Do you really believe organizations care about your private data and keeping it safe and secure?
That's the question Mountain View, Calif.-based cloud security vendor HyTrust Inc. recently asked 2,000 consumers in an online survey conducted via Google. With a new data breach seemingly surfacing every week, it is perhaps unsurprising that nearly three-fourths of respondents indicated they think companies don't care enough about the privacy and security of their data.
Despite being outraged over a string of recent retailer breaches and revelations regarding the National Security Agency's monitoring activities, Eric Chiu, president and co-founder of HyTrust, said he hasn't witnessed any notable shift in consumers' behavior around valuing security. Consumer inaction doesn't mean organizations can continue to ignore data privacy and security though, warned Chiu, who pointed to the recent breach at Minneapolis-based retailer Target as an example of spiraling costs associated with suffering a data breach.
When the Target breach was initially reported, John Kindervag, VP and research analyst at Cambridge, Mass.-based Forrester Research Inc., estimated that the incident could cost the Fortune 500 retailer up to $100 million. As the scope of the breach has widened since then, some experts, including retail analyst Daniel Binder at equities research firm Jefferies & Company Inc., have estimated it may end up costing Target over $1 billion.
Chiu said retailers in the past had typically set aside 2% of the cost of a sale to cover the cost of fraud, which would also include data breaches. Considering the sizable cost attached to the Target breach, Chiu warned organizations to change the "cost of doing business" mentality they take toward security before it costs them much more.
"These companies really need to focus on doing what is best for their customers, not just what is best for their profits and revenues," Chiu said. "Because if all you care about is increasing your profits and revenues, things like security never bubble up. And at the same time, one bad thing that happens could cost you all those profits and revenues in one fell swoop."
Discussing the HyTrust survey, Rajat Bhargava, co-founder and CEO of Boulder, Colo.-based server management vendor JumpCloud, said he wanted to know who the 28% of respondents were that thought companies are doing enough to protect consumers' data. He noted that, despite his personal awareness of the many security challenges facing organizations, he doesn't believe enough of them do enough to address security concerns.
Consumer-facing companies, particularly in the mobile space, may just be taking on the attitude of consumers, according to Bhargava, as he emphasized security is "absolutely a must" in any product pitched to enterprises. Bhargava pointed to his own experience as the co-founder of MobileDay, an enterprise mobile application that doesn't take any data from users' devices that isn't necessary, such as calendar and contact info.
That stance is in stark contrast to many mobile applications used by everyday consumers, Bhargava said, most of which collect as much personal info as possible in an attempt to increase advertising revenues. Bhargava indicated that consumers may not be fully aware of just how their data is being used by companies, but until consumers make security a greater part of purchasing decisions, it is unlikely that businesses will do the same.
"I think security will become a selling point in some cases, not so much to consumers as large enterprises," Bhargava said. "If a company focused heavily on security in the consumer space, it may not be as big a deal [as it is in the enterprise space]."