The consumer data theft landscape

Man using phone

We are living through an age of big data. It’s everywhere. Almost everything we do, everywhere we go and every conversation generates some form of data. It’s becoming extremely valuable and, in some cases, companies value data almost as much as money.

Unfortunately, that inevitably means that people will want to steal it, which is why data theft is one of the fastest growing crimes in the world.

The Big Data Revolution

Data has become an integral part of life, from the photos we put on social media to the passwords that protect our online banking. A recent study found that 90% of all data ever, was created within the three years leading up to 2018, but that may be the tip of the iceberg. The next ten years could see the total amount of data increase ten-fold.

This data can be extremely beneficial. As individuals, it gives us more tailored adverts and helps us find services which are personalised for our own needs.

For example, by using data intelligently, Netflix can suggest other films and TV shows we might like to watch. Doctors can access our medical records to help them deliver more effective treatments, and we can access all sorts of online services much more quickly.

Data is also increasingly valuable for businesses. It helps them understand customers more fully. It offers insights as to where their business might improve, how they can encourage people to come back and buy more and to spend more money with each purchase.

Even if we don’t recognise it, we already use our own personal data as currency. We do not pay for Facebook or a host of other online services because all they want is our personal data which they can use to monitor trends and, in some cases, sell off to third parties.

The Rise of Data Theft

Unfortunately, whenever anything has a value someone will try to steal it. Data theft has mushroomed. The number of data breaches reported to the Information Commissioner’s Office grew by almost 20% during the final third of 2017.

It could be argued that the increase is as much down to increased awareness as a growth in the number of attacks. Even so, you don’t have to look far until you come across a major incident of information theft.

The economic impact of cybercrime and data theft is enormous. In 2017, estimates suggest the global cost could be as high as £456bn. Damage comes not just from the financial loss, but also the reputational damage to companies and individuals who lose data.

In the UK alone, the annual cost of data breaches in 2018 is projected to reach£113 per capita with the average total loss of a data breach reaching a lofty £2.8m.

Each of us probably has sensitive personal data stored across many third parties. It might be held by our bank, stores we have made purchases through, social networks, dating agencies or any other online service we’re a member of.

We are not in control of that information and are dependent on the third party maintaining the highest security protocols. The problem is that even organisations which should be used to storing extremely sensitive and valuable personal data are not immune to attacks.

The Most Likely Targets

Almost everyone can be a target, but criminals tend to go where the big money is. This often means banks and other financial institutions as they handle vast sums of money and also millions of personal financial details.

As digital technology grows, we are finding more and more ways to interact with companies which gives criminals more opportunities for attack. Indeed, any point where you hand over money or personal details represents an opportunity for scammers.

The number of attacks against individuals also continues to grow. Again, the most vulnerable targets will be those who take fewer precautions to keep their personal data safe. Try to avoid common behaviours which can put you at greater risk, such as clicking on links sent by someone you do not know or making transactions via websites you do not trust.

Public networks also present a serious risk. If you’re connected to a publicly available Wi-Fi spot, you should remember that the connection will not be secure. Your computer or mobile device will normally remind you of this when you log on as any information you send can be easily intercepted.

What’s Being Done to Stop Data Theft?

The authorities have been slow to acknowledge the rising influence of data theft, but that is beginning to change. Europe’s General Data Protection Regulation (GDPR), which came into force in May 2018, represents one of the biggest changes ever to data protection regulations.

The new rules increase the demands on companies to improve their data security and give us all a much greater say about what information third parties can store about us, how they get our permission and how it can be used. Under the rules, companies must obtain active consent for all the different ways in which they intend to use our data.

We can also demand to know what information a company holds about us, how it is being used and to have it removed. If a data breach does occur, the company must inform the authorities within 72 hours of becoming aware of the breach. It’s a set of rules which has caused plenty of stress for companies of all kinds, but it does make the entire process much more transparent for end users.

The regulations increase the penalties which can be imposed for those companies which fail to comply with the rules. Major breaches could attract fines of up to €20m or 4% of global turnover (whichever is higher). Regulators around the world are also introducing measures which make it easier for them to act against those companies which fail to keep data safe or use it inappropriately.

Fighting Back Against Fraud

Companies are also working hard to build their defences. A study from Gartner found that spending on cybersecurity will reach $96.3bn by the end of 2018, a 7% increase on 2017.

Attacks have evolved enormously over the years, but so too have countermeasures. While cybersecurity might once have been seen as a function of the IT team, it now plays a central role in future business strategies. CEOs are taking ownership of the process, hiring experts and developing comprehensive strategies which work across the entire company.

Every employee, from the most junior office assistant to senior executives, receives comprehensive training in data security and how to counter any such threats. Redundancy measures are being put in place to ensure the company can act in case data is lost.

This is good to know from a consumer perspective as these are the companies holding our data which, if breached, could lead to everything from financial difficulties to identity theft.

Reducing Human Error

Technology has an extremely important role to play. Advances such as artificial intelligence and automation improve the threat detection capabilities of businesses. They can see if a system is coming under attack and act accordingly.

However, it is the human factor which remains important. A study by IBM found that more than 90% of security incidents they investigated were down to human error. If you accidentally click on a malicious link, it could mean your details falling into the wrong hands; if someone at a large company does the same, it’s likely thousands of people’s data will be made available to cybercriminals.

This is why awareness is key. The authorities are publishing lots of guides to help people understand the threats which may be coming their way and what they can do to stop them.

Keeping Your Data Safe

To ensure that your data is secure it’s important to keep yourself educated about the threats that exist, maintain a high level of awareness of your accounts (bank balance, credit score, passwords etc.) and be especially careful about what details you’re giving out.

Make sure all software is updated regularly to keep your own cyber-defences intact and be careful about where, when and how you transfer data.

Take a little bit more time to increase your vigilance during everyday online activity – stop and think…

Is it a good idea to share your location on social media?
It’s a great deal but does this site look legitimate?
The email looks like it’s from my bank but it’s asking for personal information, should I trust it?

Those extra few minutes making sure that you’re not being scammed is worthwhile when compared to the time and money you can lose to careless online interactions.