One-in-five UK consumers (21%) have had their personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach. That’s according to new research conducted and published by Deloitte, the business advisory firm. The survey of 1,500 consumers is included in the latest Deloitte Consumer Review entitled Consumer Data Under Attack: The Growing Threat of Cyber Crime.
In the report, which focuses on cyber security in the consumer sector, 41% of respondents said they often feel they’re being targeted by cyber criminals.
Two-fifths (39%) had personal data stolen or deleted after having their computers badly affected by a virus or malware, a statistic which is up from 26% in 2013.
The research also shows that overall consumer awareness of data collection and storage by businesses has risen to 87% this year, a rise from 82% in 2013. However, more than half (53%) of those people questioned don’t know the detail of the personal data that has been collected by organisations, which is up from a figure of 37% in 2013.
Similarly, only 23% of respondents have confidence that companies are transparent when it comes to using personal data (down from an end result of 29% a year ago).
Three-quarters of respondents (73%) would reconsider using a given company again if it failed to keep their data safe. This was a far greater concern to consumers than a company charging a higher price than the competition for an equivalent level of service (51%), exploiting workers overseas (40%) or damaging the environment (35%).
Consumers now more exposed than ever
Simon Borwick, director in the cyber risk services team at Deloitte, commented: “The volume and value of data available online means that consumers are now more exposed than ever before. The rapid rise in e-commerce, both at a B2C and B2B level, has increased the amount of transactional data now at risk of abuse. Consumer-facing businesses, and particularly those that harbour a good deal of data, represent attractive targets for those cyber criminals and fraudsters looking to profit from stealing personal information.”
Borwick added: “Many organisations are struggling to prepare themselves to deal with the wide range of different cyber attacks. Cyber security has moved beyond simply being an IT issue. It’s now a business-wide risk which requires immediate attention at the highest level.”
Over two-thirds (72%) of respondents think it’s the responsibility of companies to provide them with the tools they need to protect their privacy, security and identity.
Since 2013, there has been a significant increase in the number of consumers taking action following a security breach. The majority of respondents would conduct a security review after a cyber attack (76%, up from 52% in 2013) or reduce their online activity altogether (56%, representing a rise from 34% in 2013).
Borwick stated: “Organisations need to understand where their critical cyber assets are, as well as the impact of different assets being attacked. Line-of-business leaders must be central to developing this knowledge, which can be used to quickly identify where to focus investment in improving security and can include patching weaknesses in their applications, encrypting sensitive data or tightening access control.”
Ben Perkins, head of consumer business research at Deloitte, explained to Risk UK: “Consumers have been very clear in their message to businesses and third party organisations: data security is paramount. At the same time, consumers now have greater awareness of cyber crime and Internet fraud and are, perhaps understandably, somewhat more distrustful of companies looking after their data. This leads towards consumers not sharing as much information as they could when spending online.”
Perkins went on to comment: “As we enter the height of the online retail season, with Black Friday and Cyber Monday breaking more records, consumers must remain vigilant and ‘tech-savvy’ when it comes to protecting their personal information in the online environment.”
Regulation on the horizon
The Deloitte report also assesses the implications of proposed European Commission regulations around data protection and privacy. The General Data Protection Regulation, which could come into effect in 2017, will aim to give more control to consumers in protecting their data. How consumers act on that new empowerment will depend largely on the extent to which they trust the businesses from whom they buy.
Borwick concluded: “New European laws around data protection will aim to give more control to consumers over their own data. There’s a clear window of opportunity for businesses to step ahead of the new regulations by implementing robust security measures now. Not only will this help improve transparency, but it will also go a long way towards maintaining consumers’ trust and loyalty.”
*The Deloitte research is based on several consumer surveys carried out by independent market research agencies on behalf of the company. The 2015 data is based on a survey that was conducted online with a nationally representative sample of 1,467 GB adults aged from 18 to 64. Fieldwork was undertaken between Friday 11 September and Monday 14 September 2015