One in five UK bank accounts hit by cybercrime
One in five UK consumers (21%) have had personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach, according to new research from business advisory firm Deloitte.
In the report, Consumer data under attack: the growing threat of cybercrime, Deloitte found that 41% of respondents in the consumer sector said they often feel they are being targeted by cyber criminals. Two-fifths (39%) had personal data stolen or deleted after having computers affected by a virus or malware, up from 26% in 2013.
“The volume and value of data available online means that consumers are now more exposed than ever before,” said Simon Borwick, director in the cyber risk services team at Deloitte. “The rapid rise in e-commerce, both at a B2C and B2B level, has increased the amount of transactional data at risk of abuse. Consumer-facing businesses, particularly those that hold a lot of data, are particularly attractive targets for cyber criminals and fraudsters looking to profit from stealing personal information.
“Many organisations are struggling to prepare themselves to deal with the wide range of different cyber attacks. Cyber security has moved beyond simply being an IT issue; it is now a business-wide risk which requires immediate attention at the highest level.”
The research also shows that overall consumer awareness of data collection and storage by businesses has risen to 87% this year, up from 82% in 2013. However, more than half (53%) do not know the detail of the personal data that has been collected by organisations, up from 37% in 2013. Similarly, just 23% of respondents are confident that companies are transparent when it comes to using personal data, down from 29% a year ago.
Three-quarters of respondents (73%) would reconsider using a company if it failed to keep their data safe. This was a far greater concern to consumers than a company charging a higher price than the competition for an equivalent level of service (51%), exploiting workers overseas (40%) and damaging the environment (35%).
Over two-thirds (72%) think it is the responsibility of companies to provide them with the tools they need to protect their privacy, security and identity. According to Deloitte, since 2013 there has been a significant increase in the number of consumers taking action following a security breach. The majority of respondents would conduct a security review after a cyber attack (76%, up from 52% in 2013), or reduce their online activity altogether (56%, up from 34% in 2013).
“Organisations need to understand where their critical cyber assets are, as well as the impact of different assets being attacked,” said Borwick. “Line-of-business leaders must be central to developing this knowledge, which can be used to quickly identify where to focus investment in improving security, which can include patching weaknesses in their applications, encrypting sensitive data or tightening access control.”
The report also points to the implications of proposed European Commission regulations around data protection and privacy. The General Data Protection Regulation, which could come into effect in 2017, will aim to give more control to consumers in protecting their data. How consumers act on that new empowerment will crucially depend on the extent to which they trust the businesses they buy from.
“New European laws around data protection will aim to give more control to consumers over their own data,” added Borwick. “There is a clear window of opportunity for businesses to get ahead of the new regulations by implementing robust security measures. Not only will this help improve transparency, but it will also go a long way towards maintaining consumers’ trust and loyalty.”
The survey of 1,500 consumers is included in the latest Deloitte Consumer Review.