Data breaches are an all too common occurrence, with organizations big and small falling victim to attackers. And the impact of a data breach is not just the loss of data; a breach could lead to the loss of customer loyalty as well.
According to the Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era, 78 percent of consumers reported they would stop engaging with a brand online after a data breach. The eight-page report, released on Nov. 7, surveyed 3,264 adults in the United States, United Kingdom, France and Germany to get their views on the impact of data breaches.
"We were most surprised to learn the extent of consumers who would stop engaging with a brand following a data breach," Sarah Squire, senior technical architect at Ping Identity, told eWEEK. "This shows how seriously consumers respond to the idea of their personal data being compromised."
The study also found that 49 percent of respondents would not sign up for or use an online service that had recently reported a data breach. Squire added that to stay on consumers’ good side and ensure compliance with industry regulations and best practices, companies should be upfront about what they know about a breach or privacy incident as soon as they know it.
"Transparency is key, especially in the immediate aftermath of a breach," she said. "The slower the company is to report an incident affecting customer data, the higher the risk of losing customer trust and business."
To be clear, Squire said there is a difference between losing a customer outright and having that customer stop engaging online.
"Customers who engage with brands online become influencers and ambassadors for that brand, spreading its content to their friends and followers," she said. "I suspect that one of the key ways in which users are less likely to engage with brands is how they share personal information—information that would otherwise help companies market to the demographic of that person and their friends, who might not be brand customers yet."
Confidence overall in how online services and applications secure user information is somewhat mixed. Only 27 percent of those aged 55 and older noted that they felt confident or very confident about the security of the online services and applications they use. In contrast, 53 percent of those under the age of 35 were confident about security.
The report also notes that 47 percent of respondents have made changes to the way they secure data as a result of a breach. Squire said that Ping Identity didn't ask the survey respondents directly what they are doing. However, she added that broadly speaking, Ping Identity has noticed that more consumers are refusing to send their personal information over email—smartly insisting that their health care providers, accountants and employers use secure online portals to collect data.
"We're also seeing more consumers double checking the URL bar in the browser to make sure the site they are entering information into is legitimate and not a phishing site," she said.
Seventy percent of respondents indicated that username and password remain their primary sign-in method. Only 13 percent of respondents reported that they use a social networking site sign-in as their primary method of logging into sites and online services.
While the majority of individuals are using usernames as their primary authentication method, 51 percent noted that in their view, biometric authentication options including thumbprint and facial recognition are more secure than usernames and passwords.
Paying for Security
The report found that more than half of respondents aren't willing to pay for added security from application and service providers. Yet, 59 percent of respondents said they prioritized the protection of data when interacting with an app.
"Our data indicates that, as with many things in capitalism, this is going to be a competition for the survival of the fittest," Squire said.
Organizations should know exactly what customer data is being managed and where it is hosted, she said. She added that online applications and services should implement the right precautions to ensure privacy and they need to think through all the potential ways it could leak and make sure they have processes and tools in place to protect against such leaks.
"If an enterprise can’t afford to do all of these things, then they should come up with a business plan that doesn’t require them to hold customer information," she said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.