What does the Unisys Security Index really tell us about consumer responses to a data breach?
I’m going to post a press release from Unisys with a warning: never confuse what consumers say they will do with what they actually do. I’ll meet you on the other side of the release:
Americans will go to great lengths to avoid identity theft, and many say they would take legal action against government or private organizations that compromise their personal data, according to new research conducted by Unisys Corporation (NYSE: UIS).
Results from the bi-annual Unisys Security Index, which surveys more than 1,000 Americans for consumer views on a wide range of security concerns, indicated that more than three-quarters of respondents would stop dealing with an organization entirely in the event of a security breach, underlining the need to better protect customers’ personal data shared electronically.
Nearly 90 percent of all survey respondents said they would take some sort of action in the event of a data breach, ranging from conservative solutions like changing their passwords (87 percent) to those with more serious commercial implications, such as closing their accounts (76 percent) or taking legal action (53 percent).
Organizations that ignore security concerns also face public perception risks. Nearly 65 percent of U.S. survey respondents said they’d publicly expose a company that allows a breach. And in a world where communities such as Facebook and Twitter provide the opportunity to instantly broadcast dissatisfaction to a broad audience, this threat seems more real than ever before.
The Unisys study also revealed that more than half of surveyed Americans are willing to provide biometric data to secure their identities. This includes a willingness to provide biometric data at security checkpoints at airports (59.6 percent); when conducting financial transactions with banking institutions (56.9 percent); and when receiving government benefits or other services (53.0 percent).
Still, only 21.3 percent were willing to give their biometric data to social media sites, suggesting a perception that either these entities were less careful with their data, or that the risk was simply not worth the reward.
“The latest results of the Unisys Security Index suggest that organizations face very real business and financial implications for security breaches,” said Steve Vinsik, vice president, enterprise security, Unisys. “Given recent highly publicized breaches that have exposed large amounts of sensitive data, the results should be a wake-up call for organizations to take more proactive measures to protect customer data.”
The new findings follow the results of the May 2011 Unisys Security Index, in which 70 percent of respondents reported they were seriously concerned about identity theft.
The Unisys Security Index found similar responses in 11 other countries where the survey was performed. For example, 82 percent of citizens surveyed in the United Kingdom said they would close their accounts with an organization responsible for a breach of their private data. In Mexico, 62 percent said they would publicly expose the issue, and 86 percent of Brazilians surveyed said they would take legal action.
About the Unisys Security Index
The Unisys Security Index is a bi-annual global study that provides insights into the attitudes of consumers on a wide range of security related issues. Lieberman Research Group conducted the survey in Latin America, Europe and the U.S.; Newspoll conducted the research in Asia-Pacific. The Unisys Security Index surveys more than 10,000 people in 12 countries: Australia, Belgium, Brazil, Colombia, Germany, Hong Kong, Mexico, the Netherlands, New Zealand, Spain, the United Kingdom and the United States. For more information, visit www.unisyssecurityindex.com.
Okay, now most readers of my blog have been reading dire warnings about churn and reputation harm for years. And now we have 76% reporting that they would stop doing business with a company? Seriously? No way. They may bluster and tell that to pollsters, and maybe they even believe they would do it, but I want to see a survey of those who received breach notifications that shows that 76% stopped doing business with the firm. Did 76% of Sony PSE users stop using Sony? No. Has 76% of ANY business’s or bank’s customer or client base left them following a breach? No. Think TJX. Think any big breach. That statistic just does not stack up to the reality of what we see following a breach.
It’s time to stop asking people what they would do and ask more people what they have actually done.
Carousel image credit: Greviere7
withheld - November 7, 2011
Agreed. One thing it shows is that we need better study designs in this area. Asking people what they would do in a certain scenario reveals very little about what they actually do. People naturally want to be perceived as careful and rational, so their survey answers portray them in a good light. Information privacy and security research needs its own Milgrim experiment.