pixel_dreams - Fotolia
One in five UK consumers have had personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach, a study has revealed.
As a result, 41% of consumers polled by business advisory firm Deloitte said they often feel they are being targeted by cyber criminals.
Two-fifths of respondents reported that personal data was stolen or deleted after their computers were infected with malware, up from 26% in 2013.
The research also showed that overall consumer awareness of data collection and storage by businesses has risen to 87% in 2015, up from 82% in 2013.
However, 53% do not know the detail of the personal data that has been collected by organisations, up from 37% in 2013. Similarly, just 23% of respondents are confident that companies are transparent when it comes to using personal data, down from 29% in 2014.
Three-quarters of respondents said they would reconsider using a company if it failed to keep their data safe. This was a far greater concern to consumers than a company charging a higher price than the competition for an equivalent level of service (51%), exploiting workers overseas (40%) and damaging the environment (35%).
Simon Borwick, director in the cyber risk services team at Deloitte, said the volume and value of data available online means that consumers are now more exposed than ever before.
“The rapid rise in e-commerce, both at a business-to-consumer and business-to-business level, has increased the amount of transactional data at risk of abuse. Consumer-facing businesses, particularly those that hold a lot of data, are particularly attractive targets for cyber criminals and fraudsters looking to profit from stealing personal information,” he said.
“Many organisations are struggling to prepare themselves to deal with the wide range of different cyber attacks. Cyber security has moved beyond simply being an IT issue; it is now a business-wide risk which requires immediate attention at the highest level.”
Read more about cyber fraud
- Fraudulent online purchases of airline tickets using stolen credit card data is the fastest growing type of fraud, resulting in estimated losses of €1bn to the airline industry
- Fighting cyber criminals is all about collecting and using data, according to RSA head of anti-fraud services Daniel Cohen
- Cyber crime is a top fraud concern for UK businesses, according to the latest EY Global Fraud Survey
More than two-thirds (72%) think it is the responsibility of companies to provide them with the tools they need to protect their privacy, security and identity.
Since 2013, there has been a significant increase in the number of consumers taking action following a security breach. The majority of respondents (76%) would conduct a security review after a cyber attack, up from 52% in 2013. More than half (56%) said they would reduce their online activity, up from 34% in 2013.
Borwick said organisations need to understand where their critical cyber assets are, as well as the impact of different assets being attacked.
“Line-of-business leaders must be central to developing this knowledge, which can be used to quickly identify where to focus investment in improving security, which can include patching weaknesses in their applications, encrypting sensitive data or tightening access control,” he said.
Ben Perkins, head of consumer business research at Deloitte, said: “Consumers have been very clear in their message to businesses and third-party organisations: data security is paramount.
“At the same time, consumers now have greater awareness of cyber crime and internet fraud and are, perhaps understandably, more distrustful of companies looking after their data. This leads to consumers not sharing as much information as they could when spending online.
“As we enter the height of the online retail season, with Black Friday and Cyber Monday set to break more records, consumers must remain vigilant and technologically savvy when it comes to protecting their personal information online,” said Perkins.
Read more about GDPR
- The European Parliament, Council and Commission finalise negotiations to enact the European Union General Data Protection Regulation
- European digital businesses say the GDPR text agreed by the EU Council of Ministers is a draconian, blunt-instrument that threatens to hobble online advertising
- With the European Commission's data protection rules set to drop before 2016, take a look at what the changes mean for the cloud and datacentre community
The survey data is included in the latest Deloitte consumer review, which also comments on the implications of proposed European Commission regulations around data protection and privacy.
The General Data Protection Regulation, which could come into effect in 2017, will aim to give more control to consumers in protecting their data. How consumers act on that new empowerment will crucially depend on the extent to which they trust the businesses they buy from, the review said.
According to Borwick, the coming European laws around data protection will aim to give more control to consumers over their own data.
“There is a clear window of opportunity for businesses to get ahead of the new regulations by implementing robust security measures. Not only will this help improve transparency, but it will also go a long way towards maintaining consumers’ trust and loyalty’,” he said.