Santa Clara, CA — Centrify, the leader in securing enterprise identities against cyberthreats, today released findings from a research study that examined consumer attitudes toward corporate hacking, including how likely consumers are to continue transacting with a company after a cyberattack and the degree to which they hold businesses responsible for these breaches.
The online study, commissioned by Centrify, found that 66 percent of adults in the U.S. are at least somewhat likely to stop doing business with a company that has suffered a cyberbreach. That number is even higher in the U.K., where 75 percent said they are somewhat likely to stop doing business after a hack.
The study, which surveyed 2,400 people across the U.S., U.K. and Germany, also found that most consumers believe that the burden of responsibility for hacks rests almost entirely on the businesses. About two-thirds in each country rated corporations as a nine or 10 on a 10-point scale in terms of how responsible they should be for preventing hacks and securing the personal information of their customers. What’s more, many adults are extremely likely to hold corporations fully accountable, with significant percentages saying that corporations are not taking enough responsibility when they do get hacked (41 percent in the U.S., 50 percent in the U.K., 38 percent in Germany).
To some degree, most adults accept hacking as inevitable. About three-quarters say it is probably or definitely normal and expected for businesses and large organizations to be hacked. However, relatively few say this is definitely normal (21 percent in the U.S., 13 percent in the U.K., 16 percent in Germany).
And just because some respondents consider hacking normal does not mean they are letting businesses off the hook. The study found that 21 percent of U.S. consumers say they are very likely to stop transacting with a business that has been hacked. The people most likely to take their business elsewhere include those who have had their personal information compromised in a hack, those who are tech savvy and those who are frequent online shoppers.
“The study clearly points to the need for organizations to dramatically bolster their security systems and do everything in their power to protect consumer information and prevent a breach,” said Tom Kemp, CEO of Centrify. “When companies put customer data at risk they are really putting their entire business at risk. Consumers simply will not tolerate doing business with hacked organizations. It’s time for organizations to take full responsibility for their security and put the proper measures in place once and for all.”
The survey found that financial institutions have the best reputation when it comes to dealing with hacks relative to other industries. They received the most number one, two or three rankings among seven different industries in terms of how well they handle security issues for their customers. Medical and health organizations were a clear second place (in being ranked first, second or third) of the seven industries, followed by government. However, there is less faith in retail businesses, which ranked fourth of seven in each country, and travel sites, which ranked fifth of seven in each country. Bringing up the rear were membership and hospitality businesses, which received the lowest rankings by a wide margin.
The good news is that, when companies are hacked, they are not engaging in cover-ups or trying to sweep the incident under the rug. Instead, they are increasingly going public with the news and notifying their customers directly. The study found that about half the people in the U.S., one-third in the U.K. and one-quarter in Germany were notified of a hack. In each of those groups, between 45 percent and 53 percent say they learned from the company that their personal information was compromised.
And, when hacks occur, businesses are proactively asking their customers to follow a number of precautionary steps. Specifically, 61 percent of U.S. consumers were advised by the hacked organization to carefully monitor all bank account transactions and 59 percent were asked to change their passwords. By contrast, just 33 percent of respondents said they were advised to request alerts, and less than a third of respondents were advised to consider a security freeze or use multi-factor authentication.
To reduce the risk of being breached, organizations should implement technologies such as single sign-on and privileged account security, including session monitoring. Companies should also require multi-factor authentication for access to sensitive data, as mandated by the recently updated Payment Card Industry Data Security Standard.
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The Centrify Identity Platform protects against the leading point of attack used in data breaches ― compromised credentials — by securing an enterprise’s internal and external users as well as its privileged accounts. Centrify delivers stronger security, continuous compliance and enhanced user productivity through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring. Centrify is trusted by over 5000 customers, including more than half of the Fortune 50.
###Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners