Every other day we hear about a brand new data breach, some worse than others, some featuring more sensitive data than others. What has become more and more obvious over the years, as people begin to appreciate the need for security more and the value of their data, is that people start to lose their trust in companies that have fallen victim to hackers.
Realistically, this either doesn’t affect large companies, or many of these people are just talk. For instance, all 3 billion accounts of Yahoo users have been affected, and while we’re sure that many users have decided to shut down their accounts, the majority hasn’t.
Thankfully, the survey also asked what industries the affected companies should be in for consumers to quit them, so the people picked a few. Over 60% decided they’d quit if a retailer’s site was breached, 59% would switch banks, while 58% would do the same if their social media accounts were compromised.
The survey further shows that consumers aren’t doing too good either in the security department, with 56% of them using the same password for multiple accounts, and 41% of them failing to use robust security solutions, such as two-factor authentication.
Perhaps one of the things companies rely on is the fact that consumers are likely to forget about the data breach, or unlikely to research whether one service or another had ever been affected by a data breach when opening an account. Unluckily for them, Mozilla, the company behind Firefox, is planning to plaster notifications about data breaches every time someone visits a site that has suffered from a hack. Basically, if you’ll go to mail.yahoo.com, for instance, you’ll get a message saying that website had previously suffered a data breach. The company’s failure to secure people’s accounts won’t just go forgotten after a few months.
The new feature is a notifications system that uses data from the famous Have I Been Pwned site belonging to Troy Hunt, which indexes public data breaches and allows users to check if their own accounts have been compromised.
Data breach, the unforgivable mistake
With the GDPR regulations set to go into force in Europe this coming May, it’s now up to businesses to make sure they provide security protocols from the get-go. Companies will face fines if they don’t secure their systems, and, in case a data breach does occur if they don’t inform the authorities and the users in due time, they can pay up to 4% of their annual global revenues.
Take Uber, for example, the ridesharing service that’s popular in numerous corners of the globe. The company recently announced that last year it had suffered a data breach that the previous CEO tried to bury by paying off the hackers to delete all data and to keep their mouths shut. Had the GDPR been active, Uber would have been in deep trouble. Needless to say, they’ll still pay for the failure to secure its servers since the company has already been sued over this breach. The hardest impact, however, may very well be the drop in trust from users, which is something such companies depend on.
Issues here stem in part from the low budgets assigned by companies for cybersecurity. Corporations allocate on average 5% of their IT development to security, shows a SANS estimate. What’s worse is that 15% of companies spend less than 3%, while only 2.5% of corporations spend over 25%. It’s impossible to tell exactly how much money Uber spent on security, but it’s clear it wasn’t enough.