Consumers Care About Privacy, but Not Enough to Act on ItConsumers Care About Privacy, but Not Enough to Act on It
People claim to value data privacy and don't trust businesses to protect them – but most fail to protect themselves.
March 5, 2019
RSA CONFERENCE 2019 – San Francisco –When it comes to data privacy, users' practices fail to align with their values. Most claim to value privacy and don't fully trust businesses to protect their information, yet they aren't taking the necessary steps to put their own privacy safeguards in place.
The data comes from a new Malwarebytes survey, entitled "The Blinding Effect of Security Hubris on Data Privacy," released here this week at the RSA Conference. Between Jan. 14 and Feb. 15, 2019, researchers polled nearly 4,000 people to learn about their confidence in their own privacy and security practices, as well as their trust in organizations to protect data.
As it turns out, participants do care about security – but only enough to do the bare minimum. Their perceived confidence in their privacy practices is higher than reality, researchers report.
Most (96%) people across generations, and more than 93% of Millennials, say they care about privacy. Nearly all take steps to secure their information online. Most (93%) use security software, nearly 90% say they regularly update software, and about 85% verify websites are secure before purchasing. Ninety-four percent avoid sharing personal data on social media.
People largely distrust social media platforms with their data. Researchers asked participants to rate, on a scale of 1-5, how much they trusted social media to protect their data. The average response: 0.6. Baby Boomers are most distrustful of social media (96%), followed by Gen X (94%), Gen Z (93%), and Millennials (92%). In total, 95% say they distrust for social media platforms.
Search engines are considered more trustworthy. When asked to rank their trust of search engines on a 1-5 scale, the average response was a little over 2. Gen Z (75%) is the most distrustful of search engines, followed by Gen X (65%), Millennials (64%), and Baby Boomers (57%).
"One of the things that caught me by surprise was how much you trust social media versus search engines," said Marcin Kleczynski, CEO of Malwarebytes, in an interview with Dark Reading. "From a social media perspective, you're already giving up the data pretty willingly."
It's no surprise, given Facebook's privacy scandals and tech giants' advertising practices, that users feel skeptical to share information. "How much you're willing to share with Facebook is also how much you're willing to lose in terms of privacy," Kleczynski pointed out.
Eighty-seven percent of respondents aren't confident in sharing personally identifiable information (PII) online. Those who are willing to share are most likely to share contact information, payment card details, and banking and health-related data with those sites.
Despite their distrust in tech giants and confidence in their privacy practices, people aren't likely to go out of their way to safeguard their information: One-third of respondents claim to read end user license agreements (66% either skim through or ignore them entirely), 47% know which permissions their applications have, and about 53% use password managers. Twenty-nine percent reuse the same passwords across websites; for Millennials, that number was 37%.
"This kind of behavior is what criminals want users to do," experts say in the report. The practice makes it easy for attackers to steal credentials from one place and use them elsewhere – a practice easily prevented with password managers, they continue.
"These are pretty concerning trends," Kleczynski noted, adding that using a password manager is "the biggest thing you can do as a citizen online." The common thread of unfollowed practices is they're tough to do correctly. License agreements are long and packed with technical and legal jargon, for example, and many users don't care about app permissions.
What can businesses take away from this data? Identity is key, Klecsynski said. Password managers and single sign-on services are critical to protect the credentials that grant access to data. Security software and patching are the next most important factors to protecting people in the enterprise.
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
AI in Cybersecurity: Using artificial intelligence to mitigate emerging security risks
Get the Gartner Report: SOC Model Guide
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report