Majority of UK businesses interviewed admit to selling customer data to other organisations/business partners. Less than half of UK consumers are willing to provide organisations with their personal data in exchange for free or less expensive services

CA Technologies (NASDAQ:CA) today revealed the results of an extensive global study of consumers, cybersecurity professionals and business executives about their views on digital trust.

Conducted by analyst firm Frost & Sullivan and sponsored by CA Technologies, the inaugural report, titled “Global State of Digital Trust Survey and Index 2018”, reveals that UK consumers have only a marginal degree of trust in organisations to protect their digital data. That level of trust is among the lowest of any country in Europe—indeed the world. Moreover, a perception gap exists between UK consumers and business: UK organisations believe consumer trust is significantly higher than the reality.

“This new study reveals a marked gap in perception on trust, as it relates to UK consumers’ expectations and the way organisations collect, store and use their digital information,” says Stephen Walsh, Sr Director, Security, CA Technologies. “Consumers are increasingly transacting online, providing businesses with access to vast amounts of data, and organisations are consequently processing and storing a growing amount of personally identifiable user data. If businesses don’t do their due diligence to protect consumer data from getting into the wrong hands, trust can be fleeting, which can negatively impact the bottom line.”

 The Digital Trust Index

Frost & Sullivan calculates the Digital Trust Index based on a number of different metrics that measure key factors around the concept of digital trust, including how willing consumers are to share personal data with organisations, how well they think organisations protect that data and the extent to which consumers believe companies sell their personal data to other companies. The result is a sliding scale where a 1 represents “no trust” and 100 is “total trust.”

UK responses to the survey reveal that the Digital Trust Index for 2018 is 56 points out of 100 in the UK, lower than in France (58) and Italy (57), but above Germany (54). It is also markedly lower than the 61 Index global average score. These scores indicate only marginal faith by UK consumers in the ability or desire of organisations to fully protect user data.

By contrast, UK cybersecurity professionals and business executives score an average of 73 on the Digital Trust Index – a perception gap of 17 points – signifying mismatched perceptions among these audiences in a measurement of perceived consumer trust versus actual consumer trust.

 Key highlights from the study

The study reveals other interesting attitudes and perceptions among UK consumers and organisations with regards to digital data protection.

• Less than half of UK consumers (46 percent) are willing to provide organisations with their personal data in exchange for free or less expensive services.
• The majority of UK organisations (56 percent) admit to using consumer data internally, including personally identifiable information (PII). And 47 percent of UK business executives admit their organisation sells consumer data (including PII) to other organisations/business partners. However, only 33 percent of UK cybersecurity professionals stated they knew that their company was selling this data.
• An overwhelming majority (83 percent) of UK consumers prefer security over convenience during the transaction authentication process. However, UK organisations see it differently: only 60 percent of cybersecurity professionals and 59 percent of business executives place security ahead of convenience.
• The vast majority (88 percent) of UK business executives claim that they are “excellent/very good” at protecting consumer data, showing a high level of self-confidence, despite the fact that the majority (56 percent) of UK business executives admitted that their organisation had been involved in a publicly disclosed consumer data breach. Moreover, 44 percent claim that data breach occurred within the last year.
• Some 29 percent of UK consumers report that they currently use the services of organisations that were involved in a publicly disclosed data breach. Of these, 32 percent have stopped using the services of an organisation because of a breach.
• More transparency on data protection policies is required: 64 percent of UK consumers and 89 percent of UK organisations agree that providing consumers with easy to understand information about data protection policies increases consumer trust. However, only one third (32 percent) of UK consumers claim to receive this information, although 85 percent of organisations claim they provide it.

Amidst a continuous stream of headlines about major data breaches in enterprise and government agencies, the degree to which UK consumers have placed their trust in organisations to protect their PII online has never been more relevant.

The study results point to a significant gap between how UK organisations view their responsibilities on data stewardship and consumer expectations around how organisations protect consumer data. In the application economy where data is king, organisations must prioritise data privacy and security or risk serious ramifications. Organisations can mitigate these risks by taking a proactive stance on security, such as narrowing their policies for sharing user data, reducing privileged user access, implementing continuous user authentication technologies, and adopting better cybersecurity and privacy controls to stop hackers.

“We are at a crossroads in the information age as more companies are being pulled into the spotlight for failing to protect the data they hold. With this research, we sought to understand how consumers feel about putting data in organisations’ hands and how those organisations view their duty of care to protect that data,” says Jarad Carleton, industry principal, Cybersecurity at Frost & Sullivan. “What the survey found is that there is certainly a price to pay – whether you’re a consumer or you run a business that handles consumer data – when it comes to maintaining data privacy. Respect for consumer privacy must become an ethical pillar for any business that collects user data.”

“To build more trusted consumer relationships, businesses need to work harder at protecting data against abuse from external and internal sources,” Stephen Walsh comments. “They need to understand that success in the digital economy requires a security-first mindset – a key tenet in our Modern Software Factory model. A loss of digital trust has implications on all aspects of a business and brand perception.”

For full survey methodology details, see the report “Global State of Digital Trust Survey and Index 2018.” 

Survey Methodology

The global online survey of 990 consumers, 336 security professionals and 324 business executives across 10 countries was sponsored by CA Technologies and conducted by Frost & Sullivan in March and April 2018. It included 598 respondents in Europe, from the U.K., France, Germany, and Italy. The survey’s respondents assume senior business and IT positions at public and private enterprises across nine industry sectors.