Over the weekend, I was shopping in a popular high street store when I was asked for my email address to receive a receipt. Slightly taken aback, I declined and asked for a paper receipt instead. My decision was based largely on my desire to save time — if I gave out my email address, I would have had to spend time unsubscribing from emails later on. However, this decision also reflected something else: My personal information is valuable to me, and the fact that I like your jeans doesn’t necessarily mean I trust you with my data.

A day later, I was shopping again, this time on a handbag retailer’s online store. When I reached the checkout, I glanced up and noticed a warning in my browser’s web address bar. There was no lock symbol, meaning that my connection was not secure. I was in no particular hurry, so I went back to my search engine, found the store website again and finished my transaction when I was satisfied the connection was safe. However, if I had been busier, this could have meant a lost sale for the retailer.

Rising Consumer Expectations Around Data Security

My recent shopping experiences demonstrate a growing trend: Consumers are becoming more security-savvy and realizing that their data is valuable and needs protection, particularly due to recent news headlines detailing high-profile data breaches and emerging cybercrime trends. This means that retailers, in particular, need to up their data security game, especially given the perception that these companies are less secure than organizations in other sectors. According to IBM Security’s “Future of Identity Study,” only 19 percent of U.S. consumers, 23 percent of consumers in the European Union (EU) and 28 percent of consumers in Asia-Pacific (APAC) would trust a retail organization to protect their biometric data. A much larger portion of respondents — 42 percent, 44 percent and 57 percent in the U.S., EU and APAC, respectively — said they would trust financial institutions to properly house this data.

It’s possible that working in the security industry has made me particularly security-conscious and general consumers are less concerned with their online security, but the evidence suggests otherwise. The “Future of Identity” study noted that, of the respondents who said they had heard about a data breach, millennials were more likely than other generations to delete an account held by a breached service provider. In addition, 25 percent of millennials, as opposed to 21 percent of the general population, said they would stop using an app or service that had been compromised. This suggests that younger buyers are more concerned about data security — and more willing to take their business elsewhere if security expectations are not met.

The Risk of Reusing Passwords

Apart from age and the industry I work in, there is another factor that makes me more security-conscious than before: I have personally experienced the frustration of having an account compromised. A few months ago, I was getting on a train when I tried to open a music streaming service for which I pay monthly and discovered that I was unable to log in. After a couple of minutes of investigation, I opened my email inbox and found a message from the provider thanking me for changing my email address and password. Someone had taken over my account.

Though this provider hadn’t suffered a known data breach, it’s easy to see how my email address and password combination, which I unwisely used on multiple sites, could have been leaked elsewhere — a quick online search revealed that my email address had potentially been exposed in at least four data breaches. I was able to retrieve my account within a couple of hours thanks to the customer service team, but this experience made me even warier of giving out my personal data.

My experience is far from unique, and it is becoming more common. The “Future of Identity Study” revealed that 41 percent of millennials reuse passwords to access numerous accounts, meaning that one compromised password could give malicious actors access to multiple accounts. Consumers who have experienced this type of fraud are more likely to think carefully about the security of their personal data.

Data Security Is Key to the Customer Experience

Retailers can use data to create a simpler, more personalized customer experience, but they also need to protect this data to earn the trust of consumers. If they don’t, they risk missing out on would-be customers who wonder whether this enhanced user experience is really worth downloading a potentially insecure app, signing up for a new account or allowing the company to track everything they buy.

Read the complete IBM Study on The Future of Identity


More from Data Protection

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Addressing growing concerns about cybersecurity in manufacturing

4 min read - Manufacturing has become increasingly reliant on modern technology, including industrial control systems (ICS), Internet of Things (IoT) devices and operational technology (OT). While these innovations boost productivity and streamline operations, they’ve vastly expanded the cyberattack surface.According to the 2024 IBM Cost of a Data Breach report, the average total cost of a data breach in the industrial sector was $5.56 million. This reflects an 18% increase for the sector compared to 2023.Apparently, the data being stored in industrial control systems is…

3 proven use cases for AI in preventative cybersecurity

3 min read - IBM’s Cost of a Data Breach Report 2024 highlights a ground-breaking finding: The application of AI-powered automation in prevention has saved organizations an average of $2.2 million.Enterprises have been using AI for years in detection, investigation and response. However, as attack surfaces expand, security leaders must adopt a more proactive stance.Here are three ways how AI is helping to make that possible:1. Attack surface management: Proactive defense with AIIncreased complexity and interconnectedness are a growing headache for security teams, and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today