Data Breaches and

Customer Loyalty 2017

Majority of consumers would stop doing business
with companies following a data breach
Consumers are evidently happy to relinquish
the responsibility of protecting their data to a
business, but are expecting it to be kept secure
without any effort on their part. In the face of
upcoming data regulations such as GDPR, its
now up to businesses to ensure they are forcing
security protocols on their customers to keep
data secure. Its no longer enough to offer these
solutions as an option. These protocols must be
mandatory from the start otherwise businesses
will face not only financial consequences, but
also legal action from consumers.
The majority (70%) of consumers would stop
doing business with a company if it experienced a
data breach, according to a survey of more than
10,000 consumers worldwide. In addition, seven
in ten consumers (69%) feel businesses dont
take the security of customer data very seriously.
Despite these concerns, the Gemalto study found
that consumers are failing to adequately secure
themselves, with over half (56%) still using the
same password for multiple online accounts.
Even when businesses offer robust security
solutions, such as two-factor authentication,
two fifths (41%) of consumers admit to not using
the technology to secure social media accounts,
leaving them vulnerable to data breaches.
This may be because the majority of consumers
(62%) believe the business holding their data is
mostly responsible for its security. Its resulting
in businesses being forced to take additional
steps to protect consumers and enforce robust
security measures, as well as educate them on
the benefits of adopting these. Retailers (61%),
banks (59%) and social media sites (58%) were
found to have a lot of work to do, with these
being sectors that consumers would leave if they
suffered a breach.
PART 1
Consumer and organizations
security measures to
prevent breaches
Consumer and organizations security measures to
prevent breaches
On average, surveyed consumers feel that around two Consumers believe that organizations should have this
thirds (67.79%) of the responsibility for protecting and responsibility, but that organizations are not taking this
securing customer data falls on to the company, rather seriously enough.
than the customer (Fig 1).

But, only just over a quarter (27%) of respondents feel that

companies take the protection and security of customer
data very seriously (Fig 2).

34
19 27
33
48
67 Very seriously

Fairly seriously

Not very seriously

...the company
Not at all seriously
...the customer
I dont know
Fig 1
Analysis of the average percentage of responsibility for Fig 2
protecting and securing customer data that respondents How seriously do you feel companies take the protection
feel falls on to the above and security of customer data?
Providing organizations
feedback I would like
The majority (82%) of surveyed consumers would like
organizations to have greater online security (Fig 3), this
organizations
to have greater 82%
AGREE
is likely to be amplified by the fact that only the minority security online
think that organizations take this very seriously (Fig 2).

The vast majority (87%) of respondents have either

Fig 3
already provided organizations with feedback on what
Analysis of respondents who agree with the
security methods they are offering (34%), have considered
above statement
it in the past (19%) or are likely to consider doing so in the
future (33%) (Fig 4).

Organizations can anticipate an increase in the proportion

of customers who are likely to contact them about the
security methods that they offer in the future.

Fig 4
Have you ever provided organizations with feedback on
what security methods they are offering/using? 33

19
15 13
8 11

Yes, all Yes, Yes, once No, but No, but No, I
the time occasionally or twice I have I might have never
considered it consider it considered it
in the future
The use of two-factor authentication
Of the surveyed consumers that use online retail accounts,
it is only around three in ten (28%) who say that all of the
online retail apps/websites that they use require two-
factor authentication to secure online transactions (Fig 5).
This suggests that the majority of online retailers do not
require this level of authentication, and may be why so few
consumers believe that security is taken very seriously by
organizations (Fig 2).
78% use online retail accounts
24 28
48
Yes, all of the online retail apps/websites I use do
Yes, some of the online retail apps/websites I use do
Yes, none of the online retail apps/websites I use do
Fig 5
Do the online retail apps/websites you use (e.g. Amazon,
Ebooker, Expedia etc.) require two-factor authentication
to secure online transactions?
Of those who actively use social media accounts, only
around a quarter (27%) use two-factor authentication to
secure all of their social media accounts (Fig 6), despite
almost all social media platforms offering it. This suggests
that consumers may not realize that organizations are
offering this type of security method, or choose not to use it.
81% use social media accounts
27
41
32
Yes, for all of my social media accounts
Yes, for some of my social media accounts
No, I dont for any of my social media accounts
Fig 6
How seriously do you feel companies take the protection
and security of customer data?
Consumer passwords
The proportion not using the same password for any
accounts has decreased, 46% in 2015, 47% in 2016 and
now 44% in 2017. Are consumers becoming more careless
with their passwords?

One in seven (14%) consumers admit that they use the

same password for all of their accounts.

The majority of consumers are putting themselves at risk

by using the same password for multiple accounts. If a

14
password was hacked from one account, it would likely
give the hacker access to a number of different online

44
spaces for the individual.

The majority (56%) use the same password

for multiple accounts

42
Yes, for all of my accounts

Yes, for some of my accounts

No, I do not use the same password for any of my accounts

Fig 7
Do you tend to use the same password across all of your
accounts? (bank, online retail accounts and social media
accounts)
PART 2
Falling victim to a
breach past, present
and future
Consumers having their
data or identity stolen
I am worried that at
Two thirds (67%) of surveyed consumers are worried that
their online personal information will be stolen at some
point (Fig 8).
some point my online
personal information 67%
AGREE
will be stolen
This should be even more of a concern for consumers who
use the same password across multiple accounts as more
will be at risk (Fig 7).
Fig 8
Analysis of respondents who agree with the
Passwords Respondents who use the same passwords
above statement
for all accounts are the most likely to strongly agree with
this statement (33% do).

Fraudulent use of your Personal Identifiable Information (PII)

17 18
Fraudulent use of your financial information

25 9
Identity theft

15 14
Yes

Dont know

Fig 9
Have you been a victim of the following?
Reasons why consumers
44
Visiting a fraudulent website

have been a victim

42
Phishing
The most likely reasons why consumers have been a
victim of a breach include visiting a fraudulent website
(44%), phishing (42%) or clicking on a fraudulent web link

42
Clicking a fraudulent web link
(42%).

37
With no clear majority, there are many different causes of Downloading an attachment from an email
a consumer falling victim to a breach, which could be why
so many are worried it will happen to them at some point

30
(Fig 8). Failure of an organisations security solutions

Three likely causes of a breach,

29
Stolen wallet
on average

29
Downloading an application

28
Receiving a scam phone call

26
Skimming

3
Another form of breach

9
I dont know

Fig 10
Which of the following are the most likely causes for you
being a victim of a breach?
Taking legal action following a personal information breach
Nearly half (49%) of surveyed consumers who have been
a victim of a breach either have (31%) or are considering I did it out of principle - I would take legal action

44
regardless of what was exposed
(18%) taking legal action against any of the parties involved
in exposing/taking the personal information (Fig 11).

35
It was such negligence that I felt I had to take action
Of those who already have taken legal action, around half
(49%) of them say that they did this out of principle, and
that they would do it regardless of what was exposed.

27
I have previously taken legal action so I knew how to
More than a quarter (27%) of them have taken legal action
previously too (Fig 12).
Friends / family have previously taken action so I

19
Organizations need to be aware that they could face a legal knew I could too
battle with their customers if they suffer a breach.

18
There was media hype which spurred me to take action

It was worth the risk as I would not lose out financially

14
by taking legal action

31 I was approached by a third party to help me

51
13
take legal action

3
I cannot remember

18
Fig 12
What prompted you to take legal action against any of
the parties involved in exposing/taking your personal
information?

Yes

No, but I am considering it

No, and I am not considering doing so

Fig 11
Have you taken legal action against any of the parties
involved in exposing/taking your personal information?
Likelihood of being a victim
in the future
Surveyed consumers in 2017 are more likely (37%) to
believe that they could be a victim of a breach at any time,
compared to those surveyed in 2016 (35%) and 2015 (27%)
(figure 13).

Almost three in five (58%) consumers believe that the

threat to their personal information increases during
a high profile commercial event (such as Black Friday,
3
14
Amazon Prime Day or Christmas) (figure 14).

58
This suggests that consumers concerns are on the rise

25
and that they believe that they are more likely to fall
victim of a breach on a high profile commercial event.

67 51
49
The threat increases

There is no change to the threat

The threat is reduced

I dont know

Fig 14
How much does the threat to your personal information
change during a high profile commercial event (e.g. Black
Friday, Amazon Prime Day and Christmas)?

2017 total 2016 total 2015 total

Fig 13
Analysis of consumers who believe that they are likely to
be a victim of a breach at any time
Future legal action
Despite only around half of those who have been a victim
taking, or considering taking, legal action (figure 11) the
majority (59%) of all surveyed consumers say that they

7
would take legal action if it happened to them.

Around a further third (34%) of consumers say that

they would consider taking legal action in the event of a
breach being experienced that exposed their personal
information.

34
59
Companies could face more legal battles with consumers
if they do not have the right security in place to protect
their customers data.

I would take legal action

I would consider taking legal action

I would not take legal action and would not consider

doing so

Fig 15
If in the future you were a victim of a breach, would
you take/consider taking legal action against any of the
parties involved in exposing your personal information?
PART 3
Where are the risks
to consumers?
Where the most risk
comes from
Around six in ten (58%) feel that social
media is the greatest risk

This is despite most social media sites offering two-factor

authentication, and only the minority using this service
(Fig 6). However, the concern could be more around the
information that they share on their social media accounts
getting into the wrong hands.

Just over four in ten (41%) surveyed consumers believe

that banking poses the greatest risk.

58
Social media

41
Banking

39
Adult content sites

Torrent sites (sites enabling user to download content)

37
31
Online retail websites

28
Online streaming services

23
Website search services

20
Travel companies

11
News and information services

1
Other apps/ websites

9
There are not any apps/websites that pose the greatest risk

Fig 16
Which apps/websites do you feel expose you to the
greatest risk in the protection and security of your
personal information?
Who consumers trust the My bank

most 33
Consumers are most likely (33%) to trust Industry certification bodies

12
their bank

However, even more believe that banking exposes them

to the greatest risk when it comes to the security of their A device manufacturer
personal data (figure 16).
11
Just over one in five (21%) do not know who to trust,
The government
suggesting that they perhaps trust no-one.

Will consumers use organizations that have suffered a

10
breach? My mobile network operator

8
An online retailer

4
Other

2
Dont know

21
Fig 17
Who do you trust the most to guarantee the security of
your personal data that it holds about you?
The threat to businesses
Two thirds (67%) of surveyed consumers would be unlikely
to do business with a company again where financial and
sensitive information were stolen. This is also the case for
around half of respondents where only passwords were
stolen (51%) or where only non-financial information were
stolen (49%) (figure 18).
Around six in ten respondents admit that they would stop
using a retailer (61%), bank (59%) or social media site
(58%) if it suffered an online breach (figure 19).
Not only could organizations anticipate legal action being
taken against them (figure 15), they are also likely to lose
customers if they experience a breach.

61
...where financial and sensitive information were stolen

67 59 58
...where only passwords were stolen

51
...where only non-financial information were stolen

49
Fig 18 I would stop I would stop I would stop
Analysis of those that say they are unlikely for: How likely shopping with a banking with a using a social
would you be to shop or do business again with a company retailer if it bank if it media site if
(retail, financial, healthcare) that had experienced a suffered an suffered an it suffered an
online breach online breach online breach
breach..."

Fig 19
Who do you trust the most to guarantee the security of
your personal data that it holds about you?
Consumers Trust Some Industries More Than Others
When it comes to the businesses that consumers trust least, over
half (58%) believe that social media sites are one of the biggest
threats to their data, with one in five (20%) fearful of travel sites
worryingly, one in 10 (9%) think no sites pose a risk to them.

On the other hand, a third (33%) of consumers trust banks the

most with their personal data, despite them being frequent
targets and victims of data breaches, while industry certified
bodies (12%), device manufacturers (11%) and the government
(10%) next on the list.

Its astonishing that consumers are now putting their own data at
risk, by failing to use these measures, despite growing concerns
around their security. Its resulting in an alarming amount of
breaches 80% being caused by weak or previously stolen
credentials. Something has to change soon on both the business
and consumer sides or this is only going to get worse.
Demographics
Age
22
10,500 adult consumers were interviewed by
Vanson Bourne. 22
1586 1518
All of those surveyed actively use online/mobile banking,
social media accounts or online retail accounts.

1586 1518
Country
1719 1913
US
2000 1719 1913
1000 1833 1909
UK

France

1000 1833 1909

1000
Germany
18-24 years old 55-64 years old

25-34 years old 65 years old and above

1000
India 18-24 years old 55-64 years old
35-44 years old Prefer not to say
25-34 years old 65 years old and above

1000
Japan 45-54 years old
35-44 years old Prefer not to say

45-54 years old

1000
Australia

Gender
1000
Brazil

BeNe

500 25
25
500
Middle East

South Africa
500 5196 5279
5196 5279

Male

Female
Male
Prefer not to say
Female

Prefer not to say

 Gemalto offers one of the most complete portfolios of enterprise
security solutions in the world, enabling its customers to enjoy
industry-leading protection of digital identities, transactions,
payments, and data from the edge to the core. Gemaltos portfolio

Gemalto 2017. All rights reserved. Gemalto, the Gemalto logo, are trademarks and service marks of Gemalto and are registered in certain countries. eB (EN)-date - 22Nov2017 - Design: RM
of SafeNet Identity and Data Protection solutions enable enterprises
across many verticals, including major financial institutions and
governments, to take a data-centric approach to security by utilizing
innovative encryption methods, best-in-class crypto management
techniques, and strong authentication and identity management
solutions to protect what matters, where it matters. Through these
solutions, Gemalto helps organizations achieve compliance with
stringent data privacy regulations and ensure that sensitive corporate
assets, customer information, and digital transactions are safe from
exposure and manipulation in order to protect customer trust in an
increasingly digital world.

GEMALTO.COM