A lot of our attention is focused on high-level security concerns, how big corporates are protecting themselves and how governments are responding to global cyber security threats and attacks. But what about the average man or woman in the street – the individuals who are increasingly banking, shopping and paying online? How do they feel about companies who hold their sensitive information online; do they trust them and are businesses aware of their responsibilities to their customers.
Information security and risk management company, Integralis, which recently published its Trust Survey into attitudes to online data security, has found that although people regularly shop, bank and pay online, they admit they do not trust the companies they do business with. ITProPortal spoke to Mick Ebsworth, Information Security Consulting Practice Director at Integralis, about the findings and the need for businesses to address a series lack of trust.
Q: Do consumers trust businesses to hold their information securely online?
Our Trust Survey found that consumers simply don't trust businesses to secure their personal information online. One in four respondents stated that they don't trust any organisation with their online personal information. In an age where we 'live' online - pay utility bills, update friends via social media and check our balance on our phone before a night out - such an intrinsic lack of trust by consumers in online operations that they come into contact with on a daily basis is significant. Companies have got a big job on their hands to address this issue.
Q: What types of business do people trust most when it comes to securing their personal details?
To our surprise, despite the financial crisis and banks having taken a hit in overall consumer confidence, 65 per cent of respondents stated that they did trust banks with their data online. This 'trust factor' dropped by nearly half for online retailers (36 per cent) and insurance companies (34 per cent) and by a massive two thirds for supermarkets to just 24 per cent. To put this statistics into context, 79 per cent of the people we spoke with bank online and over half order their food shopping online at least once a week, so its not like they are uncomfortable in, or new to, the online world.
Q: What are users most worried about online?
Overwhelmingly the biggest concern for people online was identify theft. Over three quarters were worried that this would be the outcome of their data not being sufficiently protected. Over half also worried about falling victim to email scams. It's not just online, customers are worried about smartphones and tablets too. Only one in ten believe them to be more secure than PCs and laptops.
Despite their mistrust of organisations, individuals aren't taking steps to protect themselves. Social networks topped the list of least trusted organisations, yet a third of social network users don't know how to change their privacy settings. This was the same for mobile users with over half admitting that they do not regularly update the security settings on their mobile phone.
Q: Despite these fears, are we sharing more personal information online and with more organisations?
Quite simply, the answer to this question is yes. Despite their fears and high levels of awareness about identity theft and email scams, it seems that convenience and habit overrides caution with most people happy to share information online regardless. We were blown away by the gap between usage and trust. For instance, whilst 88 per cent said that they used social networking sites, just 16 per cent trusted them with their data.
Q: If people are concerned about online security, are they taking measures to protect themselves?
Rightly or wrongly people are putting their faith in outdated security approaches such as such as self-set passwords over more stringent methods such as ID tokens of SSL padlocked entry to personal data. In addition, there was a big expectation gap between what they expected of organisations and their own actions. As I've already mentioned, a third of respondents don't know how to change the privacy settings on their social media profiles and the majority aren't proactive when it comes to protecting their mobile either. It is right that people expect organisations to protect their data, but we can all do our bit to help keep our data safe too.
Q: Are businesses taking consumer security concerns seriously enough?
The truth is that organisations have no alternative but to take data security very seriously indeed, not only to protect customers from themselves but also to safe guard their own confidential data, and ultimately, their reputation.
Protecting customers from their own carelessness has a key role to play in any security programme. Consumers expect speed and convenience; they find long-winded security processes onerous and frustrating. Some of the best exponents of light touch security - such as banks - will regularly remind customers how to protect themselves and keep themselves safe. For example they will remind them never to give security information via email. The question remains though whether businesses can to do more to build consumer confidence and trust to encourage users to be safer and more secure.
Q: What can companies do to help build consumer trust online?
As we increasingly play our lives out on the Internet, whether it is banking, shopping, payments of social networking, organisations need to build information security into the DNA of their organisation. And they need to demonstrate to customers the steps they are taking to safe guard their data. Perhaps they assume that it is a given that they are keeping it confidential, but the Trust Survey suggests that this isn't the case. Businesses need to show how security is at the heart of their online operations in order to build confidence and trust amongst existing customers, whilst at the same time attracting new ones.
Q: What are the risks for businesses that do not step up and take this seriously enough?
You could argue that the survey indicates that data security is pointless because consumers will use online channels regardless of their concerns. So, why not save money and leave the customer to live with the consequences?
This is a very blinkered approach and the reality is that organisations face huge fines for any loss of customer personal or financial data. If there was a breach, it impacts a company's reputation that it could have spent years establishing and it may take just as many years to recover from. Whilst consumers might claim not to trust anyone, they are the ones with the power here. They can move their business from a company that shows disregard for their personal privacy, often expressing their views very publicly through the very social media channels they claim not to trust.