Security Breaches Seen as Criminally Negligent by Consumers

The HyTrust survey found more than one-third said they believe the worst piece of information to be compromised is their Social Security number (SSN).

IT security and identity theft

More than half of all consumers in a HyTrust survey said they would take their business elsewhere after a breach that compromises personal information, including address, Social Security number, and credit card details, indicating major corporations are going to pay an even higher price when customers’ information is compromised.

A similar number of survey respondents, 45.6 percent, say the companies involved should be considered criminally negligent the moment a breach occurs, with the majority also believing that all officers of a company should be held responsible.

In addition, more than one-third (34.2 percent) said they believe the worst piece of information to be compromised is the Social Security number (SSN).

"The most surprising result was the percent of consumers that believe companies should be held criminally negligent the moment a breach occurs. Further, they want all officers of a company held accountable," Eric Chiu, president and co-founder of HyTrust, told eWEEK. "This is a good indication that consumers are frustrated, perhaps even angry, that breaches like this continue to happen so often and on such a large-scale basis; they’re tired of companies not doing enough, and perhaps not even caring enough, and feeling like they're essentially playing Russian roulette with their private information."

Higher earners are more concerned about their SSNs, with 36.5 percent of those making $50,000-$74,000 citing this potential theft as most serious, while that falls to 22.8 percent among those making $24,000 or less.

"Social Security numbers are a key piece of information that can be used to steal a person’s identity. Thieves can open credit cards and bank accounts and rack up charges--all in your name--obtain bank loans and not pay off the debt, commit phone or utilities fraud and worse, and even begin an entirely new life using your ID," Chiu said. "This is the ultimate threat to consumers because it can ruin their finances and have serious, long-term impacts on their lives."

Meanwhile, women (17.9 percent) are twice as likely as men (9.6 percent) to worry about the loss of family photos and mementos.

When asked who in particular should be held ultimately accountable for failures in information security, 19.7 percent of respondents don’t make a distinction between executives with varying responsibilities, pointing the finger at all officers of a company.

However, men and women ages 25-34 identify chief security officers (CSOs) as most responsible, while those in the 45-54 age bracket go easiest on them.

While 51 percent of respondents overall say they will take their business elsewhere following a data breach, that number jumps to 60.2 percent among consumers in the 35-44 age range.

That finding, which focuses on a key demographic, should give retailers and other potential targets significant cause for concern, the report said.

Most consumers (45.6 percent) blame the companies involved the moment a data breach occurs, while only 12 percent withhold condemnation until it happens more than once.

Additionally, this finger-pointing increases with age, with 34 percent of 25-34 year olds laying immediate blame verses 51 percent of those 65 and over.

However, the report also revealed that the more consumers make, the more forgiving they tend to be; the top answer for those making $150,000 or more shifted to "when it happens more than once."

"Consumers need to take security into their own hands. They need to be careful about what information they provide to anyone, anywhere, in the first place—both online in social networks and with e-tailers and service providers, and offline when shopping, visiting the doctor, et cetera," Chiu said. "In addition, everyone should be using strong passwords and changing them frequently, as well as monitoring their financial accounts to check for potentially fraudulent activity."