Over the weekend, I was shopping in a popular high street store when I was asked for my email address to receive a receipt. Slightly taken aback, I declined and asked for a paper receipt instead. My decision was based largely on my desire to save time — if I gave out my email address, I would have had to spend time unsubscribing from emails later on. However, this decision also reflected something else: My personal information is valuable to me, and the fact that I like your jeans doesn’t necessarily mean I trust you with my data.

A day later, I was shopping again, this time on a handbag retailer’s online store. When I reached the checkout, I glanced up and noticed a warning in my browser’s web address bar. There was no lock symbol, meaning that my connection was not secure. I was in no particular hurry, so I went back to my search engine, found the store website again and finished my transaction when I was satisfied the connection was safe. However, if I had been busier, this could have meant a lost sale for the retailer.

Rising Consumer Expectations Around Data Security

My recent shopping experiences demonstrate a growing trend: Consumers are becoming more security-savvy and realizing that their data is valuable and needs protection, particularly due to recent news headlines detailing high-profile data breaches and emerging cybercrime trends. This means that retailers, in particular, need to up their data security game, especially given the perception that these companies are less secure than organizations in other sectors. According to IBM Security’s “Future of Identity Study,” only 19 percent of U.S. consumers, 23 percent of consumers in the European Union (EU) and 28 percent of consumers in Asia-Pacific (APAC) would trust a retail organization to protect their biometric data. A much larger portion of respondents — 42 percent, 44 percent and 57 percent in the U.S., EU and APAC, respectively — said they would trust financial institutions to properly house this data.

It’s possible that working in the security industry has made me particularly security-conscious and general consumers are less concerned with their online security, but the evidence suggests otherwise. The “Future of Identity” study noted that, of the respondents who said they had heard about a data breach, millennials were more likely than other generations to delete an account held by a breached service provider. In addition, 25 percent of millennials, as opposed to 21 percent of the general population, said they would stop using an app or service that had been compromised. This suggests that younger buyers are more concerned about data security — and more willing to take their business elsewhere if security expectations are not met.

The Risk of Reusing Passwords

Apart from age and the industry I work in, there is another factor that makes me more security-conscious than before: I have personally experienced the frustration of having an account compromised. A few months ago, I was getting on a train when I tried to open a music streaming service for which I pay monthly and discovered that I was unable to log in. After a couple of minutes of investigation, I opened my email inbox and found a message from the provider thanking me for changing my email address and password. Someone had taken over my account.

Though this provider hadn’t suffered a known data breach, it’s easy to see how my email address and password combination, which I unwisely used on multiple sites, could have been leaked elsewhere — a quick online search revealed that my email address had potentially been exposed in at least four data breaches. I was able to retrieve my account within a couple of hours thanks to the customer service team, but this experience made me even warier of giving out my personal data.

My experience is far from unique, and it is becoming more common. The “Future of Identity Study” revealed that 41 percent of millennials reuse passwords to access numerous accounts, meaning that one compromised password could give malicious actors access to multiple accounts. Consumers who have experienced this type of fraud are more likely to think carefully about the security of their personal data.

Data Security Is Key to the Customer Experience

Retailers can use data to create a simpler, more personalized customer experience, but they also need to protect this data to earn the trust of consumers. If they don’t, they risk missing out on would-be customers who wonder whether this enhanced user experience is really worth downloading a potentially insecure app, signing up for a new account or allowing the company to track everything they buy.

Read the complete IBM Study on The Future of Identity


More from Data Protection

Communication platforms play a major role in data breach risks

4 min read - Every online activity or task brings at least some level of cybersecurity risk, but some have more risk than others. Kiteworks Sensitive Content Communications Report found that this is especially true when it comes to using communication tools.When it comes to cybersecurity, communicating means more than just talking to another person; it includes any activity where you are transferring data from one point online to another. Companies use a wide range of different types of tools to communicate, including email,…

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today