Data breaches have eroded consumer faith in security, Fujitsu finds

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://news.idg.no/cw/art.cfm?id=D1C332C9-9108-BA71-A10E39B578DCF152

A decade of data breaches has left barely one in ten UK consumers with
faith in the ability of large organisations to safeguard their personal
data, a survey for Fujitsu has revealed.

The poll of 3,000 consumers from around the country found consistently low
levels of trust regardless of the sector holding the data. Things are
apparently so bad that the usually disliked banks were actually rated the
highest for data trust at 36 percent, ahead of supermarkets, online
retailers, local and central government. Social media came bottom on 15
percent.

When asked which factors had influenced their view of trust in the last
year specifically, 19 percent mentioned a data breach incident they'd seen
reported, 21 percent the existence of the NSA's PRISM, with around half
believing they had simply become more aware of the issue.

"The results of our research showed consumer tolerance for data loss is at
an all-time low. With consumers battling to understand the impact on their
personal information if a company is hacked, there is no room for error
anymore," said Fujitsu's UK & Ireland CSO, David Robinson.

"The effort required here is industrial, as companies are no longer
fighting against individuals, but a sophisticated criminal industry,
designed solely to access their data. We describe organisations in two
groups, those who have been hacked, and those who will be, for no reason,"
he said.

Consumers don't trust anyone it would appear but a larger question is
whether any of this actually matters.

Surveys consistently show that people believe their data is not secure and
that they don't trust organisations to look after it and yet the same
populations hand over data in ever growing quantities. Perhaps the decrease
in trust is an extension of people's cynicism about all organisations or
possibly mistrust is an entirely positive response to an uncertain world
that psycholgically equips people to cope with disappointment.

Alternatively, people do trust organisations in a pragmatic way whilst
expressing some doubt about this only when questioned in polls.

Interestingly, Fujitsu did uncover a widespread vagueness about precisely
what data is being collected by firms with nearly 90 percent simply wishing
organisations would stop storing data even when held for the benefit of
consumers.

Fujitsu suggests that the decline in data trust "must be countered,"
without really explaining whether this is likely when firms suffering
breaches seem to be able to ride out data crises with nothing worse than a
public rebuke and a fine from the Information Commissioner's Office (ICO).
It's as if the world has become simultaneously shocked by data insecurity
but also indifferent to the possibility of stopping it.

The firm ends by suggesting that organisations able to raise trust might
benefit from such an investment but is that so? Securing data won't make
any difference to the views of consumers as long as they feel insecure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.