How Data Misuse is Changing Customer Security Behavior

How Data Misuse is Changing Customer Security Behavior

October 22, 2019
Dustin Maxey
Director of Product Marketing

How much do your customers trust you to protect their personal information online—and do they hold you accountable when that data is misused?

The privacy and security of customer data is a peculiar beast. Businesses have meticulous strategies for ensuring data is protected, and individuals have strong opinions on how their data is managed. But time after time, a report of yet another data breach or privacy violation hits the news, and shortly thereafter—except in extreme cases like Cambridge Analytica—the issue fades away as if nothing had happened.

But are we really back to business as usual?


Ping Identity recently conducted a survey to look at what’s really happening with customer data, what businesses are doing to protect it and whether customers actually care about any of this. We’ve just released the results of the 2019 Consumer Survey: Trust And Accountability in the Era of Data Misuse, and the report sheds light on current customer sentiment toward privacy, security and the businesses they share their data with. 


What Customers Hold Companies Responsible For

One key issue we set out to illuminate was whether customers care about their data enough to take their strong opinions beyond happy hour chats with their friends and actually push back against the businesses that mistreat their data. 


As it turns out, they do. 


Of the people we surveyed, 81% of people would stop doing business with a brand online after a data breach. This is up slightly from 2018 (78%), and it includes the 25% of customers who would stop interacting with the brand entirely, not just on their digital properties.


And even when breaches or fraud aren’t the fault of the business, a majority of customers place blame on the company for not preventing the misuse from occurring. For instance, if a hacker grabs your logo and blasts thousands of emails to addresses amassed elsewhere, and the email links to a fake website that looks like your brand, at least a few recipients will enter their usernames and passwords. There really isn’t much you can do to prevent that sort of thing. 


Still, our survey data shows that 63% of those who clicked the fake link and entered their passwords will still hold you responsible.


This example shows that customers have very strict, often unrealistic expectations for brands to protect their data, and they’re willing to do something about it if they feel their data has been mistreated. 



The Customer Contradiction

Interestingly, the above data points seem to indicate a contradiction that exists with customers and their data. Customers as a whole do indeed care a lot about their data, so much so that they’re willing to take action against a business in the face of a breach or privacy violation. 


Yet droves of people still fall for phishing scams, decline to use multi-factor authentication (MFA) and fail to take good care of their data. Customers report that they care more about their data than convenience, but oftentimes they aren’t willing to sacrifice convenience for better data practices. Consider:


  • 43% do not maintain a unique and strong password for each account. 
  • 26% of people do not change their password for an online service immediately after that service provider has been hacked or breached.
  • 47% have shared their password to an eCommerce site or an entertainment service such as Netflix. 
  • Nearly one quarter (24%) of those who have shared entertainment or eCommerce passwords use the same password to access banking or email accounts. 


Let those last two statistics sink in for a minute: Together, they mean that roughly 11% of people out there are sharing their email and bank passwords in the name of saving a small amount of money per month on an entertainment or eCommerce service. If you’re a bank, those folks are likely to blame you if their friend decides to wire themselves money from your bank account. 


What Can Your Business Do?

Implementing good security practices, and particularly MFA, can help mitigate a large portion of these types of breaches. But because your customers demand convenience, they won’t settle for MFA that adds too much friction. For example, they aren’t going to carry a hard token or download a third-party MFA app. 


Instead, we recommend you take the following steps:


  1. Implement MFA that’s convenient for your customers. Busy customers don’t want to download an additional third-party MFA application. By embedding advanced MFA functionality directly into your own application, you can leverage unique device identifiers to become a secure, trusted device for that customer.
  2. Govern access to data while you strike a balance between security and convenience. Customers want greater control over how their data is used and shared. When you enforce consent and provide for granular data privacy preferences, you give customers authority over who can view their data and how it can be used.
  3. Comply with privacy regulations like CCPA and GDPR. Increasingly, businesses must follow multiple customer data protection regulations. And that’s good news for both you and your customers, because stronger data protection rules mean people have more control over their personal data and businesses benefit from a level playing field.


Doing these things will make you a good steward of your customer data. There may still be situations where customers will blame you when they fall victim to a phishing scam, but ensuring that your business has a good privacy and security posture will help mitigate your risk of breach, privacy violations and lost customer loyalty and trust. 


To learn more and to get your complimentary copy of the full report, please download the “Ping Identity 2019 Consumer Survey: Trust and Accountability in the Era of Data Misuse.”