Shiny new devices may be bringing joy, but who’s protecting consumer data?

US households are brimming with connected tech, entertainment, and smart home devices—22 per household on average, according to Deloitte’s Connectivity and Mobile Trends (CMT) survey.¹ It’s likely the holidays brought even more shiny new digital gadgets that are delivering more fun and functionality.² But more devices can also mean more concerns. Nearly a third (31%) of surveyed US consumers with 20 or more devices in their household said they feel overwhelmed by the devices and subscriptions they need to manage—more than twice the rate of those with fewer than 10 household devices (see figure). And the more devices a home has, the higher the odds of having one’s data breached or misused. Twenty-four percent of respondents with 20 or more devices in the home said they experienced two or more data breaches or security failures in the past year—more than three times the rate of the those with fewer than 10 devices. Respondents with 20 or more devices were also three times more likely to say their location data had been misused in the past year.

“Hacking and tracking” risks are on the minds of many consumers. Fifty percent of respondents are concerned that their devices are vulnerable to security breaches, and 41% worry that their devices give organizations or people the ability to spy on them or their household.³ Almost half (49%) of respondents with smart home devices worry that the technology could be hacked or controlled by others.⁴ These fears appear justified: 2021 was a record-setting year for breaches, and one-third of our CMT survey respondents revealed they fell victim to some form of hacking or scam in the previous year.⁵ What’s more, the problem may be more extreme in the United States than elsewhere: A global study found that 48% of US consumers surveyed have been affected by data breaches (where a company holding their data was hacked)—compared to 33% of consumers globally.⁶

Despite awareness of the elevated risks that come with having more gadgets, consumers aren’t shoring up their defenses very strongly. Out of 13 possible defensive actions we asked about in our survey, respondents with 20 or more devices have taken 2.6 actions on average in the past year (versus 1.7 actions taken by those with 10–19 devices and 1.3 actions taken by those with fewer than 10).⁷ The most popular steps that those with 20 or more devices have taken are: implementing two-step authentication for apps/services (41%), turning off location-based services on a device (38%), and turning off Bluetooth on a device (28%).

Consumers revealed a sense of futility and uncertainty. Seventy-five percent of respondents felt like they should be doing more but don’t feel empowered to act. The top three reasons they gave for not doing more are: feeling that companies will track them no matter what they do, feeling that hackers will hack them no matter what they do, and simply not knowing what to do.

The cost of doing too little can be high for both consumers and device and service providers. In 2021, reports filed by consumers with the FBI’s Internet Crime Complaint Center represented estimated losses of US$6.9 billion.⁸ When data breaches expose personal customer data, companies can face public relations costs, breach notification and protection costs, and regulatory fines.⁹ Other effects can reverberate for years, resulting in reputational damage and operational disruption.¹⁰ A recent global study found that one in three consumers surveyed have stopped doing business with a company that had a security breach.¹¹

Considerations for tech companies

Device makers, application developers, and service providers should explore ways to simplify and streamline security to protect their reputations and relationships. Tech providers may want to consider:

• Being transparent about how and why consumer data is used, how it is stored and secured, and how long it is kept. Providing this information ahead of the point of purchase and making it very easy to understand (and opt out of) may help consumers make more informed decisions and motivate them to take their own role in security more seriously.
• Helping consumers understand their options for protecting their data and making the steps as easy as possible to execute. Helping consumers understand the benefits and risks of various levels of data sharing—and providing periodic security reminders and advice—may provide opportunities to strengthen the customer relationship.
• Designing smart devices to have high levels of security from the start, not as an afterthought. This may be a differentiator, as three-quarters of consumers surveyed indicated they’d be willing to pay a premium for devices with extra layers of security.¹²

Tech providers that earn a reputation for helping consumers understand and improve data privacy and security may be able to gain a competitive edge.