by Nicholas D. Evans

Which industries best safeguard your personal information? Security perceptions vs. reality

Opinion
Jun 30, 2015
Data and Information SecurityDigital TransformationInternet Security

When it comes to your personal information, which industries do you trust most, or least, with your data? How do some of the recent, highly publicized breaches such as those at Target, Home Depot and the Office of Personnel Management affect your opinion in terms of which industries are most vulnerable, and how does this compare to reality?

In the U.S., we might assume from the most recent wave of attacks that retailers and governments are among the biggest targets for hackers, and thus the biggest areas of risk for consumers and employees, but how do these perceptions stack up against what’s actually happening?

In terms of security perceptions, consumer opinion of the most or least trusted industries will likely be influenced by a number of other factors beyond media headlines. Those factors include:

  • Digital experience – The unique set of digital customer experiences we’ve accumulated within the particular industry and brands involved
  • Data sensitivity – The type of data we store, and its level of sensitivity, within the particular industry and brands
  • Industry regulations – The regulatory environment for the particular industry such as financial services, telecom or healthcare
  • Security & privacy safeguards – Our sense of how safely the security and privacy of our identity and data is protected within the particular industry and brands

All these perceptions, and many more, all go into how we as consumers may trust a particular industry or brand to safeguard our information.

To compare security perceptions versus reality, we’ll start by looking at the recent findings from the 2015 Unisys Security Insights Survey (disclaimer: I work for Unisys), which studied consumer perceptions, and then compare it with the findings from the annual Verizon 2015 Data Breach Investigations Report (DBIR), which reported on total numbers of incidents and the subset of incidents that experienced confirmed data loss.  There were seven industries in common across the two reports, so this analysis covers this specific set of industry examples.

In the Unisys study, which covered 12 countries and surveyed 11,244 consumers, the specific question asked of consumers was, “For each industry, how likely do you think it is that your personal information will be accessed by an unauthorized person either accidently or deliberately within the next 12 months?” The industries rated most likely to experience a data breach in the next year were telecom (59%), government (49%), banking (48%), utilities (45%), healthcare (42%), retailers (42%) and airlines (34%).

The Verizon report, in contrast, found that government experienced the largest number of data loss incidents (303), followed by banking (277) and retail (164). In terms of the least incidents, the leader was utilities (10), followed by airlines (22), telecom (95), and healthcare (141) from our set of seven focus industries. In total, the DBIR covered 79,790 incidents, affecting organizations in 61 countries, with 2,122 confirmed data breaches across 21 industries. There were 1,012 confirmed data breaches in the seven industries in common with the Unisys report.

The exhibit highlights some of the differences between the Verizon report (market reality) and the Unisys report (consumer perception) in terms of industry vulnerability from a global perspective.

evans security perception vs reality 06 30 15 Nicholas D. Evans

Differences: telecom and utilities

In terms of findings from the comparison, consumers in the Unisys survey rated telecom as the most likely industry where their data would be accessed by an unauthorized person, whereas in the Verizon DBIR the telcos rated fifth out of the seven industries in terms of the actual number of data loss incidents reported (95). The discrepancy here may be able to be explained by consumers’ fear of telcos snooping on their private conversations even if there was no data loss incident.

Another area of marked discrepancy was the utilities industry. Consumers in the Unisys survey rated utilities as the fourth most likely industry where their data would be accessed by unauthorized individuals (45%), although in the Verizon DBIR the utilities rated most safe out of the seven industries with only 10 data loss incidents reported.

Similarities: government, banking, healthcare and airlines

In terms of similarities, government and banking were rated by consumers in the Unisys survey as the second and third most likely industries where their data would be accessed by unauthorized individuals, and this correlated well with market reality of the Verizon DBIR in terms of actual data loss incidents where they were rated first and second, respectively.

Healthcare was rated in the Unisys survey as the fifth equal (tied with retailers) most likely industry where data would be accessed by unauthorized individuals, and this correlated well with the Verizon DBIR in terms of actual data loss incidents where the industry rated fourth of the seven industries within the comparison.

In addition, airlines were rated most safe among the set of industries by consumers in the Unisys survey and this corresponded well to their second place in the Verizon DBIR in terms of least data loss incidents reported (22). One of the reasons airlines scored so well, according to the Unisys survey results, was due to the fact that 19% of the respondents reported that the airlines didn’t hold their personal information.

Wild card: retail

Finally, in terms of retailers, the global comparison in the Unisys survey showed the retail industry tied for fifth place along with healthcare in terms of perception of unauthorized access, but the Verizon DBIR showed the retail industry in third place in terms of actual data loss incidents (164). Interestingly, in the U.S. alone, consumers in the Unisys survey rated retailers first in terms of most likely unauthorized access in the next 12 months, perhaps reflecting consumer awareness of the recent high-profile breaches in the industry.

Key takeaways

Overall, based on these two reports and the seven industries that the studies had in common, consumers appeared to be on the same page in terms of perception versus reality when it came to government, banking, airlines and healthcare. This was likely due to the fact that these industries were either perennial targets for cyberattacks (government), were highly regulated (banking and healthcare), or did not hold a lot of personal information when compared with other industries (airlines).

Where consumers differed in their perception versus market reality was in telcos and utilities. This was likely due to consumer sensitivity in terms of not just personal data loss arising from a security breach, but personal data exposure in the form of unauthorized access either accidentally or deliberately. In other words, consumers’ high sensitivity to interception of communications, particularly for telcos, raised their industry rankings for likelihood of unauthorized access even if the actual number of data loss incidents was low. Finally, utilities have a very low number of data loss incidents and just need to do more to promote this fact and raise awareness among consumers.

The lesson learned for corporations is to continue to share information with your customers about how you secure their personal information and safeguard their privacy. Even if your particular industry has a somewhat tarnished reputation from high-profile breeches, there’s a lot you can do to reassure your customers about the steps your particular brand has already taken.

One of the keys to success in digital business is in building trust with consumers and creating a win-win value proposition so when they share information with you, they get something in return. By enhancing efforts to secure their personal information and safeguard their privacy, you can build further trust and open the door for even more of these win-win scenarios.