Eighty-eight percent Indian consumers have read or heard about major retailer data breaches in the past year but fewer than half (45%) admit that data breaches by retailers have increased their concerns about their personal data privacy during the same period. Majority (46%) of those surveyed characterise the way they manage data privacy on connected devices they own such as Take-Charge rather than Reactive (39%) or Passive (15%). These are the findings of the 2014 Information Systems Audit and Control Association (ISACA) IT risk/reward barometer.
Further, despite knowing about retailer data breaches and claiming they are taking charge of their privacy fewer than half (47%) have changed an online password or PIN code. One-third started using cash more frequently over credit cards while shopping, and 29 percent shopped less frequently at one or more of the retailers that experienced a data breach.
“One of the biggest takeaways from this year's study is the significant gap between people's concerns about protecting their data privacy and security versus the actions they take,” said ISACA international vice-president Vittal Raj.
“Consumers must protect their personal information by creating a strong password unique to each account, protect their devices with current security software and verify that online transactions are secured by looking for a padlock icon displayed in the browser especially for online shopping,” the report mentioned.
The study is based on September 2014 online polling of 1,646 ISACA members - IT, business professionals and consumers from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,209 consumers in the United States, 1,001 consumers in the UK, 1,007 consumers in India and 1,007 consumers in Australia.
The survey also showed that consumers have conflicted attitudes about the benefits of connected devices such as smart watches and connected cars and massive related breaches.Increasing use of wearable’s and other connected devices in everyday life has amplified the potential risk due to gap between knowledge and action.
The findings examine attitudes and behaviours related to the risks and rewards of key technology trends, including the 'Internet of Things', Big Data and BYOD (Bring Your Own Device). Among the top concerns, Indian consumers have about the 'Internet of Things' are someone hacking into the device and doing something malicious (25%), not knowing how the information collected by the devices would be used (20%), and companies or organisations being able to track an individual’s actions or whereabouts (16%).
“A majority of companies in India (41%) believe that the benefits of the 'Internet of Things' outweighs the risk for individuals and 33% say the benefits and the risks are appropriately balanced. However, 72% describe themselves as concerned about the decreasing level of personal privacy,” the report said.
The survey shows that few IT departments or workplaces in general are ready for the invasion of wearables. A third (31%) of Indian members said their organisations have plans in place to leverage the 'Internet of Things' but the majority is not ready for wearable tech. Close to half (43%) said their BYOD policy does not address wearable tech and another 31% do not even have a BYOD policy.
“The 'Internet of Things' and the proliferated use of it should emerge as a strategic initiative instead of a tactical plan. Companies should take an ‘embrace and educate’ approach to these devices by creating clear policies and educating employees on appropriate use that can result in increased productivity — a benefit to the enterprise,” said Sunder Krishnan, CISA, chairman of ISACA’s India growth task force and past president of the ISACA Mumbai chapter.
