ISACA Survey: Most Consumers in Australia Aware of Major Data Breaches, But Fewer Than Half Have Changed Key Shopping Behaviours

Sydney, Australia (13 November 2014)—In a world where the growing use of connected devices, such as smart watches and connected cars, is occurring at the same time that massive data breaches are making headlines around the world, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.

The 2014 ISACA IT Risk/Reward Barometer shows that the majority of consumers in Australia (84%) have read or heard about major retailer data breaches in the past year. More than half (57%) characterise the way they manage data privacy on connected devices they own as “take charge” rather than reactive or passive (30% and 13% respectively). Yet despite knowing about retailer data breaches, fewer than half have changed an online password or PIN code (45%), made fewer online purchases using mobile devices (15%), or shopped less frequently at one or more of the retailers that experienced a data breach (10%).  Interestingly, Baby Boomers (65+) were more likely to change their passwords (46%) than Millennials (18-24 years old) (39%).

“One of the most dramatic conclusions from this year’s study is the gap between people’s concerns about protecting their data privacy and security versus the actions they take,” said Robert Stroud, international president of ISACA and vice president of strategy and innovation at CA Technologies. “Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimise the impact of data breaches or hacks.”

According to ISACA International Vice President and Vital Interacts Practice Lead, Governance Advisory, Garry Barnes, who is based in Sydney, “Across Australia, the results suggest that Millennials, having grown up with technology may be more trusting and accepting or have an ‘it won’t happen to me’ approach, whereas Baby Boomers are still skeptical and perhaps more vigilant and responsible regarding their personal online security.”

In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, and a survey of more than 4,000 consumers in four countries.

The potential risk caused by this gap between individuals’ knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. More than one-third of Australian consumers now own or regularly use smart TVs (42%) or connected cars (45%), for example. With nearly two-thirds (64%) of people adding connected devices to their wish lists for this year, it is expected to continue growing.

Among the top consumer concerns about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (28%) and not knowing how the information collected by the devices will be used (26%).

Wearables at Work

Despite these privacy and security concerns, wearables are making their way into the workplace:

·         Three quarters of men (75%) would consider using a wearable device at their current workplace compared with two-thirds (66%) women, according to the consumer survey.

·         Almost half (45%) would consider using an employee access card and one-third (30%) a wireless fitness tracker, but very few would consider wearing smart glasses, such as Google Glass, in their current workplace (12%).

·         And, more than half of ISACA members in Australia/New Zealand (ANZ) believe (58%) having a wearable in the workplace is risky. But there are also many opportunities—35% believe the benefit of the Internet of Things outweighs the risk for enterprises.

IT Departments Still Not Ready for the Internet of Things

The 110-country survey of ISACA members, who are business and IT professionals, shows that few IT departments or workplaces in general are ready for the invasion of wearables. More than one-third (37%) of ANZ members say their organisation has plans now or expects to create plans in the next 12 months to leverage the Internet of Things, but the majority is not ready for wearable tech. More than half (56%) say their BYOD policy does not address wearable tech and another 35% do not even have a BYOD policy.

ISACA members are evenly divided as to whether the benefit of the Internet of Things outweighs the risk for enterprises (35%) or the risk outweighs the benefit (33%), and only 35 per cent describe themselves as very concerned, though 51% are somewhat concerned, about the decreasing level of personal privacy.

“The Internet of Things is here, and we are likely to see a surge in wearable devices in the workplace,” said Barnes. “These devices can deliver great value, but they can also bring great risk. Companies should take an ‘embrace and educate’ approach.”

ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice. Additional information is at www.isaca.org/cyber.

For a full survey report, including related infographics, video and global results, visit www.isaca.org/2014-risk-reward-barometer.

About the 2014 IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of more than 115,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviours about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2014 online polling of 1,646 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,209 consumers in the US, 1,001 consumers in the UK, 1,007 consumers in India and 1,007 consumers in Australia. The US survey ran 8-11 September 2014, and the UK, India and Australia surveys ran 8-17 September 2014. At a 95 per cent confidence level, the margin of error for each individual country sample is: US:  +/- 2.8 per cent and UK/India/Australia: +/- 3.1%. To see the full results, visit www.isaca.org/2014-risk-reward-barometer.

About ISACA

With more than 115,000 constituents in 180 countries, ISACA^® (www.isaca.org) helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus^™, a comprehensive set of resources for cybersecurity professionals, and COBIT^®, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor^® (CISA^®), Certified Information Security Manager^® (CISM^®), Certified in the Governance of Enterprise IT^® (CGEIT^®) and Certified in Risk and Information Systems Control^™ (CRISC^™) credentials. The association has more than 200 chapters worldwide.

Participate in the ISACA Knowledge Center:www.isaca.org/knowledge-center

Follow ISACA on Twitter:  https://twitter.com/ISACANews

Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial   

Like ISACA on Facebook: www.facebook.com/ISACAHQ