Digital distrust

CA Technologies Study Reveals Significant Gap in Perception of State of Digital Trust Between UK Consumers and Organisations

“This new study reveals a marked gap in perception on trust, as it relates to UK consumers’ expectations and the way organisations collect, store and use their digital information,” says Stephen Walsh, Sr Director, Security, CA Technologies. “Consumers are increasingly transacting online, providing businesses with access to vast amounts of data, and organisations are consequently processing and storing a growing amount of personally identifiable user data. If businesses don’t do their due diligence to protect consumer data from getting into the wrong hands, trust can be fleeting, which can negatively impact the bottom line.”

The Digital Trust Index

Frost & Sullivan calculates the Digital Trust Index based on a number of different metrics that measure key factors around the concept of digital trust, including how willing consumers are to share personal data with organisations, how well they think organisations protect that data and the extent to which consumers believe companies sell their personal data to other companies. The result is a sliding scale where a 1 represents “no trust” and 100 is “total trust.”

UK responses to the survey reveal that the Digital Trust Index for 2018 is 56 points out of 100 in the UK, lower than in France (58) and Italy (57), but above Germany (54). It is also markedly lower than the 61 Index global average score. These scores indicate only marginal faith by UK consumers in the ability or desire of organisations to fully protect user data.

By contrast, UK cybersecurity professionals and business executives score an average of 73 on the Digital Trust Index – a perception gap of 17 points – signifying mismatched perceptions among these audiences in a measurement of perceived consumer trust versus actual consumer trust.

Key highlights from the study

The study reveals other interesting attitudes and perceptions among UK consumers and organisations with regards to digital data protection.

• Less than half of UK consumers (46 percent) are willing to provide organisations with their personal data in exchange for free or less expensive services.
• The majority of UK organisations (56 percent) admit to using consumer data internally, including personally identifiable information (PII). And 47 percent of UK business executives admit their organisation sells consumer data (including PII) to other organisations/business partners. However, only 33 percent of UK cybersecurity professionals stated they knew that their company was selling this data.
• An overwhelming majority (83 percent) of UK consumers prefer security over convenience during the transaction authentication process. However, UK organisations see it differently: only 60 percent of cybersecurity professionals and 59 percent of business executives place security ahead of convenience.
• The vast majority (88 percent) of UK business executives claim that they are “excellent/very good” at protecting consumer data, showing a high level of self-confidence, despite the fact that the majority (56 percent) of UK business executives admitted that their organisation had been involved in a publicly disclosed consumer data breach. Moreover, 44 percent claim that data breach occurred within the last year.
• Some 29 percent of UK consumers report that they currently use the services of organisations that were involved in a publicly disclosed data breach. Of these, 32 percent have stopped using the services of an organisation because of a breach.
• More transparency on data protection policies is required: 64 percent of UK consumers and 89 percent of UK organisations agree that providing consumers with easy to understand information about data protection policies increases consumer trust. However, only one third (32 percent) of UK consumers claim to receive this information, although 85 percent of organisations claim they provide it.

Amidst a continuous stream of headlines about major data breaches in enterprise and government agencies, the degree to which UK consumers have placed their trust in organisations to protect their PII online has never been more relevant.

The study results point to a significant gap between how UK organisations view their responsibilities on data stewardship and consumer expectations around how organisations protect consumer data. In the application economy where data is king, organisations must prioritise data privacy and security or risk serious ramifications. Organisations can mitigate these risks by taking a proactive stance on security, such as narrowing their policies for sharing user data, reducing privileged user access, implementing continuous user authentication technologies, and adopting better cybersecurity and privacy controls to stop hackers.

“We are at a crossroads in the information age as more companies are being pulled into the spotlight for failing to protect the data they hold. With this research, we sought to understand how consumers feel about putting data in organisations’ hands and how those organisations view their duty of care to protect that data,” says Jarad Carleton, industry principal, Cybersecurity at Frost & Sullivan. “What the survey found is that there is certainly a price to pay – whether you’re a consumer or you run a business that handles consumer data – when it comes to maintaining data privacy. Respect for consumer privacy must become an ethical pillar for any business that collects user data.”

“To build more trusted consumer relationships, businesses need to work harder at protecting data against abuse from external and internal sources,” Stephen Walsh comments. “They need to understand that success in the digital economy requires a security-first mindset – a key tenet in our Modern Software Factory model. A loss of digital trust has implications on all aspects of a business and brand perception.”