Bank security on top in consumer information security trust survey

More than half of respondents indicated they trusted financial institutions with their personal data, with students being the most trusting overall.

Financial institutions come out well because people see them bringing in controls and extra security when interacting with them. The public sector has come out rather lower because of the high-profile breaches that have occurred.

Siân John, security strategist, Symantec

Despite the economic turmoil of the last three years, the banks still retain public trust when it comes to looking after personal information, according to a new consumer information security attitude survey conducted by research group YouGov. By contrast, the public sector and online retailers are trusted by fewer people.

The research, which was sponsored by Symantec, asked 2,315 UK adults to give a trust score of between one and seven to a range of industry sectors, depending on how much they trusted organisations with their personal information. Sectors included financial services, online retail, public sector, online communities, publishing and gaming.

Overall, 55% of people scored banks and building societies at five or more, and 10% gave them a top score of seven. The public sector was trusted by 48% of people, although 28% scored the public sector at three or less. Online retailers were trusted by 43% of respondents, while 32% of respondents gave them a score of three or less.

Other industry sectors – online communities, publishing and online gaming – fared far worse; all were trusted by fewer than 15% of respondents.

The findings also uncovered some variations in trust according to gender, age and region. Young men living in the Northwest emerged as the most trusting of all, while those aged between 35 and 44 years old, living in the Southwest, tended to be the least trusting.

Work status also seemed to affect the level of trust, with 44% of students and 32.5% of workers saying they trusted all organisations. The figure was lower (29%) for the retired, and even lower (26.8%) for the unemployed.

Siân John, a security strategist at Symantec Corp., said the figures reflected greater public awareness of security breaches, especially in the public sector, which is obliged to disclose any losses of personal information. “Financial institutions come out well because people see them bringing in controls and extra security when interacting with them,” she said. “The public sector has come out rather lower because of the high-profile breaches that have occurred. Some of the other industries in the report have also had high-profile breaches in the last year, and that has obviously affected the response.”

Symantec conducted similar research in Germany and Austria in July, where the public sector registered the highest level of trust, ahead of the private sector. As in the UK, younger people were more trusting than the older generation. 

“The research shows that people take notice of which brands are making an effort to boost security,” John said. “This survey is intended to show what the perception is, and then to look at how we can help to rebuild trust.”

John said it was useful for industries to know how well they are viewed in order to understand where they need to make improvements. “For example, security-conscious online retailers can look at how to differentiate themselves so they don’t get dragged down by the general opinion of their sector,” she said. 

One company that specialises in managing online reputations is Bournemouth-based Kwikchex. Co-founder Chris Emmins said Internet-based consumer forums can be damaging to companies and their reputations, even if the companies are security conscious. “Everybody, including competitors and the odd disgruntled customer, gets on the forum,” he said. “Comments can get into Google searches very quickly, and the reputation of an online business can be smashed in a day or two. The number of complaints may be a tiny proportion of their total business, but it may be enough to wreck an online profile.”

He said many smaller online retailers are naïve, and often fail to comply with basic legal requirements on their websites – such as having a contact email address, and the company’s registration number – and do not understand the dangers of handling credit card details.

The Symantec Trust Index will be updated next year, John said, in order to track trends. At the moment, the public sector and the telecommunications industries are obliged to disclose security breaches, but there is a widely held expectation that EU legislation will be brought in to extend that obligation to the rest of the private sector.

For instance, in July, Viviane Reding, vice president of the European Commission, warned in a speech to the British Bankers Association that she planned to introduce a requirement that banks notify if they suffer a data security breach, despite the banks’ objection that it would impose an additional administrative burden.

Read more on IT risk management