Majority of Consumers Highly Critical of Ransom Payments

Cohesity, Inc. reveals that consumers surveyed WW are highly concerned about the information companies collect from them – especially when it`s used for AI.

Majority Of Consumers Highly Critical Of Ransom Payments

The overwhelming majority of respondents (73% in UK, 81% in USA and 82% in Australia) criticized companies for collecting too much of their personal or financial data¹. And Nine out of 10 consumers are concerned that AI will impact how companies keep customer data secure. Meeting customers’ growing expectations for better protection of their sensitive information is a business imperative, with consumers prepared to punish companies by switching providers for any loss of trust.

The survey of 6,000+ consumers WW polled assessments of the digital industry’s data practices. Alongside the criticism around companies’ hunger for data, the findings also spell out an unmet expectation for greater diligence from organizations to protect consumers’ personal information once obtained – as identified by 73% of respondents in UK, 86% in USA, and 87% in Australia¹.

Respondents aren’t just asking for a change – they are willing to change their preferred seller if they fall victim to a cyberattack and their data is compromised. A near consensus among users in all 3 countries (more than 90%) said they might stop doing business with a company if it were the victim of a cyberattack^2,3.

“Consumers clearly understand that companies have a lot of catching up to do in the area of data governance and security,” explains James Blake, global cyber security strategist, Cohesity. “The hunger for AI is causing some businesses to skip threat modeling and due diligence on how their data will be exposed. Companies looking to use AI in-house must invest in the security and hygiene of their data to maintain cyber resilience in order to satisfy these consumers that are willing to vote with their purchases. Those looking to leverage the AI capabilities of suppliers must adopt a strong and proactive approach to third-party risk. Consumer trust is quickly lost, and competitors are always just a click away, so ensuring AI strategies don’t introduce additional risk to customer data is crucial.“

Most common consumer fears surrounding unregulated AI data collection
Companies around the world expect miracles from AI, but large amounts of data must be collected for these AI models to learn from. Often, this need for data is prioritized over responsible data collection and handling.

Private users are, in turn, concerned with the lack of transparency from companies regarding their AI practices:

Nearly all consumers (87% in UK, 92% USA, and 93% in Australia) are concerned² that AI will make securing and managing their data much more challenging.
Most even go a step further to classify AI as a risk to data protection and security (64% in UK, 72% in USA, and 83% in Australia)¹.
Worsening these fears about AI’s implications for their data, consumers (70% in UK, 81% in USA, and 83% in Australia) are severely concerned with the unrestricted or unpoliced use of AI with their data, with the vast majority demanding greater transparency and regulation.
At a minimum, private users (74% in UK, 85% in USA, and 88% in Australia) want to be asked for permission before their personal or financial data is fed into AI models¹.

The expectation of greater transparency also applies to the common practice of sharing data with third-party providers:

The vast majority of respondents (79% in UK, 87% in USA, and 90% in Australia) want to know who their data is being shared with¹.
Most respondents (77% in UK, 85% in USA, and 90% in Australia) also call for companies to vet 3rd-party providers’ data security and management practices with access to customer data¹.

Sanctions in the event consumer data is compromised
This clear call for more control, transparency, and protection around their data is largely motivated by respondents’ negative experiences. Unsurprisingly, most respondents are highly critical of buying access back to their compromised data – essentially fueling cyber criminals’ business model with fresh capital.

Over half of those surveyed (46% in UK, 75% in USA, and 62% in Australia) had been personally impacted by a cyberattack.
More than half of those surveyed do not agree with the idea that companies should pay ransoms (56% in UK, 52% in USA, and 58% in Australia), condemning the common practice of companies buying their way out of ransomware attacks.

“Paying a ransom rarely results in the recovery of all data. It brings its own logistical challenges and potential criminal liability for paying sanctioned entities – not to mention rewarding criminals“, explains James Blake, global cyber security strategist. “It’s time for companies to really focus on aligning themselves with the best cyber resiliency vendors and end the cycle. This is where Cohesity can help.“

About the research
The research included in this release was conducted by Censuswide, with 6,002 respondents in UK, USA, and Australia (Nat Rep) between June 28, 2024 and July 5.2024. Censuswide abides by, and employs, members of the Market Research Society which is based on the ESOMAR principles.

¹Strongly agree and somewhat agree answers combined
²Highly likely, somewhat likely, and Maybe, it depends answers combined
³Highly and somewhat answers combined
⁴Somewhat disagree, strongly disagree and neither agree nor disagree answers combined