Consumers Worried about Data Breaches, but Don't Change Shopping Habits

In a world where the growing use of connected devices such as smart watches and connected cars is occurring at the same time that massive data breaches are making headlines, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.

The 2014 ISACA IT Risk/Reward Barometer shows that the vast majority of US consumers (94%) have read or heard about major retailer data breaches in the past year, and three-quarters say retailer data breaches have increased concerns about their personal data privacy during the same period. The majority (61%) characterize the way they manage data privacy on connected devices they own as Take-Charge rather than Reactive (26%) or Passive (11%). Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN code (45%), made fewer online purchases using mobile devices (15%), or shopped less frequently at one or more of the retailers that experienced a data breach (28%).

“One of the most dramatic conclusions from this year’s study is the huge gap between people’s concerns about protecting their data privacy and security versus the actions they take,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks.”

In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software, and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, including 452 in the US, and a survey of more than 4,000 consumers in four countries, including 1,209 in the US.

The potential risk caused by this gap between knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. About a quarter or more of consumers now own or regularly use smart TVs (32%) or connected cars (27%), for example, and more than half of people’s wish lists for the coming year include connected devices (58%).

Among the top consumer concerns about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (38%), not knowing how the information collected by the devices will be used (22%), and companies or organizations being able to track an individual’s actions or whereabouts (12%).

Wearables at Work

Despite these privacy and security concerns, wearables are making their way into the workplace:

68% of employed Americans would consider using one or more connected wearable devices in their current workplace, according to the consumer survey.
In fact, 1 in 10 employed Americans would consider wearing smart glasses, such as Google Glass, in their current workplace.
Yet close to half of ISACA members in the U.S. (45%) believe the risk of the Internet of Things outweighs the benefit for enterprise.

IT Departments Still Not Ready for the Internet of Things

The 110-country survey of ISACA members shows that few IT departments or workplaces in general are ready for the invasion of wearables. Forty percent of US members say their organization has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (61%) say their BYOD policy does not address wearable tech and another 16 percent do not even have a BYOD policy.

ISACA members in the US are evenly divided as to whether the benefit of the Internet of Things outweighs the risk for individuals (38%) or the risk outweighs the benefit (37%), but fully 71 percent describe themselves as very concerned about the decreasing level of personal privacy.

“The Internet of Things is here, and following the holidays, we are likely to see a surge in wearable devices in the workplace,” said Rob Clyde, international vice president of ISACA and CEO of Adaptive Computing. “These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”