Centrify Consumer Trust Survey: The Corporate Cost of Compromised Credentials

We recently conducted a survey to find out what happens to consumer trust when a business is breached. The study examined consumer attitudes toward corporate hacking, and surveyed 2,400 people across the U.S., U.K. and Germany. To our surprise, more than half (66 percent) of U.S. respondents said they are likely to stop doing business with a hacked organization, and fewer than half of Americans are very satisfied with how corporations handle cyberbreaches.

Centrify Consumer Trust - Consumers-Penalize-LI

Our data shows that when companies put customer data at risk, they are putting the entire business at risk.

Centrify Consumer Trust Consumers-Blame-LIWe found most consumers believe the burden of responsibility for hacks rests almost entirely on the businesses — in fact, when ranked on a 10-point scale, consumers rate corporations as a “nine” in terms of how responsible they should be for preventing hacks and securing the personal information of their customers.

Moreover, most adults perceive hacking as inevitable as about three-quarters say it is probably or definitely normal and expected for enterprises to be breached. However, they still hold businesses responsible. In fact, the study found 21 percent of U.S. consumers say they are very likely to stop transacting with a business that has been infiltrated.

So what can businesses do?

They can do a number of things:

  1. Be honest with their customers and not engage in cover-ups or the misdeed of trying to sweep the incident under the rug. And, the good news is, it appears that organizations are increasingly going public with the news and notifying their customers directly. The study found that about half of consumers in the U.S. one-third in the U.K. and one-quarter in Germany were notified of a hack after it occurred.
  2. Ask customers to follow a number of precautionary steps, such as monitoring accounts and changing passwords.
  3. Require multi-factor authentication (MFA). MFA adds a layer of security that allows companies to protect against the leading cause of a data breach – compromised credentials. MFA uses a combination of something you know (username, password, PIN or security questions), something you have (smartphone, one-time passcode or Smart Card) and something you are (biometrics).
  4. Implement single sign-on (SSO) so users can access cloud, mobile and on-premises apps from any device securely. SSO improves security by eliminating the use of easy-to-remember, reused and improperly stored passwords.
  5. Apply privileged account security and session monitoring to securely manage and audit access by internal users, outsourced IT and third-party vendors. This way, enterprises can prove access to privileged account credentials is controlled and checked to satisfy regulatory compliance.

To view the full results of Centrify’s Consumer Trust survey, please visit here.