Data breaches are everywhere. They’ve become so common that, according to a new Imperva research report, more than a quarter of us (27 percent) don’t even bother to change our passwords, even if we know they’ve been compromised.
For many, insecurity has become a default, something we have to live with. The idea that hackers could steal our data, our money, even our identity, is the cost we accept for living in the digital world. If we want to use services such as online banking or social networks, we have no choice but to give our data in exchange.
But the new Imperva ‘No Silver Linings’ Research it suggests that the status quo is actually profoundly unstable. In general, consumer confidence in companies to keep their data safe is at rock bottom. And the longer consumers feel forced to give up their data to organizations they don’t trust to access basic services, the greater their frustration and anger. We are already seeing a significant technological backlash on both sides of the Atlantic, from the American Online Choice and Innovation Act in the US to the Digital Markets Act in Europe. But is the digital trust deficit something that companies can tackle on their own, or are we heading into a new era of much stricter regulation?
Fear and distrust
It’s not hard to see why there’s a growing digital trust deficit when nearly two-thirds of consumers (64 percent) believe they have no choice but to hand over their personal information to use digital services like online banking or e-commerce. Similar numbers (67 percent) say they “have no idea” how many organizations have access to their data, while more than a quarter (26 percent) say it’s “inevitable” that their data will be compromised at some point .
All of this indicates that people around the world feel they have little or no control over their personal information, and these feelings of powerlessness are fueling growing fear and mistrust. More than two-fifths of citizens (41 percent) say that their faith in the ability of digital service providers to keep their data safe has diminished in the last five years. In the UK in particular, the percentage of people who trust retailers (5 per cent), social media companies (3 per cent) and online gaming platforms (2 per cent) has all but bottomed out.
Additionally, thanks to near-constant stories about breaches and cyberattacks in the news, consumers are much more aware of the risks of exposing their personal data. Some of the biggest fears include money being stolen and never getting it back (58 percent), identity theft (53 percent), or being targeted by sophisticated scams (19 percent).
The Techlash is here
These figures show that, around the world, there is deep concern about how well companies actually protect customer information and fears about how that data can be used against them – concerns that are now starting to translate into legislation.
Talk of regulating technology companies is not new, but since the historic introduction of the GDPR in 2018, there has been more momentum from government organizations than ever before. In Australia, there have been moves to strengthen the Privacy Act of 1988, in the US, the California Privacy Rights Act (CPRA) will come into force in 2023, and in the UK, the California Privacy Bill Online Security looks set to become law, all imposing more requirements on companies about how they protect citizens and their data.
Most importantly, the EU is moving forward with a series of regulatory changes, including the Digital Markets Law, the Digital Services Law and the EU Data Law, with the aim of protecting consumers and curbing the power of the ‘Big Tech’.
A self-regulated future?
Much of the regulation is already in place or will come into force in the near future. However, these requirements could only be the beginning. Right now, the future regulatory environment will largely depend on the extent to which companies can regain consumer trust by showing that they can adequately protect customers’ personal information.
If the private sector can demonstrate to consumers that the data they are handing over in exchange for digital services is indeed secure, government agencies may decide that they do not need to push such an aggressive regulatory agenda and that self-regulation can meet consumer demands. . However, if public dissatisfaction continues to grow, the swath of legislation we are seeing now may only be the first phase of a long-term shift towards higher levels of data security being imposed on the industry.
Regain consumer confidence
For many companies, regaining consumer trust will require a significant mindset shift. Today, application security, data security, and privacy are all too often viewed as separate entities when, in fact, each feeds the other two. This rethinking will help organizations see the links between the three aspects and develop security strategies that cohesively address them together.
From a practical perspective, this means that, at a minimum, companies must have complete visibility and control over all customer data that is collected, including structured, semi-structured, and unstructured data, no matter where it resides in their environment. as well as monitoring all paths Along with excellent data control, auditing and activity monitoring features, these steps provide much stronger protection and show that customers’ concerns about data security and privacy are taken really.
The debate on consumer privacy and data protection is at a turning point. There is great consternation among citizens around the world about how much data they have to give to companies, how that data is used, and how malicious actors could weaponize it against them.
The extent to which consumers, and the governments that represent them, feel that more regulation is needed will be decided in large part by how well companies demonstrate responsibility when it comes to data privacy. We may be headed for much greater legal scrutiny than has been applied before, or a lighter system of self-regulation. But either way, consumers are making it clear that the status quo is not something they are willing to accept forever.
Terry Ray is SVP and Field CTO at imperva