For cybersecurity, it’s business – not government – that should take the lead to protect private information

With shoppers hitting the internet for holiday deals, PwC (PricewaterhouseCoopers), where I am a partner, recently released a study finding that Americans are looking for help protecting their private information — and they’re asking businesses to answer the call.

The survey, which studied U.S. consumer attitudes about data security, cybersecurity, privacy, trust and regulation, showed that 72 percent of consumers believe businesses, not the government, are better equipped to protect them.

Still, about 69 percent of consumers believe companies are vulnerable or extremely vulnerable to hacks and cyberattacks, and only 25 percent believe most companies handle their sensitive personal data in a responsible way. It’s clear that consumers want businesses to do more to ensure personal data is kept secure. That means going beyond the regulatory requirements issued by state and federal government.

The state of privacy regulation in the United States

In the United States, we have an assortment of breach reporting regulations that vary from state to state and by industry — and consumers have taken notice of the lack of consistency. By comparison, the European Union will implement the comprehensive General Data Protection Regulation (GDPR) in May 2018.

More than half of consumers say they would make an effort to get their personal information back from a company if they had the option.

Americans see a role for government regulation. A full 82 percent of consumers say that the government should regulate companies’ use of data. But 70 percent say the government is ineffective in ensuring fair use of their data.

So, although consumers want the government to do more to protect their data, an overwhelming 92 percent say it’s up to companies to be proactive about data protection and not wait for the government to pass new regulations. They feel the companies with whom they share their personal data must ultimately be responsible for securing it.

Consumer control and transparency pave the path to trust

Consumers want control over their data, but don’t feel like they have it. A resounding 92 percent feel they should be able to control what information is available about them on the internet, but only 10 percent feel they have complete control over their personal information.

More than half of consumers (53 percent) say they would make an effort to get their personal information back from a company if they had the option.

This is important for companies to understand, because customized services informed by customers’ preferences and data is becoming more central to the way business is done. Data is essential to the operation of new, highly personalized emerging technologies, such as the Internet of Things (IoT) and Artificial Intelligence (AI).

More than half of consumers are wary of the IoT and AI’s data privacy ramifications. Companies that leverage these technologies must work hard to gain consumer trust.

About 85 percent of consumers say they will not do business with a company if they have concerns about its data security practices. And 88 percent say their willingness to share personal data with a company depends on how much they trust that company.

How to take action

Today’s companies must put cybersecurity and privacy at the forefront of business strategy to win customers’ hearts — and earn their trust. It’s not enough to do this quietly — they must clearly communicate their responsible, robust data governance and privacy protection policies, which should be built upon rigorous standards. Furthermore, these policies must give consumers more control over how their personal information is used.

Companies that go beyond regulatory requirements are likely to come out ahead with consumers, particularly when their products or services rely on or are integrated with emerging technologies. Companies must design their solutions and experiences with risk management in mind, even when there are no regulatory requirements in place.

Companies in industries considered less trustworthy should be particularly proactive in addressing consumers’ concerns. When asked to name the five industries they trusted most with their personal data, just 3 percent of consumers named marketing and advertising companies. Other industries that scored low included startups (5 percent), media and entertainment (6 percent) and online retailers (13 percent).

There’s work to be done to give consumers the secure and transparent private data experience they want. The sooner companies treat private data as a precious and hard-won asset, the sooner they’ll find themselves on the path to success.

Consumers are ready for companies to take charge of data security — and they’re willing to reward the ones that do.