- But a third admit they would still use an online store that’s been hacked
- Social media and dating sites are least trusted, but banks still seen as secure
Online shoppers want retailers to be transparent and honest if they have suffered a security breach, according to a new UK consumer survey commissioned by NTT Security, the global information security and risk management company. The research, ahead of one of the busiest online shopping periods in the lead up to Black Friday and Cyber Monday and Christmas, also reveals that customers want to know if a site has been hacked or personal data compromised.
Asked what they would like retailers to do to help build consumer trust when shopping online, 80% of survey respondents say they expect more transparency following a breach, as well as more secure payment systems on sites, and retailers insisting that customers use stronger passwords and to change them regularly.
However, in a year when a number of major retailers suffered high profile and embarrassing data breaches, potentially exposing customers’ confidential information, a third still admit they would carry on using an online store that suffered a breach, but would take the initiative to upgrade their security or if advised to by the retailer. Surprisingly, just 18% would stop using a site permanently.
Concerns about shopping online are evident, with the majority worried about the privacy of personal information (63%), a site being fake (63%) and the risk of being sent phishing emails that link to malware (60%). Shoppers also worry about the risk of identity theft, and paying online.
At the same time, people are becoming more aware of security best practices when they shop online. More than 40% of people believe that retailers should publish their privacy policies to allow customers to see how data is being handled and stored, while a third (32%) want stores to listen and respond to customer concerns on social media to help build consumer trust.
Stuart Reed, Director at NTT Security, comments: “The retail sector is among one of the most targeted industries for attacks and, with one of the busiest trading periods of the year now upon us, it makes sense that both consumers and retailers are diligent in terms of data security.
“While some shoppers are happy to continue using sites, even when they have been breached, they are also anxious for retailers to let customers know when they have been hacked. Consumers certainly seem to be growing in security awareness when online; more savvy, they are willing to take responsibility for their own security to some extent, but they are also more demanding of retailers and expect to see privacy and security polices displayed clearly on websites.”
Reed warns retailers: “Whilst seasonal trading might result in a spike of targeted attacks, it’s important to remember that in a connected, global economy, cyber threats are present 24 hours a day, every day of the year, so it’s crucial that online retailers get the basics right combined with a balanced and well communicated approach to cybersecurity at all times.”
Most people trust their bank/insurance company to keep their personal data safe online, while online dating sites and social media are least trusted – echoing findings from a 2015 NTT Security survey.
The Trust List (in order from most trusted to least trusted – source: NTT Security)
1. Bank/insurance company
2. Healthcare provider/NHS
3. HMRC/other government site
4. Online-only retailer (eg Amazon)
5. High street retailer with online presence
6. Utility company
7. Music, book, app, film site (eg iTunes, Netflix)
8. Travel site
9. Social media
10. Online dating site
The NTT Security online shopper survey was conducted by SurveyMonkey in November 2016 among 500+ UK respondents. Respondents were split evenly across different age groups and male/female.
Additional survey findings:
- Asked about the greatest threats to data privacy when online, identity theft leading to financial loss is the top choice (85%), followed by scam emails and phone calls (65%), links to fake sites (64%) and highly personal information being shared on social media sites (42%). Twenty per cent of people are still concerned about cyber bullying/shaming.
- When asked about online shopping habits in the lead up to Christmas, two-thirds (66%) mainly use a computer at home, while around a quarter (23%) uses a mobile device (smartphone/ tablet) at home. Just 1% uses a mobile device while on the go to shop online for Christmas.
Top tips to help retailers mitigate cyber risks:
- Understand your risk – conduct an annual risk insight to understand the current risk exposure and to keep the Board engaged with cyber risk.
- Secure configuration – keep hardware/software protections up to date. Stay on top of basic protection.
- Educate and train staff – so they know company policies and incident response processes.
- Incident response – establish, produce, test and communicate incident management plans.
- Monitoring – continuously monitor all systems to spot potential attacks and minimise risk.
Top tips for consumers shopping online
- Never hand out personal or financial details to those sending emails or who phone asking for them, even if they look or sound genuine – and don’t click on links in emails, always type in the web address.
- Avoid unknown websites – check websites are secure by looking for the https prefix to URLs.
- Check for the padlock symbol in the browser or use safe payment systems like PayPal.
- Use two-factor or multi-factor authentication – many banks and now shopping sites offer free security software as well as PIN code devices to build up multi-layered security
- Use different passwords for online accounts, make them hard to guess and don’t write them down!
NTT Security seamlessly delivers cyber resilience by enabling organisations to build high-performing and effective security, and risk management programs with controls that enable the increasingly connected world and digital economy to overcome constantly changing security challenges. Through the Full Security Life Cycle, we ensure that scarce resources are used effectively by providing the right mix of integrated consulting, managed, cloud, and hybrid services – delivered by local resources and leveraging our global capabilities. NTT Security is part of the NTT Group (Nippon Telegraph and Telephone Corporation), one of the largest information and communications technology (ICT) companies in the world.