An in-depth look at what consumers want, what worries them, and how companies can earn their trust—and their business.
How consumers see cybersecurity and privacy risks and what to do about it
How concerned are consumers about cybersecurity and privacy risks? Do they believe companies and the government are doing enough to protect their personal information? Do they feel they are in control of their data? And what does it take to win their trust?
We conducted extensive research to better understand consumer attitudes about data security, cybersecurity, privacy, trust, and regulation.
It’s critical that companies understand and respond appropriately to their customers’ cybersecurity concerns. To earn consumers’ trust, you must vigorously protect customers’ data while respecting individual privacy as you look for ways to monetize that data.
Key findings
of consumers believe companies are vulnerable to hacks and cyberattacks. 
of consumers believe most companies handle their sensitive personal data responsibly.
of consumers feel they have complete control over their personal information.
of consumers believe businesses, not government, are best equipped to protect them.For consumers, cyberattacks are personal
45% of respondents believe their email or social media accounts will get hacked in the next year—more than those who assume they’ll have a flight canceled (36%) or get in a car accident (20%).
-min_1701100425.gif)
Consumer trust is fading
Can businesses be trusted to secure their customers’ personal information? Consumers don’t think so.
Just 25% of respondents believe most companies handle their sensitive personal data responsibly. Even fewer—only 15%—think companies will use that data to improve their lives.
If your customers don’t trust you to protect their sensitive data and use it responsibly you’ll get nowhere in your efforts to harness the value of that data to offer customers a better experience.
88% of consumers agree the extent of their willingness to share personal information is predicated on how much they trust a given company.
Nearly the same number (87%) of consumers say they will take their business elsewhere if they don’t trust a company is handling their data responsibly.
Who’s on the hook? Consumers say businesses more than government
Who should be responsible for ensuring data is safeguarded and used responsibly?
Consumers want both companies and the government involved, but say companies bear a larger share of the responsibility.
Companies should do more than what’s required by law—proactively managing cybersecurity and privacy risks in a way that goes beyond a compliance “checklist” approach.
Consumers also expect more from regulators when it comes to protecting data.
Unlike the European Union’s approach to data privacy regulation—known as the General Data Protection Regulation (GDPR)—most US data privacy laws vary by sector, data type, or from state to state.
The path to trust: Giving customers control and providing transparency
Consumers want control over their data, but don’t feel like they have it
Only 10% of consumers feel they have complete control over their personal information.
More than half of consumers (53%) say they’d make an effort to get their personal information back from a company if they had the option.
The stakes are high. If companies don’t adequately protect consumer data, they risk suffering consequences from regulators and backlash from consumers who say they will take their business elsewhere.
71% would stop doing business with a company for giving away their sensitive data without permission.
What types of businesses do consumers trust most?
Consumers’ trust varies by industry
In PwC’s 20th Global CEO Survey, 69% of CEOs said it is becoming much more difficult for businesses to earn and keep trust in a digital world.
Our research on consumer attitudes found that their trust varies by industry.
- Banks and hospitals tie as most trusted when it comes to privacy and cybersecurity, outranking healthcare providers, nonprofits, and online retailers.
- Social media companies, advertising agencies and startups are less trusted than firms in other sectors and need to be proactive in maintaining consumer trust.
After a data breach, can companies earn back consumer trust?
Consumers are willing to forgive, but their trust can only be regained if companies implement real changes in the wake of a breach.
Although no one action will win back every customer, some measures are more likely to resonate with consumers—including compensation for victims, a detailed explanation of what happened, and a clear description of the privacy policies in place.
Consumers want businesses to be responsive, transparent, and take steps to ensure a breach does not happen again.
Consumers see some emerging technologies as a risk to their privacy
Consumers are concerned about the cybersecurity and privacy implications of certain emerging technologies.
25% of consumers see our growing reliance on technology as one of the top threats facing humanity over the next 50 years.
In response, businesses are starting to focus on strategies and investments to counter such risks, although according to our Global State of Information Security® Survey, most companies have yet to implement an integrated Internet of Things (IoT) cybersecurity program.
As emerging technologies such as artificial intelligence and the IoT take root, governments and businesses may be forced to explore comprehensive new measures to address consumers’ data and privacy rights.
A call to action driven by customers’ concerns
As the frequency and scale of data breaches continue to rise, so do consumer worries. Companies must understand and address these concerns or risk losing business. To thrive in the new data economy, companies should:
- Prioritize cybersecurity and privacy
- Build trust through action
- Go beyond existing regulations
- Understand how consumers feel
- Be transparent when using new technology
Prioritize cybersecurity and privacy
Putting cybersecurity and customers’ privacy at the forefront of your business strategy—and backing it with proven security tactics—can help address consumer concerns and cement their loyalty.
Companies must put cybersecurity and privacy at the forefront of business strategy to win customers’ hearts—and earn their trust. And they must implement, meet, and clearly communicate robust data governance and privacy protection policies.