Products & Releases

ISACA Survey: Most Consumers Aware of Major Data Breaches but Fewer than Half Have Changed Key Shopping Behaviors

Results also reveal struggles with privacy and security as use of connected devices and wearables grows

Rolling Meadows, IL, USA (12 November 2014)—In a world where the growing use of connected devices such as smart watches and connected cars is occurring at the same time that massive data breaches are making headlines, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.

The 2014 ISACA IT Risk/Reward Barometer shows that the vast majority of US consumers (94%) have read or heard about major retailer data breaches in the past year, and three-quarters say retailer data breaches have increased concerns about their personal data privacy during the same period. The majority (61%) characterize the way they manage data privacy on connected devices they own as Take-Charge rather than Reactive (26%) or Passive (11%). Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN code (45%), made fewer online purchases using mobile devices (15%), or shopped less frequently at one or more of the retailers that experienced a data breach (28%).

“One of the most dramatic conclusions from this year’s study is the huge gap between people’s concerns about protecting their data privacy and security versus the actions they take,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks.” 

In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software, and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, including 452 in the US, and a survey of more than 4,000 consumers in four countries, including 1,209 in the US.

The potential risk caused by this gap between knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. About a quarter or more of consumers now own or regularly use smart TVs (32%) or connected cars (27%), for example, and more than half of people’s wish lists for the coming year include connected devices (58%).

Among the top consumer concerns about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (38%), not knowing how the information collected by the devices will be used (22%), and companies or organizations being able to track an individual’s actions or whereabouts (12%).

Wearables at Work

Despite these privacy and security concerns, wearables are making their way into the workplace:

·         68% of employed Americans would consider using one or more connected wearable devices in their current workplace, according to the consumer survey.

·         In fact, 1 in 10 employed Americans would consider wearing smart glasses, such as Google Glass, in their current workplace.

·         Yet close to half of ISACA members in the U.S. (45%) believe the risk of the Internet of Things outweighs the benefit for enterprise.

IT Departments Still Not Ready for the Internet of Things

The 110-country survey of ISACA members shows that few IT departments or workplaces in general are ready for the invasion of wearables. Forty percent of US members say their organization has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (61%) say their BYOD policy does not address wearable tech and another 16 percent do not even have a BYOD policy.

ISACA members in the US are evenly divided as to whether the benefit of the Internet of Things outweighs the risk for individuals (38%) or the risk outweighs the benefit (37%), but fully 71 percent describe themselves as very concerned about the decreasing level of personal privacy.

“The Internet of Things is here, and following the holidays, we are likely to see a surge in wearable devices in the workplace,” said Rob Clyde, international vice president of ISACA and CEO of Adaptive Computing. “These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”

ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice. Additional information is at

For a full survey report, including related infographics, video and global results, visit


About the 2014 IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of more than 115,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2014 online polling of 1,646 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,209 consumers in the US, 1,001 consumers in the UK, 1,007 consumers in India and 1,007 consumers in Australia. The US survey ran 8-11 September 2014, and the UK, India and Australia surveys ran 8-17 September 2014. At a 95 percent confidence level, the margin of error for each individual country sample is: US:  +/- 2.8 percent and UK/India/Australia: +/- 3.1%. To see the full results, visit



With more than 115,000 constituents in 180 countries, ISACA® ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT®, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.


Participate in the ISACA Knowledge

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),   

Like ISACA on Facebook:



Joanne Duffer, +1.847.660.5564, [email protected]

Aaron Berger, +1.646.935.4146, aaron. [email protected]