Security Experts:

Connect with us

Hi, what are you looking for?



Data Breach Fears Don’t Stop Online Shopping, But Concerns Remain: Survey

A new survey shows that while data breach fears have not stopped many consumers from shopping online, widespread concern over authentication and mobile applications persists. 

A new survey shows that while data breach fears have not stopped many consumers from shopping online, widespread concern over authentication and mobile applications persists. 

The survey, which was performed by the Ponemon Institute and sponsored by EMC’s RSA security division, culled responses from more than 1,000 consumers in the U.S. While 48 percent of those surveyed said they shop online weekly, authentication and the security of mobile applications make their list of security concerns.

Sixty-two percent expressed a lack of trust in websites that only require a username and password at login. While 71 percent of respondents say they are most concerned about losing their password in a data breach, nearly a third admitted to only having one to two passwords for all their online accounts. Sixty-nine percent admit to using the same password for more than one device or site, and only 54 percent say that they regularly change their passwords.

“The implications are telling in that consumers are lacking trust when it comes to businesses which only use a username and password as a form of authentication,” said Rueben Rodriguez, principal product marketing manager for RSA Identity Protection and Verification, at RSA. “Consumers have stated with their responses that 62 percent do not trust systems or websites that only rely on passwords to identify and authenticate users or customers. This is applicable regardless of the type of business given the type of activity being conducted by a consumer, for example a retailer or financial services company.”

“Granted,” he continued, “various activities obviously garner more concern from a security expectation, but it has to be more than the standard username and password methods in order to gain consumers’ trust. I think retailers should take a play from the financial services industry’s authentication playbook and look at what has worked and what hasn’t and in some cases potentially leapfrog the methods currently in place.”

Businesses utilizing mobile applications should ensure they focus on privacy and security as well. Seventy-seven percent of those surveyed said they don’t trust the security of mobile apps, and only 35 percent said they always read the application’s permissions before downloading. Forty-five percent of respondents said they had experienced one or more malware infections on their mobile device or PC in the last year.

“Based on the findings we conclude that consumers perceive a loss of control over their personal information because of data breaches, the lack of trust in the security of the mobile apps they continue to use and increased government surveillance,” according to the report. “However, they still believe the privacy and security of their personal information is important.”

Nearly half of those surveyed had fallen victim to at least one data breach, and 45 percent said they are not confident they know all instances when their personal data may have been leaked. Seventy-seven percent of respondents said that prompt notification about the loss or theft of personal data is either very important (56 percent) or important (21 percent) to them.

“As the capabilities and convenience of the Internet continue to grow, so does consumer security concerns,” said Brian Fitzgerald, vice president of marketing at RSA, in a statement.  “The results of the Ponemon Study show that while these concerns are top of mind, behaviors and attitudes of consumers are not changing.  It is incumbent upon the industry, to deliver on promises of strong and convenient security methods to help customers take advantage of the Internet while significantly limiting the risk of threats – both simple and sophisticated.”

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.