people in the sample know their data has been breached does
not necessarily imply that the “real” number of people that
have been affected is not much, much higher. Many might
simply be living in blissful ignorance, but when it comes to the
online world, what you don’t know really can hurt you.
There is also a third reason why data breaches matter and why
more needs to be done to stop them. Financial costs aside, data
breaches involve the intimate violation of people’s privacy.
Privacy is important for a range of reasons. Psychologically,
people value the idea that what they do online is free from the
prying (and judging) eyes of others. When the online adultery
site Ashley Madison was hacked, for example, people lost their
jobs, their relationships, and in some cases took their own lives.
It is important that what people do in the privacy of their own
homes remains private. Data breaches, given the ways in which
people currently use the technologies of the internet, shakes
that simple idea to its very core.
The final reason why data breaches are such a big problem
is that they undermine the trust that users place in the tech-
nologies of the network and in other users. Trust matters
because while the internet is a wonderful technical system, the
glue holding it all together is actually social. It is based upon user
perceptions that the network is trustworthy. When that trust
declines, people change how they behave. Often, these changes
in behaviour hit right at the heart of the ways in which the
networks of the internet facilitate innovation and commerce.
Some slightly older survey data by SafeNet Inc. highlights this
trend well. Fully 65% of people indicated that they would be
unlikely to frequent an online service after a data breach that
compromised their financial data. This average masks some
interesting variation, where 53% of people in Germany and
82% of people in Japan indicated that they would not use
services that lost their financial data. The new saying seems to
be “once bitten, always shy”.
At first blush it might be tempting to say that the problem
of personal data breaches is a lot of hype with little substance.
When only 27% of people report that they have been affected
by data breaches and when, among those, fully 47% have had
to pay nothing financially as a result, it is alluring to conclude
that the situation is actually not that bad. The trouble is that
the ostrich approach to the problem of cybersecurity won’t
work and is also not actually warranted by the data.
When the situation is fully thought through, the cumulative
cost of data breaches is huge, the potential that the scope of
the problem is incorrectly specified is large, the loss of privacy
is daunting, and the erosion of user trust is damning. We all
need to do better. Governments, companies and individuals
need to work together to improve the state of cybersecurity. If
we don’t, the problems of cybercrime and personal data breaches
are only going to get worse, to the detriment of us all.
Eric Jardine is Assistant Professor at Virginia Tech, and Fellow of the Centre for International
Governance Innovation.MAY/JUNE 2017 | | 33“... when it comes to the online world,
what you don’t know really can hurt you”.Maksim Kabakou/Adobe