A majority of Americans (44 percent) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63 percent) are concerned that prior breaches could lead to future identity fraud, and a significant number (37 percent) believe they have already been a victim of fraud.
The Identity Protection & Data Breach Survey by 4iQ provides insights into the prevalence of citizen PII loss, and uncovers perceptions around the effectiveness of those guarding data. While 75 percent of respondents perceived their employers to be “effective” or “very effective” at protecting PII, only 42 percent felt the same way about the government’s effectiveness.
Similarly, in terms of actions taken in the wake of a breach resulting in PII loss, respondents also anticipated higher levels of response from employers than government. More than 83 percent said they would expect security upgrades and proactive communications from employers and 54 percent would specifically expect the offer of identity protection services. This numbers shrunk to 74 percent and 50 percent for government breaches.
“We have heard about the growing lack of trust in government institutions, and when it comes to protecting PII, there’s a very good reason for the lack of confidence – the public sector worldwide has experienced a large number of data breaches,” said Monica Pal, CEO of 4iQ. “4iQ saw a 291 percent increase in government sector breaches circulating in the underground in 2018. So far in 2019, we’ve validated over 700 government site breaches around the world, not including public records such as voter databases. This information, along with data breached from companies is being weaponized for identity theft, account takeover, fraud and other cyber fueled crime. It is high time that governments and companies get serious about working together to protect citizens, employees and consumers, and fight cybercrime.”
The research also indicated that people may feel unprepared to contend with the threats presented by exposed personal information. When asked about their own effectiveness when it comes to protecting their PII, survey respondents actually rated themselves lower than their employers, with only 15 percent calling themselves “very effective,” versus 23 percent for their employers.
Everyday Americans may also feel significant pressure around avoiding mistakes with online security – 77 percent said that their employment status would be impacted by any mistakes they make with online security that compromised their employer’s systems, and 48 percent believed any errors they make could have a “high or very high impact” upon their employment.
“While cyber awareness campaigns and cybersecurity training are essential, it’s also important that we don’t simply pass the data protection buck to the end-user,” added Pal. “Citizens, consumers and employees can’t possibly be held responsible for all of the breaches of the past – government agencies and businesses must recognize that every employee is also a consumer and consumers are citizens and voters - who must be better protected from identity theft, account takeover, fraud and other cyber enabled crimes. In addition, consumers and companies must report these crimes and government agencies must do a better job of investigating, prosecuting and disrupting crimes.”