The majority of U.S. consumers (94 percent)have heard or read about major retailer data breaches in the past year, and three-quarters say retailer data breaches have increased their level of concern about personal data privacy, and 61 percent characterize their data management as “Take-Charge” instead of Reactive (26 percent) or Passive (11 percent), but despite these reservations, consumers are changing very little about their key shopping habits.

According to the 2014 ISACA IT Risk/Reward Barometer study, only 45 percent of consumers have changed an online password or PIN code; 15 percent made fewer online purchases on mobile devices; and 28 percent shopped less frequently at a retailer that had suffered a data breach.

The universality of connected devices makes securing all aspects of a consumer’s identity a challenging endeavor. More than 30 percent of consumers own or regularly use smart TVs, 27 percent use connected cars. More than 50 percent of consumers want connected devices for the coming year, including a large faction of Americans (68 percent) who would consider using connected wearable devices in the workplace, despite potential data and privacy concerns.

An issue facing IT organizations on this front includes creating BYOD policies for wearable devices, such as smart glasses or watches. More than 60 percent of ISACA survey respondents say their department’s BYOD policy does not address wearable technology.