Gemalto, the world leader in digital security, on Tuesday released the findings of its 2016 Data Breaches and Customer Loyalty report, revealing that Saudi consumers place responsibility for protecting their personal data firmly at the hands of the organizations holding their data – and not themselves. According to the survey, 63.26% of Saudi consumers claim that the responsibility for protecting and securing customer data lies with companies and only 36.74% of the responsibility with themselves. Yet, 37% believe companies are taking protection of their personal data very seriously. This comes as consumers are becoming increasingly fearful of their data being stolen, with 72% believing it will happen to them in the future. Globally, more than 4.8 billion data records have been exposed since 2013 with identity theft being the leading type of data breach accounting for 64% of all data breaches. According to Gemalto's H1 2016 Breach Level Index, data breaches in the Middle East have increased by 50 percent in the first six months of 2016 compared to the last six months of 2015. Additionally, 10,537,437 data records were compromised compared to 66,050 records previously, across the region. Clearly, hackers continue to go after unprotected, sensitive personal data enabling them to steal identities, resulting in long-term implications for consumer confidence in digital services and the companies that provide them. Despite becoming more aware of the threats posed to them online, 8% of Saudi consumers believe there are no apps or websites out there that pose the greatest risk to them and consumers are not changing behavior as a result: 78% of Saudis use social media, despite 65% believing these networks pose a great risk. 87% of Saudis use online or mobile banking, with 34% believing they expose them to the greatest risk in the protection and security of personal information. Seventy two percent of Saudi consumers believe they will be a victim of a breach at some point, and organizations need to be prepared for the loss of business such incidents may cause. 39% are unlikely to do business with an organization, be it healthcare, a bank or a retailer, that experienced a breach where financial and sensitive information such a card details, account numbers or passwords were stolen. The study found that 65% of those who have been a victim of a breach attribute this to a fraudulent website. Clicking a bad link (48%) and phishing (30%) were the next highest methods consumers were caught by. In keeping with the theme of putting the blame at the organization's hands, 15% attributed the breach to a failure of the company's data security solutions. The lack of consumer confidence could be due to the lack of strong security measures being implemented by businesses. Within online banking, passwords are still the most common authentication methods. Solutions like two-factor authentication and data encryption trail behind. Similar results can be seen in both the retail space, with only 26% of Saudi consumers using online retail accounts claiming two-factor authentication is used on all their apps and websites, and in social media. Only 24% admitted to having a complete understanding of what data encryption is and does. "Consumers have clearly made the decision that they are prepared to take risks when it comes to their security, but should anything go wrong they put the blame with the business," said Ahmad Abdallah, Regional Sales Manager, KSA, Gemalto. "The modern-day consumer is all about convenience and they expect businesses to provide this, while also keeping their data safe. With the impending threats of consumers taking legal action against companies, an education process is clearly needed to show consumers the steps they are taking to protect their data. Implementing and educating about advanced protocols like two-factor authentication and encryption solutions, should show consumers that the protection of their personal data is being taken very seriously," Abdallah noted.
