbits offer perspective.
It’s interesting to see consumers taking a more definitive stand on their expectations of corporate data security. It’s also encouraging to see them being more discerning in terms of their online activities. Reputational damage and customer loss have long been used as talking points for those looking to convince the powers that be that investment and attention is not only warranted but required to mitigate the risks of data breach and compliance failure. These statistics indicate the warnings and potential consequences may be quite real and not merely a tactic to sway the conversation via fear, uncertainty, and doubt (aka FUD).
That said, just as consumers have come to the realization that the security and privacy of their data are more important than they may have initially thought, they must also understand that the protection of their data is an increasingly difficult task for most organizations. The movement of data across hybrid infrastructures, the lack of funding, manpower, talent, and technological sophistication, and the competitive landscape that exists in the industry today are just a few significant factors in the data protection equation that organizations must wrestle with and that attackers only benefit from. It’s not hard to see the situation between consumers and businesses getting worse as consumer expectations and the difficulty in meeting those expectations increase simultaneously.
The recent study by KPMG of Canadian users highlights a couple of important points. First, users are becoming more aware of their risks on-line, and have largely lost faith in on-line businesses to safeguard their data. As a result, they are becoming more careful about what they reveal and to whom.
It also points out that organizations will have a hard time regaining user trust once it\’s lost, which means they need to be doing more to prevent these breaches in the first place. Organizations need to carefully review their security stacks to stop intruders from getting in, and use contextual tools, such as behavioral analytics, to identify an attacker quickly when they do get it.
Investing in adequate security upfront can reduce the losses from a breach when it happens.