Who is responsible for data privacy at the end of the day?

The emergence of digital technologies over the last decade has led to the exponential growth of our digital footprints. Back in 2017, research firm Gartner predicted that more than 20 billion IoT devices will be in use globally by 2020.

Fast forward to today, we are increasingly dependent on all manners of application-based services. In fact, in the wake of the ongoing pandemic, time spent on applications has jumped by 20% in the first quarter of this year alone. With the accelerated adoption of digital technologies, it has also correspondingly led to an exponential increase in the amount of user specific data that has been collected and stored.

The collection of user data provides organisations with rich opportunities to tailor personalised products and services that enhance the user experience. This means that customer loyalty grows, which can translate into greater sales. However, this also leaves consumer data extremely vulnerable to cyberattacks – from data breaches to identity fraud. Deloitte estimated that cyber criminals can execute an attack for just US$34. This relatively low cost and high (negative) impact of attacks, raises the question: who should be responsible for the security of consumers’ data?

What consumers expect in securing their data

Despite the increasing number of headline-grabbing breaches, the reality is that most users still have a nonchalant attitude to data security.In F5’s Curve of Convenience Report 2020 Report, we found that 27 percent of consumers in Asia Pacific (APAC) are not even aware of breaches to government sites or high-use social or commercial applications.  

Furthermore, respondents are split on whose responsibility it is to ensure data protection. Almost half believe that businesses are most responsible, ahead of governments and self. In Singapore, however, the government outranks businesses and users as the party deemed to be most responsible.

While consumers are acknowledging the importance of security, they are also expecting a convenient and frictionless experience. With user-friendliness and fast load times are cited as the second and third most important features in an application, it is clear that consumers expect the responsibilities of security and user experience to fall on someone else’s shoulder.

Data security is not about playing the blame game

While it is reasonable for consumers to expect the data that they provide to businesses and governments to be secured, we cannot play the blame game when breaches happen. Instead, we need to start viewing data security as a shared responsibility between businesses, governments, and the people that use these applications. But how does this shared responsibility should look like?

For businesses. As businesses move towards the next phase of their digital transformation, it is more important than ever to view consumers as allies rather than the weakest link in cyber defence. As customers value a frictionless user experience, security consideration for applications needs to “shift left”. Instead of introducing it as an afterthought, security considerations should be moved to the earliest possible point in the application development process. If apps are “secure by design”, the likelihood of businesses having to introduce onerous security controls is lessened – yielding higher customer satisfaction.

For governments. Governments serve as the bridge in building the trust between consumers and businesses. They are already holding the latter accountable through regulations and compliance policies, such as the GDPR in Europe and PDPA in Singapore. For effective compliance of such policies, it would require a proactive partnership between governments and businesses to improve and uphold these data privacy and protection standards.

For consumers. While consumers understand the value of security and convenience, they should also be willing to accept the shared responsibility for data security and always err on the side of caution. By observing basic yet essential cyber hygiene practices, from using strong passwords that are regularly updated on verified applications to being more cautious about the amount of personal information they share online, consumers will be more empowered on taking responsibility for their own data.

The way forward: finding the right digital partner

There is another stakeholder that businesses and governments should tap into: third-party providers. In F5’s State of Application Services 2020, three out of five APAC organizations said that applying consistent security policies across all company applications and protecting applications from existing and emerging threats and regulation compliance were the top challenges when it came to managing applications in a multi-cloud environment.

It is important than ever for businesses to find the right digital partner to bridge the gap between security and convenience. For best application optimisation, finding the right solutions that leverage advanced insights and new technologies such as artificial intelligence and machine learning will be crucial. These solutions can be tailored based on business needs and help unlock new opportunities in providing secure and frictionless experience that consumers are demanding for.

Effective security in an increasing sophisticated digital landscape requires the right mix of technology and most importantly people.We often think that security should only be left only to the hands of the technical experts that can detect and prevent cyberattacks; but as technology becomes deeply ingrained in our day-to-day life, everyone now has a part to play.