ISACA Survey: Most Indian consumers aware of major data breaches but fewer than half have changed key behaviors
Results also reveal struggles with privacy and security as use of connected devices and wearables grows
Pune (Nov. 13, 2014): In a world where the growing use of connected devices such as smart watches and connected cars is occurring at the same time that massive data breaches are making headlines, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.
The 2014 ISACA IT Risk/Reward Barometer shows that the vast majority of Indian consumers (88%) have read or heard about major retailer data breaches in the past year, but fewer than half (45%) say retailer data breaches have increased their concerns about their personal data privacy during the same period. The majority (46%) characterize the way they manage data privacy on connected devices they own as Take-Charge rather than Reactive (39%) or Passive (15%).
Yet despite knowing about retailer data breaches and claiming they are taking charge of their privacy, fewer than half (47%) have changed an online password or PIN code, one-third started using cash more often when shopping, rather than credit cards, and 29% shopped less frequently at one or more of the retailers that experienced a data breach.
According to ISACA International Vice President Vittal Raj, CISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, “Indian consumers say they are protecting their personal devices, yet their behavior says otherwise. One of the biggest takeaways from this year’s study is the significant gap between people’s concerns about protecting their data privacy and security versus the actions they take.”
Adds ISACA’s International President Robert Stroud, CGEIT, CRISC, “Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks.”
In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software, and verify that online transactions are secure by looking for a padlock icon displayed in the browser.
ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, including nearly 100 in India, and a survey of more than 4,000 consumers in four countries, including 1,007 in India.
The potential risk caused by this gap between knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. By next year 44% of Indian consumers wish to get a smart TV and 41% hope to get a smart watch.
Among the top concerns Indian consumers have about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (25%), not knowing how the information collected by the devices will be used (20%), and companies or organizations being able to track an individual’s actions or whereabouts (16%).
Wearables at Work
Despite these privacy and security concerns, wearables are making their way into the workplace:
· 88% of employed Indians would consider using one or more connected wearable devices in their current workplace, according to the consumer survey.
· In fact, half (50%) of employed Indians would consider wearing smart watches in their current workplace.
· However, 36% of ISACA members in India believe the risk of using smart watches in enterprises outweighs the benefits.
IT Departments Still Not Ready for the Internet of Things
The 110-country survey of ISACA members shows that few IT departments or workplaces in general are ready for the invasion of wearables. A third (31%) of Indian members say their organizations have plans in place to leverage the Internet of Things, but the majority is not ready for wearable tech. Close to half (43%) say their BYOD policy does not address wearable tech and another 31% do not even have a BYOD policy.
A majority of ISACA members in India (41%) believe that the benefits of the Internet of Things outweighs the risk for individuals, while 33% say the benefits and the risks are appropriately balanced. However, 72% describe themselves as very concerned about the decreasing level of personal privacy.
“The Internet of Things (IOT) and the proliferated use of it should emerge as a strategic initiative instead of a tactical plan,” said Sunder Krishnan CISA, chairman of ISACA’s India Growth Task Force and past president of the ISACA Mumbai Chapter. “Companies should take an ‘embrace and educate’ approach to these devices by creating clear policies and educating employees on appropriate use that can result in increased productivity—a benefit to the enterprise.”
ISACA recently established the Cybersecurity Nexus (CSX) as a resource that enterprises and security professionals can turn to for security advice. Additional information is at www.isaca.org/cyber.