One In Four People Would Be Willing To Buy Back Their Private Information From The Black Market

By   ISBuzz Team
Writer , Information Security Buzz | Aug 19, 2019 05:20 am PST

One in four people would be willing to buy back their private information from the black market, according to new research.

A study of 2,000 people explored the value placed on private information available online and keeping their passwords secure — and it found the number willing to buy back their information jumps to nearly 50 percent when asked of people who’ve previously experienced a hack.

In fact, a third are willing to shell out the big bucks if their personal information had been stolen. The average respondent revealed they’d be willing to spend $29,332 to buy back their stolen information on the black market.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Tim Mackey
Tim Mackey , Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
August 19, 2019 1:23 pm

There’s an interesting paradox in this report. With the average respondent willing to pay close to $30,000 to recover their information, why aren’t they willing to invest a similar sum in protecting their information rather than assuming data collectors are actively protecting their personal information? This question goes far beyond just implementing better passwords, or using password management tools, but extends to asking hard questions to any organization with personal data. Key questions would be:

What data do you have on me?
What have you done to protect it?
Have you ever at any point in time transmitted it to a third party? If so, who were they and if something goes wrong are you going to protect me?
What is the process you have to detect when unauthorized access to my information occurs?
How do I go about ensuring you’ve deleted all my information if I decide I don’t want to be your customer anymore?
While it might seem unreasonable to ask these questions, in asking them you are signaling just how serious you take protecting your data. Interestingly enough, these are the very types of questions which form the basis for the GDPR concepts of “Right of Access”, “Right to be Informed” and “Right to be Forgotten”. At a high level, they boil down to a core principles of “you can’t secure what you don’t know you’ve collected” and “a data breach will only ever include data which is retained” which for the consumer means “you can’t monitor for privacy issues when you didn’t know a given company had your data”. The really interesting thing about these five questions is that while any answer received might be full of technical details, you’ve also signaled to the organization that you take protecting your personal information seriously. That in of itself could trigger improved security outcomes for everyone.

Last edited 4 years ago by Tim Mackey

Recent Posts

Would love your thoughts, please comment.x