Press releases

Cyber attacks leave a fifth of consumers out of pocket

23 November 2015

  • Data protection is number one concern for UK consumers
  • New survey suggests consumers are becoming distrustful about corporate motives and practices around the collection and use of personal data
  • Three-quarters would reconsider using a company if it failed to keep their details safe

One in five UK consumers (21%) have had personal details stolen and their bank accounts used to buy goods and services as a result of a cyber security breach, according to new research from Deloitte, the business advisory firm. The survey of 1,500 consumers is included in the latest Deloitte Consumer Review, Consumer data under attack: the growing threat of cyber crime.

In the report, which focuses on cyber security in the consumer sector, 41% of respondents said they often feel they are being targeted by cyber criminals. Two-fifths (39%) had personal data stolen or deleted after having computers affected by a virus or malware, up from 26% in 2013.

The research also shows that overall consumer awareness of data collection and storage by businesses has risen to 87% this year, up from 82% in 2013. However, more than half (53%) do not know the detail of the personal data that has been collected by organisations, up from 37% in 2013. Similarly, just 23% of respondents are confident that companies are transparent when it comes to using personal data, down from 29% a year ago.

Three-quarters of respondents (73%) would reconsider using a company if it failed to keep their data safe. This was a far greater concern to consumers than a company charging a higher price than the competition for an equivalent level of service (51%), exploiting workers overseas (40%) and damaging the environment (35%).

Simon Borwick, director in the cyber risk services team at Deloitte, comments: “The volume and value of data available online means that consumers are now more exposed than ever before.

“The rapid rise in e-commerce, both at a B2C and B2B level, has increased the amount of transactional data at risk of abuse. Consumer-facing businesses, particularly those that hold a lot of data, are particularly attractive targets for cyber criminals and fraudsters looking to profit from stealing personal information.

“Many organisations are struggling to prepare themselves to deal with the wide range of different cyber attacks. Cyber security has moved beyond simply being an IT issue; it is now a business-wide risk which requires immediate attention at the highest level.”

Consumers take control

Over two-thirds (72%) think it is the responsibility of companies to provide them with the tools they need to protect their privacy, security and identity.

Since 2013, there has been a significant increase in the number of consumers taking action following a security breach. The majority of respondents would conduct a security review after a cyber attack (76%, up from 52% in 2013), or reduce their online activity altogether (56%, up from 34% in 2013).

Borwick adds: “Organisations need to understand where their critical cyber assets are, as well as the impact of different assets being attacked. Line-of-business leaders must be central to developing this knowledge, which can be used to quickly identify where to focus investment in improving security, which can include patching weaknesses in their applications, encrypting sensitive data or tightening access control.”

Ben Perkins, head of consumer business research at Deloitte, said: “Consumers have been very clear in their message to businesses and third party organisations: data security is paramount.

“At the same time, consumers now have greater awareness of cyber crime and internet fraud and are, perhaps understandably, more distrustful of companies looking after their data. This leads to consumers not sharing as much information as they could when spending online.

“As we enter the height of the online retail season, with Black Friday and Cyber Monday set to break more records, consumers must remain vigilant and technologically-savvy when it comes to protecting their personal information online.”

Regulation on the horizon

The report also presents on the implications of proposed European Commission regulations around data protection and privacy. The General Data Protection Regulation, which could come into effect in 2017, will aim to give more control to consumers in protecting their data. How consumers act on that new empowerment will crucially depend on the extent to which they trust the businesses they buy from.

Borwick concludes: “New European laws around data protection will aim to give more control to consumers over their own data. There is a clear window of opportunity for businesses to get ahead of the new regulations by implementing robust security measures. Not only will this help improve transparency, but it will also go a long way towards maintaining consumers’ trust and loyalty.”


Notes to editors

About the research
The research featured in this report is based on several consumer surveys carried out by independent market research agencies on behalf of Deloitte. The 2015 data is based on a survey that was conducted online with a nationally representative sample of 1,467 GB adults aged 18 to 64. The fieldwork was undertaken between 11th and 14th September 2015.

About Deloitte
In this press release references to Deloitte are references to Deloitte LLP, which is among the country's leading professional services firms.

Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms.

The information contained in this press release is correct at the time of going to press.

Member of Deloitte Touche Tohmatsu Limited.

George Parrett
Deloitte LLP
+44 020 7007 7285

Did you find this useful?