Consumers wrongly attribute all data breaches to cybercriminals

Breaches in 2024 had less impact on consumers’ trust in brands compared to the previous year (a 6.5% decrease from 62% in 2023 to 58% in 2024), according to a recent Vercara report. Most consumers also remain unaware of the role they may play in cyber incidents.

Consumers don’t trust companies hit by data breaches

The research reveals that consumers are unaware of the impact of insider threats, and instead assume bad actors are to blame for most attacks.

It takes a lot to earn consumer trust, especially after a successful cyberattack. 66% of US consumers would not trust a company that falls victim to a data breach with their data and 44% of consumers attribute cyber incidents to a company’s lack of security measures. Interestingly, 54% extend a degree of leniency toward smaller brands grappling with cyberattacks, in contrast to their higher expectations for larger businesses.

“On the surface, an increase in consumer trust in brands seems positive, but this is perhaps the result of fatigue – or worse, apathy – as breaches continue to occur at a rapid rate,” said Carlos Morales, SVP and GM – DDoS and AppSec at Vercara. “We cannot underestimate the power their trust has on a brand’s bottom line, as the more data breaches a company suffers, the more likely they are to lose customers.”

Vercara found that 58% of consumers believe that brands that get hit with a data breach are not trustworthy, and 70% would stop shopping with a brand that suffered a security incident. Generation Z is the most likely to be unfazed by security incidents, whereas Baby Boomers are most likely to shift their shopping habits.

“While it’s not surprising that younger generations who grew up interacting with brands online are more comfortable with the associated risks, there is still work to be done building trust with consumers,” said Morales. “In addition to brands ensuring internal security measures are up to date, we must set consumers up for success through guardrails and education to protect sensitive data. Minimizing the risk of data breaches truly requires participation from both organizations and consumers.”

Consumers’ role in cyber defense

30% of consumers report having their data exposed after shopping online. Survey respondents believe that the top four causes of breaches are:

• Bad actors hacking into a company’s system – 36% (with 67% of Generation Z holding this belief)
• A company having extremely poor security measures – 33%
• Bad actors breaking into physical offices – 8%
• Insider threats – 5%

While insider threats ranked last on this list, in reality, human error is the cause of most sensitive data loss. Generation Z reported the greatest awareness of insider threats as a cause of data breaches of all age groups.

Additionally, 21% of consumers report that they use the same passwords across work and online shopping accounts and that 57% are comfortable using their work devices for personal shopping, doing so regularly, which opens companies to even more risk.

Heading into the holiday shopping season where there will be an increase in consumers sharing sensitive data online, it’s critical that organizations take a proactive approach to potential cybersecurity incidents, as only 1% of enterprises report the ability to respond extremely quickly to security incidents according to DigiCert’s State of Digital Trust Report.