资源描述
RSA DATA PRIVACY & SECURITY SURVEY 2019: The Growing Data Disconnect Between Consumers and Businesses But there is a growing disconnect between how companies capitalize on customer data and consumer expectations around how their data should be used and secured. 2018 was host to a myriad of high-profile data breaches that compromised billions of accounts. In these incidents, businesses suffered financial damages in the form of breach-related expenses and regulatory fines, and they also suffered a potentially irreparable loss of customer trust. Consumers realized that their data had been exposed, and that it had been used in ways they had not considered and approved. This loss of trust represents one of the biggest hidden risks of digital transformation. Cyber breaches could potentially become market-making events heralding the decline and eventual demise of big brand names if consumers flee to competitors.CUSTOMER DATA IS CREATING DIGITAL RISK As competition increases across every marketplace, companies are rapidly evolving digital business models and services in an ongoing effort to give consumers better, more tailored, and more purchase-worthy digital experiences.It is against this backdrop that we conducted our second annual RSA Data Privacy & Security Survey, focusing on a topic increasingly relevant to todays business environment: ethical use of data. EXECUTIVE SUMMARYThe steady drumbeat of data-misuse and breach disclosure-related headlines of recent years is rapidly evolving consumers data-privacy attitudes. While consumers believe there are ethical ways companies can use their data, they harbor heightened concerns about their privacy, distrust trends such as personalization and device tracking, and blame companies when hacked. Somewhat paradoxically, consumers also believe that their responsibility to protect their own data is minimal, leading to lax password and information-handling practices. As a result, companies need to educate consumers about how data is shared, gain their consent and trust, and lead by example. Those who do will forge their brand around the ethical use of data, while those who delay or defer may experience a backlash in the media-driven marketplace.RSA DATA PRIVACY & SECURITY SURVEY AT A GLANCEOur second annual survey focuses on ethical data use. It provides: An analysis of consumer expectations in France, Germany, the United Kingdom (U.K.), and the United States (U.S.), as evidenced by survey respondents An understanding of country-by-country differences and why they matterAs RSA probed consumer perspectives on data collection, usage, and sharing, we uncovered the following insights for businesses to take away from the report:Context matters: Individuals across all countries surveyed are concerned about their financial/banking data, as well as about sensitive information such as passwords. Other areas of concern vary dramatically by generation, nationality, and even gender. Companies must consider their users personal context when establishing and communicating their data policies and practices. Privacy expectations are cultural: While the EU General Data Protection Regulation(GDPR) spans all member states of the European Union, consumers respond to data privacy differently based on their nationality due to cultural factors, current events, and high-profile data breaches in their respective countries. Businesses need to consider how regulations and other data-sharing violations are shapingand hardeningpublic opinion across all their markets. Personalization remains a puzzle: Countless studies have demonstrated that personalized experiences increase user activity and purchasing. However, at the same time, consumers disagree with the statement that companies having more data allows them to offer better and more personalized products and services. Last year, we witnessed both a media and consumer backlash when big brands revealed far-reaching data collection and sharing practices, as well as data breaches. Its imperative for companies to communicate why and how they are using customer data to mitigate future business risk. 1.2.3.HOW ATTITUDES TOWARDTHE ETHICAL USE OF DATA VARYWhen asked, “There are ethical ways in which a company can use my personal information/data,” 48% of survey respondents on average agreed. A look at generational differences, including Gen Z, younger and older Millennials, Gen X, and Baby Boomers Insight into consumers attitudes toward how different types of personal information, such as online passwords, contact information, browsing data, medical data, and more, should be protected Recommendations for companies who want to create sustainable ethical data policies The U.S. leads the countries surveyed in consumer acceptance: In the U.S., 60% agreed, but only 48% in the U.K., 45% in France, and 43% in Germany agreed. Digital-born consumers are the most comfortable with data sharing: 54% of Gen Z (ages 1824 in this survey) and 54% of younger Millennials (ages 2534 in this survey) agreed, while only 49% of older Millennials (ages 3544 in this survey), 47% of Gen X (ages 4554 in this survey), and 44% of Boomers (ages 55+ in this survey) agreed.As consumer attitudes vary across generations, regions, and time, it is critical that companies policies are sustainable. To achieve this goal, companies must acknowledge and protect consumers right to privacy while considering the impact of emerging technology. It is our hope that companies can use this survey information to craft and refine their own ethical data policies and standards. By so doing, they can forge deeper connections with customers to grow their business while addressing very real concerns about data protection and privacy.ABOUT THIS SURVEYThis is the second year of the RSA Data Privacy & Security Survey. The purpose of the annual survey is to understand global consumer values about data privacy and security, and chart year-over-year changes. By so doing, we seek to understand critical data collection, usage, storage, compliance, and security trends that can impact businesses in their fast-moving marketplaces. OUR METHODOLOGYA TOTAL SAMPLE SIZE WAS6,387ADULTS IN FRANCE, GERMANY, THE U.K., AND THE U.S.FRANCE GERMANYU.K. U.S. The survey was conducted online by YouGov Plc. All figures, unless otherwise stated, are from YouGov Plc. The survey was conducted in the period of December 1827, 2018, for a true year-end look at consumer attitudes. Figures have been given an even weighting for each country to produce an “average” value. Respondents were surveyed across several age brackets: ASSESSING DATA USE ACROSS THE GENERATIONSPERSONAL INFORMATION TYPES CONSUMERS CONSIDER PROTECTINGConsumer attitudes vary on personal information they view as private. For the purpose of this report, we are defining personal information as: Financial/banking data Security information Identity papers Medical records Contact informationKEY INSIGHT #1WHEN IT COMES TO DATA, CONTEXT MATTERSWhile consumers recognize that they create and share vast amounts of digital data, they view different types of data differently. Because of this, not all personal information is created or protected equally. Biometrics Genetic data Browsing data Location data Political party affiliationWe asked survey respondents, “Overall, which, if any, of the following types of personal information/data do you generally feel protective of?” The answer was: Any data that could be used to steal their identities or commit fraud. Heres a short list of the data types consumers fear losing control over.IDENTITY INFORMATIONFINANCIAL/BANKING DATASECURITY INFORMATIONMEDICAL INFORMATIONCONTACT INFORMATION70%78% 75% 61% 57% Ages 1824 (Gen Z) Ages 2534 (younger Millennials) Ages 3544 (older Millennials) Ages 4554 (Gen X) Ages 55 and above (Boomers)ASSESSING DATA USE ACROSS THE GENERATIONSTHE TOP 5 TYPES OF PERSONAL INFORMATION CONSUMERS CARE ABOUTPLEASE SAFEGUARD MY RECYCLED PASSWORDAccording to another survey, despite user sensitivity around password loss, up to 73% of users reuse the same passwords across their online accounts, increasing the risk of password theft and credential misuse. Boomers in all markets surveyed care more about these top five pieces of personal information than the other age groups, as the general comfort around data use increases in younger age groups. However, Gen Zs expressed greater concern around their digital footprint (location, photos, and videos) compared to the other data types, bringing their concerns more in line with the older demographics.Consumers desire to protect these types of personal information is understandable, given that this data can be used to commit identity theft and worse. With repeated data exposures, cybercriminals find it easier than ever to construct digital identities, typically to commit financial fraud, but also to impersonate victims. In recent years, cybercriminals have taken over childrens identities since they lack credit historiescommitting financial fraud that often takes years to detect. WOMEN ASSERT THEIR RIGHT TO DIGITAL PRIVACYMales and females in all markets surveyed feel similarly about protecting their personal information, with one important exception: Women are more protective than men of photos and video. As a result, a companys loss of control of this data is viewed by women as an intense violation of personal privacy. As weve seen in the past, it is the company who is blamed for these incidents, despite consumers creating these risks by responding to spear phishing attacks or using weak passwords. Thus, adopting technologies like multi-factor authentication and user behavioral analytics is particularly important for businesses that store sensitive information. Women are more protective of photos and videos than men are: 54% to 47%. “In addition, hacking techniques, such as credential stuffing, automate attacks using stolen credentials, gaining faster access to a network through one or multiple accounts. This technique enables hackers to commit greater data theft before they are identified and boxed out of networks by security teams. KEY INSIGHT #2 DATA PRIVACY EXPECTATIONS ARE CULTURALThe GDPR came into effect on May 25, 2018. France, Germany, and the U.K. all passed data privacy legislation to harmonize with the GDPR and adapt it to their countries needs. Since then, data privacy complaints have increased in these three countries.Whats interesting is European attitudes toward data privacy are not monolithic. As a case in point, our survey found that the French were less protective of their personal data than their German and U.K. counterparts across almost all categories of data surveyed. DATA PRIVACY SURPRISE:WHAT CONSUMERS DONT CARE TO PROTEECTFrench and U.S. consumers feel freer about sharing data than their German and U.K. counterparts. Whos concerned?ONLY43%OF FRENCH FEEL PROTECTIVE OF THEIR MEDICAL DATAONLY37%OF FRENCH AND U.S. FEEL PROTECTIVE OF THEIR BROWSING DATAONLY42%OF U.S. FEEL PROTECTIVE OF THEIR COMMUNICATIONS (MESSAGES, EMAILS, ETC.)France was the least concerned nation surveyed, with regard to the privacy of their medical records (however, their concern increased 10% year-over-year). Germans are generally less comfortable sharing data, and it is possible that the recent passage of the GDPR has propelled national awareness and concern about data sharing to new heights. As the chart below indicates, Germans have become more protective of their data, with the greatest increase seen in their desire to protect location-tracking data. DATA PRIVACY IS A GROWING CONCERN REGIONALLYGERMANS ARE FIERCELY PROTECTIVE OF DATA PRIVACYHeres how German attitudes about data privacy changed within months of the GDPRs implementation:20172018 vs.FEEL PROTECTIVE OF COMMUNICATIONS:70% 63%62% 52%42% 29%FEEL PROTECTIVE OF MEDICAL DATA:FEEL PROTECTIVE OF LOCATION DATA:Germans are also increasingly protective of their childrens privacy, banning the sale of IoT toysand smart watches which can be used to monitor and track childrens behavior. When it comes to stolen data, consumers worldwide are worried about identity theft resulting in financial loss. All respondents expressed concern about monetary lossthe U.K. especially so.CONSUMERS ARE MORE CONCERNED ABOUT IDENTITY THEFT THAN EVERU.K. respondents were the most concerned about identity theft resulting in financial loss. Some 78% were concerned versus an average of 72% of all countries surveyed. “Blackmail is also a worry, but not for all. Gen Z is disproportionately concerned (with 42% worried), compared to older generations. This is likely because Gen Z is the most digitally wired of all generations, using social networking and messaging compulsively and consuming online content in bite-sized chunks throughout the day. As such, Gen Z has the largest digital footprint to protect. Beginning with younger Millennials, blackmail worries fade. Just 35% of younger and older Millennials, 32% of Gen X, and 31% of Boomers are concerned. This is likely because older generations are more hesitant to share personal information and thus post less information that would be blackmail-worthy. In addition, Gen Xers and Boomers who are preparing foror enteringretirement could be less concerned with professional risk than their younger counterparts.Gen Z is more worried about blackmail than other generations. Some 42% in 2018 feared blackmail. On average, only 34% of all respondents were concerned.“THE BLAME GAME: POINTING FINGERS AFTER A BREACHIn the aftermath of a data breach, its easy to point fingers: at a CEO for a culture of noncompliance, at a CMO for aggressive marketing, at a CIO for not addressing vulnerabilitiesor at the hackers themselves.U.K. and U.S. respondents tend to blame companies instead of hackers, while French and Germans disagree. This may be due to the recent high-profile breaches in the U.K. and U.S., fresh in the memory of our respondents. Whats clear, though, is consumers do not blame themselves. Most feel they would not get in trouble if they lost confidential data on the job. Similarly, when companies get hacked due to employees poor username and password practices, companies are blamed. Often, these hacks can be traced to third-party and social media sites, where employees have reused usernames and passwords, effectively opening the door for hackers at their places of business. To date, data breaches in Germany and France have been smaller scale, and both countries have tough new legislation aligned with the GDPR. For these reasons, consumers in these countries may be more willing to blame hackers, rather than companies. When their data is hacked, consumers usually say companies are to blame. In answer to the question, “If a company loses my personal data/information I feel inclined to blame them above anyone else, even the hacker”: AFTER THE HACK: WHOS TO BLAMEU.S. RESP
展开阅读全文