Over the weekend, I was shopping in a popular high street store when I was asked for my email address to receive a receipt. Slightly taken aback, I declined and asked for a paper receipt instead. My decision was based largely on my desire to save time — if I gave out my email address, I would have had to spend time unsubscribing from emails later on. However, this decision also reflected something else: My personal information is valuable to me, and the fact that I like your jeans doesn’t necessarily mean I trust you with my data.

A day later, I was shopping again, this time on a handbag retailer’s online store. When I reached the checkout, I glanced up and noticed a warning in my browser’s web address bar. There was no lock symbol, meaning that my connection was not secure. I was in no particular hurry, so I went back to my search engine, found the store website again and finished my transaction when I was satisfied the connection was safe. However, if I had been busier, this could have meant a lost sale for the retailer.

Rising Consumer Expectations Around Data Security

My recent shopping experiences demonstrate a growing trend: Consumers are becoming more security-savvy and realizing that their data is valuable and needs protection, particularly due to recent news headlines detailing high-profile data breaches and emerging cybercrime trends. This means that retailers, in particular, need to up their data security game, especially given the perception that these companies are less secure than organizations in other sectors. According to IBM Security’s “Future of Identity Study,” only 19 percent of U.S. consumers, 23 percent of consumers in the European Union (EU) and 28 percent of consumers in Asia-Pacific (APAC) would trust a retail organization to protect their biometric data. A much larger portion of respondents — 42 percent, 44 percent and 57 percent in the U.S., EU and APAC, respectively — said they would trust financial institutions to properly house this data.

It’s possible that working in the security industry has made me particularly security-conscious and general consumers are less concerned with their online security, but the evidence suggests otherwise. The “Future of Identity” study noted that, of the respondents who said they had heard about a data breach, millennials were more likely than other generations to delete an account held by a breached service provider. In addition, 25 percent of millennials, as opposed to 21 percent of the general population, said they would stop using an app or service that had been compromised. This suggests that younger buyers are more concerned about data security — and more willing to take their business elsewhere if security expectations are not met.

The Risk of Reusing Passwords

Apart from age and the industry I work in, there is another factor that makes me more security-conscious than before: I have personally experienced the frustration of having an account compromised. A few months ago, I was getting on a train when I tried to open a music streaming service for which I pay monthly and discovered that I was unable to log in. After a couple of minutes of investigation, I opened my email inbox and found a message from the provider thanking me for changing my email address and password. Someone had taken over my account.

Though this provider hadn’t suffered a known data breach, it’s easy to see how my email address and password combination, which I unwisely used on multiple sites, could have been leaked elsewhere — a quick online search revealed that my email address had potentially been exposed in at least four data breaches. I was able to retrieve my account within a couple of hours thanks to the customer service team, but this experience made me even warier of giving out my personal data.

My experience is far from unique, and it is becoming more common. The “Future of Identity Study” revealed that 41 percent of millennials reuse passwords to access numerous accounts, meaning that one compromised password could give malicious actors access to multiple accounts. Consumers who have experienced this type of fraud are more likely to think carefully about the security of their personal data.

Data Security Is Key to the Customer Experience

Retailers can use data to create a simpler, more personalized customer experience, but they also need to protect this data to earn the trust of consumers. If they don’t, they risk missing out on would-be customers who wonder whether this enhanced user experience is really worth downloading a potentially insecure app, signing up for a new account or allowing the company to track everything they buy.

Read the complete IBM Study on The Future of Identity


More from Data Protection

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Preparing for the future of data privacy

4 min read - The focus on data privacy started to quickly shift beyond compliance in recent years and is expected to move even faster in the near future. Not surprisingly, the Thomson Reuters Risk & Compliance Survey Report found that 82% of respondents cited data and cybersecurity concerns as their organization’s greatest risk. However, the majority of organizations noticed a recent shift: that their organization has been moving from compliance as a “check the box” task to a strategic function.With this evolution in…

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today