Article
3 minute read 23 January 2023

Shiny new devices may be bringing joy, but who’s protecting consumer data?

Device and app makers could have an opportunity to differentiate by helping consumers shore up data privacy and security.

Susanne Hupfer

Susanne Hupfer

United States

Michael Steinhart

Michael Steinhart

United States

US households are brimming with connected tech, entertainment, and smart home devices—22 per household on average, according to Deloitte’s Connectivity and Mobile Trends (CMT) survey.1 It’s likely the holidays brought even more shiny new digital gadgets that are delivering more fun and functionality.2 But more devices can also mean more concerns. Nearly a third (31%) of surveyed US consumers with 20 or more devices in their household said they feel overwhelmed by the devices and subscriptions they need to manage—more than twice the rate of those with fewer than 10 household devices (see figure). And the more devices a home has, the higher the odds of having one’s data breached or misused. Twenty-four percent of respondents with 20 or more devices in the home said they experienced two or more data breaches or security failures in the past year—more than three times the rate of the those with fewer than 10 devices. Respondents with 20 or more devices were also three times more likely to say their location data had been misused in the past year.

“Hacking and tracking” risks are on the minds of many consumers. Fifty percent of respondents are concerned that their devices are vulnerable to security breaches, and 41% worry that their devices give organizations or people the ability to spy on them or their household.3 Almost half (49%) of respondents with smart home devices worry that the technology could be hacked or controlled by others.4 These fears appear justified: 2021 was a record-setting year for breaches, and one-third of our CMT survey respondents revealed they fell victim to some form of hacking or scam in the previous year.5 What’s more, the problem may be more extreme in the United States than elsewhere: A global study found that 48% of US consumers surveyed have been affected by data breaches (where a company holding their data was hacked)—compared to 33% of consumers globally.6

Despite awareness of the elevated risks that come with having more gadgets, consumers aren’t shoring up their defenses very strongly. Out of 13 possible defensive actions we asked about in our survey, respondents with 20 or more devices have taken 2.6 actions on average in the past year (versus 1.7 actions taken by those with 10–19 devices and 1.3 actions taken by those with fewer than 10).7 The most popular steps that those with 20 or more devices have taken are: implementing two-step authentication for apps/services (41%), turning off location-based services on a device (38%), and turning off Bluetooth on a device (28%).

Consumers revealed a sense of futility and uncertainty. Seventy-five percent of respondents felt like they should be doing more but don’t feel empowered to act. The top three reasons they gave for not doing more are: feeling that companies will track them no matter what they do, feeling that hackers will hack them no matter what they do, and simply not knowing what to do.

The cost of doing too little can be high for both consumers and device and service providers. In 2021, reports filed by consumers with the FBI’s Internet Crime Complaint Center represented estimated losses of US$6.9 billion.8 When data breaches expose personal customer data, companies can face public relations costs, breach notification and protection costs, and regulatory fines.9 Other effects can reverberate for years, resulting in reputational damage and operational disruption.10 A recent global study found that one in three consumers surveyed have stopped doing business with a company that had a security breach.11

Considerations for tech companies

Device makers, application developers, and service providers should explore ways to simplify and streamline security to protect their reputations and relationships. Tech providers may want to consider:

  • Being transparent about how and why consumer data is used, how it is stored and secured, and how long it is kept. Providing this information ahead of the point of purchase and making it very easy to understand (and opt out of) may help consumers make more informed decisions and motivate them to take their own role in security more seriously.
  • Helping consumers understand their options for protecting their data and making the steps as easy as possible to execute. Helping consumers understand the benefits and risks of various levels of data sharing—and providing periodic security reminders and advice—may provide opportunities to strengthen the customer relationship.
  • Designing smart devices to have high levels of security from the start, not as an afterthought. This may be a differentiator, as three-quarters of consumers surveyed indicated they’d be willing to pay a premium for devices with extra layers of security.12

Tech providers that earn a reputation for helping consumers understand and improve data privacy and security may be able to gain a competitive edge.

  1. Jana Arbanas et al., Mastering the new digital life: Connectivity and Mobile Trends Study, 3rd Edition, Deloitte Insights, August 2, 2022.

    View in Article
  2. According to the NPD Group, 36% of consumers expected to purchase a consumer tech product over the 2022 year-end holidays; see: The NPD Group, “Consumer electronics purchase intent is highest for smartphones this holiday,” press release, October 31, 2022.

    View in Article
  3. Arbanas et al., Mastering the new digital life.

    View in Article
  4. Ibid.

    View in Article
  5. Bree Fowler, “Data breaches break record in 2021,” CNET, January 24, 2022; Arbanas et al., Mastering the new digital life.

    View in Article
  6. 21,006 adult consumers were surveyed across 11 countries and five continents; see: Thales Group, 2022 Consumer Digital Trust Index: Exploring Consumer Trust in a Digital World, September 2022.

    View in Article
  7. The 13 actions we asked about were: implementing two-step authentication for apps/services; turning off location-based services on a device; turning off Bluetooth on a device; using software to enhance security; using a virtual private network (VPN); deleting or pausing a social media account; signing up for credit monitoring or freezing one’s credit score; using anti-tracking software; using an encrypted messaging service; deleting an account other than social media; stopping use of a device completely; buying a connected device that doesn’t track the user; and buying a nonconnected device instead of a smart, connected alternative; see: Arbanas et al., Mastering the new digital life.

    View in Article
  8. Federal Bureau of Investigation, Internet crime report 2021, Internet Crime Complaint Center, March 22, 2022.

    View in Article
  9. Emily Mossburg et al., Beneath the surface of a cyberattack: A deeper look at business impact, Deloitte, 2016.

    View in Article
  10. Ibid.

    View in Article
  11. ISACA, “Nearly 1 in 3 consumers stopped doing business with a company known to have compromised

    cybersecurity, says new ISACA study,” press release, October 4, 2022.

    View in Article
  12. Kelly Sheridan, “Consumers demand security from smart device makers,” Dark Reading, January 10, 2019.

    View in Article

The authors would like to thank Jeff LoucksGautham DuttAndy BayiatesShubham OzaProdyut Borah, and Blythe Hurley.

Cover image by: Jaime Austin

Technology, Media & Telecommunications

Deloitte’s Technology, Media & Telecommunications (TMT) industry practice brings together one of the world’s largest group of specialists respected for helping shape many of the world’s most recognized TMT brands—and helping those brands thrive in a digital world. 

Paul H. Silverglate

Paul H. Silverglate

Partner | US Executive Accelerators | Deloitte & Touche LLP

Subscribe

to receive more business insights, analysis, and perspectives from Deloitte Insights