Data privacy and security worries are on the rise, while trust is down

Consumers are concerned about privacy and security, but right now they feel it’s an uphill battle.

Jana Arbanas

United States

Paul H. Silverglate

United States

Susanne Hupfer

United States

Jeff Loucks

United States

Michael Steinhart

United States

Consumers are increasingly concerned about being “hacked and tracked” through their tech devices. Nearly six in 10 respondents to our survey worry that their devices are vulnerable to security breaches (for example, hackers stealing personal data), and the same number are concerned that organizations or people could track them through their devices (figure 4.1). The concerns are elevated considerably from what we found in our 2022 survey. 

Sixty-seven percent of smartphone users worry about data security and privacy on their phones, and 62% of smart home users worry about the same on their smart home devices—up 13 and 10 percentage points, respectively, from 2022. A majority (52%) of smart home users are concerned about the possibility that someone could control their smart home devices (for instance, hackers breaking into smart locks). Almost half (48%) of smartwatch/fitness tracker users are concerned about data security and privacy on those devices—a jump of 8 percentage points from 2022. Location tracking is a significant concern, too: More than six in 10 respondents worry that their movements or behavior could be tracked through their smartphones or smart home devices, and half worry about location tracking through their smartwatches or fitness trackers.

These security fears appear well-founded. 2021 set a record for total data breaches, and the incidents in 2022 affected an even greater number of people.1 One-third of our survey respondents said they experienced at least one type of breach or scam in the past year, and 16% fell victim to two or more kinds—on par with the numbers we reported in 2022.2 Our analysis revealed that the likelihood of a breach increases as households add more devices. Eleven percent of households with 1–15 devices reported experiencing two or more breaches in the past year, compared with 16% of households with 16–30 devices and 29% of households with more than 30. In an eye-opening experiment, researchers found that a smart home full of Internet of Things devices could experience thousands of hacking attempts in a week.3

Against the persistent threat of hacks and scams, more consumers are taking protective actions. We identified 14 measures consumers could take to protect their data, from using two-step authentication to turning off location and Bluetooth connections, to installing security software (figure 4.2). This year, 79% of respondents reported they had taken at least one of these actions (up from 71% in 2022), and  28% had taken four or more (up from 21% in 2022). Notably, the two most popular measures are those that are prompted by mobile operating systems. If devices provided more prompts and help (for example, an alert that an app has been reported for privacy concerns, or a suggestion to use a virtual private network while on a public internet connection), people might adopt more security measures.

Three-quarters of our survey respondents agreed they should do more to protect themselves. Why, then, aren’t they taking more steps? Their top reasons revealed a sense of futility. Twenty-seven percent feel that companies can track them no matter what they do, and 17% feel hackers can access their data no matter what actions they take. A quarter said they just don’t know what actions to take to protect themselves. There are also financial considerations. Eighteen percent reported not wanting to pay for software or services to increase protection. 

Fewer consumers trust companies to protect their data

Consumers aren’t just worried about hackers; their trust in companies that sell devices and online services is wavering, too. Only half of respondents feel that the benefits they get from online services outweigh their data privacy concerns—a drop of 9 percentage points from 2021 (figure 4.3). There are other signs of eroding trust: Only 41% think it has become easier to protect their online data in the past year, and a mere 34% feel companies are clear about how they use the data they collect from online services. Each finding represents a double-digit percentage-point drop from 2021. Lastly, 9% of respondents said they bought a device in the past year that doesn’t track them (figure 4.2). It’s a small cohort, but a notable jump of 5 percentage points since 2022.

There are some interesting generational differences when it comes to trust. Five in 10 Gen Zs and Millennials say they trust online services to protect their data, versus just three in 10 older consumers. Six in 10 Gen Zs and Millennials feel the benefits they get from online services outweigh their privacy concerns, but only four in 10 older consumers feel the same way. The path to convincing older consumers to make greater use of connected tech (such as GPS tracker watches, fall detection, smart lights, smart security systems) likely relies partly on gaining their trust.

Regardless of generation, the vast majority of respondents want more protection and control over how their data is used. Almost nine in 10 agree they should be able to view and delete the data that companies collect about them, and 80% feel they deserve to be paid by companies that profit from their data. Eighty-five percent think device makers should do more to protect data privacy and security on the devices they sell, and 77% want the government to do more to regulate the way companies collect and use that data.

To help win back trust, device makers and service providers should respond to the growing consumer concerns around hacking and tracking, as well as their desire for more transparency and control over their data. Organizations should consider prioritizing robust data-security measures and communicating their data-handling practices more effectively. Making it simpler for consumers to understand what data gets collected and how it’s used, along with providing easier ways to control that use, may create a competitive advantage. Companies could prompt users at appropriate points to make informed choices about the use of their data. Failure to help people shore up their data security and privacy could leave companies open to disruption by competitors that make it part of their mission to protect consumer data. Beyond wanting companies to help, consumers would also welcome more regulations that force the issue, and these seem inevitable.4

Jana Arbanas

United States

Paul H. Silverglate

United States

Susanne Hupfer

United States

Jeff Loucks

United States

Michael Steinhart

United States

Endnotes

  1. Bree Fowler, “Data breaches hit lots more people in 2022,” CNET, January 25, 2023; Bree Fowler, “Data breaches break record in 2021,” CNET, January 24, 2022.

    View in Article
  2. The types of breaches we asked about were identity/credentials stolen, credit card hacked, bank account hacked, health data breached, ransomware/malware attack, falling for an online scam, social media account hacked, location information misused, and device hacked.

    View in Article
  3. James Coker, “Smart home experiences over 12,000 cyberattacks in a week,” Infosecurity Magazine, July 2, 2021.

    View in Article
  4. Deloitte, “A quick reference guide for California Consumer Privacy Act compliance,” accessed August 10, 2023; Fredric D. Bellamy, “U.S. data privacy laws to enter new era in 2023, ” Reuters, January 12, 2023.

    View in Article

Acknowledgments

The authors would like to thank Ankit Dhameja and Akash Rawat for their valued contributions to the research. We would like to thank Jeanette Watson, Dan Littmann, Jack Fritz, Brooke Auxier, Chris Arkenberg, and Duncan Stewart for their guidance and thoughtful suggestions. Thanks also to Shannon Rothacher, Kelly Komisar, Daniella Edwards, Alexis Harrison, Lauren Horbel, Cristina Stefanita, Nikki Cope, Wendy Gerhardt, Michelle Dollinger, Kim Cordes, Catherine King, Andy Bayiates, Aditi Rao, Blythe Hurley, Prodyut Borah, Molly Piersol, and the Deloitte Insights team for their contributions and support.

Cover image by: Alexis Werbeck