Consumers, who do you trust?

When it comes to securing their data, consumers’ trust in banks is higher across the board than is their faith in other organizations to do the same.  It’s like an automatic assumption, that because these entities’ primary business is handling money, they’re inherently safer.  This perception might, and could change, however, if they knew the truth about the levels of preparedness the banks themselves express.

The facts were published in a recent Capgemini survey of almost 8,000 consumers and 183 senior data privacy and security professionals at banking and insurance firms worldwide.  While 83% of consumers voiced trust in the cybersecurity capabilities of banks and insurance firms, only 21% of banking execs trusted their own ability to detect a breach.  This is borne out by the disparity of those who think their banks have experienced a data breach (3%) versus the financial institutions that acknowledged they have (26%).

If things continue as they are, with the caveat of ever more transparency, the perception of banks’ invulnerability “is under threat as…consumers become more aware of breaches that do occur,” states the report.  It adds, “If organizations do not take proactive steps to enhance security and privacy, consumers will quickly realize that their high levels of trust are perhaps misplaced, with significant consequences for the sector.”

Especially when 75% of respondent consumers claimed they would change providers in the event of a data breach.

And that is the least of what they might do.  Although the class action lawsuit against Anthem for its 2015 mega breach is still in the discovery phase, the fact is, unlike previously attempted class actions against an organization for a data breach, the motion to dismiss was denied.  “Usually, a threshold issue in any data breach class action is the issue of ‘standing,’ which is raised early at the motion-to-dismiss stage,” write attorneys Janine A. Bowen and John P. Hutchins for LeClairRyan’s “Information Counts” blog.  “In order to overcome this challenge, the plaintiffs’ complaint must sufficiently allege actual harm suffered because of the breach.”

At the time, this signaled that plaintiffs were getting more adept at demonstrating sufficient harm, and that defendant organizations could not count on automatically getting the case tossed—even if “no court has yet certified a consumer breach class.”

Ultimately, when it comes to banks, it doesn’t seem like the lesson Bowen and Hutchins think Anthem should have imparted is being heeded.  “The Anthem breach also should have served as a reminder of a very important fact: no organization, no matter how large and no matter what security protocols are in place, is immune from its systems being compromised,” they conclude.  People should be more reserved with their trust, and not presume that a breach cannot affect them.

Well, if the trends and the transparency continue, they probably will be.