The Incidence of Data Breaches at America’s Largest Corporations Has Nearly Doubled in Just Two Years

Almost Half (43%) of C-Suite Executives Now Reporting That Their Organization Has Been Breached. Having Frequent Employee Training, Well-Established Data Security Policies & Understanding Legal Requirements Has Not Been Enough

The author(s)

  • Sean Simpson Vice President, Canada, Public Affairs
Get in touch

Chicago, Illinois, June 20, 2019 — The findings of a recent Ipsos survey conducted on behalf of Shred-it reveal that the incidence of corporate data breaches is on the rise, and consumers say there will be repercussions for businesses that breach their data.

Only half (51%) of those who oversee the nation’s largest corporations can say, with confidence, that their organization has never suffered a data breach. Put another way, nearly half (43%) of all C-Suite executives report that their organization has been breached, at some point in the past, while as many as six percent (6%) can’t even say for sure if corporate data has been compromised. This figure is troubling as it marks the second consecutive year in which there has been a steep increase in the incidence of reported data breaches (32% in 2018; 22% in 2017) among large corporations in the US. While data breaches are less common at smaller organizations the incidence of such events has similarly increased, year-over-year (8%; +5 pts).

Given the high incidence of reported corporate data breaches, it is not surprising that as many as three in five (60%) Americans feel less secure about their personal data security compared to ten years ago. But this figure still creates plenty of cause for concern.

Whenever the integrity of personal, confidential, or sensitive information is compromised, consumers say it will have devastating effects for business. Irrespective of how a company responds, one in four (23%) say they would stop being a customer of that company, if they were to suffer a data breach. What’s worse, the impact of such an event is unlikely to be limited to customers only, as around one-third of the US workforce would be likely to start looking for a new job immediately if their employer suffered a breach compromising customer (31%) and/or employee (35%) data.

Many US companies are not thinking enough about data security and its overall importance. A majority (55%) of leaders at the nation’s largest corporations view data breaches as no big deal and blown out of proportion. This line of thinking flies in the face of how the public views the issue, however, as a vast majority (86%) of consumers say that data breaches are a big deal and not blown out of proportion. Additionally, nearly nine in ten (87%) C-Suite executives and a clear majority (60%) of small businesses owners trust that all data breaches are being properly disclosed compared to just one in three (34%) consumers.

Virtually all (98%) C-Suite executives and nearly as many small business owners (88%) claim to have at least some understanding of the legal requirements, as they relate to the handling of confidential information, and most have company policies for storing and disposing of confidential information on end-of-life electronic devices (90% C-Suites; 53% SBOs) and paper documents (94% C-Suites; 69% SBOs). The frequency of employee training on information-security procedures has also increased, year-over-year (C-Suites: 61%; +11 pts, SBOs: 31%; +18 pts). In fact, almost nine in ten (88%) C-Suite executives and over half (52%) of small business owners report having regular employee training on how to identify common cyber-attack tactics such as phishing, ransomware, or other malware. And yet none of this has been enough to prevent the incidence of data breaches from continually rising, year-over-year.

Finally, spending on data security varies little between small businesses and large corporations, as both direct only a slim majority of their data-security budget towards digital data security investments, on average (C-Suites: 59%; SBOs: 56%).

About the Study

Ipsos conducted a quantitative online survey of two distinct sample groups: small business owners in the United States (n=1,000) under 100 employees, and C-suite executives working for businesses in the US with a minimum of 500 employees (n=100). The fieldwork was conducted between March 26th and April 1st, 2019. Data for Small Business Owners is weighted by region. Data for C-Suite Executives is unweighted as the population is unknown. The precision of Ipsos online surveys are calculated via a credibility interval.  In this case, the Canada SBO sample is considered accurate to within +/- 3.5 percentage points had all Canadian small business owners been surveyed, and the Canada C-Suite sample is accurate to within +/- 11.2 percentage points had all Canadian C-Suite Executives been surveyed.

In addition to the quantitative online survey, Ipsos conducted a short survey among a gen pop sample of n=2,014 Americans about data protection and security. The fieldwork was conducted between March 26th and 28th, 2019. Weighting was employed to balance demographics to ensure that the sample’s composition reflects that of the adult population according to Census data and to provide results intended to approximate the sample universe. The precision of Ipsos online surveys is measured using a credibility interval. In this case, the survey is accurate to within +/- 2.5 percentage points, 19 times out of 20, had all Americans been surveyed. The credibility interval will be wider among subsets of the population. All sample surveys and polls may be subject to other sources of error, including, but not limited to coverage error, and measurement error.

For more information on this news release, please contact:

Sean Simpson
Vice President, Ipsos Public Affairs
+1 416 324 2002
Sean.Simpson@ipsos.com

About Shred-it

Shred-it is a world-leading information security service provided by Stericycle, Inc. Shred-it solutions ensure the security and integrity of private and confidential information, protecting more than 500,000 global, national and local businesses across 17 countries worldwide. For more information, please visit www.shredit.com.

To view the Shred-it press release here.

About Ipsos

Ipsos is an independent market research company controlled and managed by research professionals. Founded in France in 1975, Ipsos has grown into a worldwide research group with a strong presence in all key markets. Ipsos ranks fourth in the global research industry.

With offices in 89 countries, Ipsos delivers insightful expertise across five research specializations: brand, advertising and media; customer loyalty; marketing; public affairs research; and survey management.

Ipsos researchers assess market potential and interpret market trends. They develop and build brands. They help clients build long-term relationships with their customers. They test advertising and study audience responses to various media and they measure public opinion around the globe.

Ipsos has been listed on the Paris Stock Exchange since 1999 and generated global revenues of €1,749.5 million in 2018.

The author(s)

  • Sean Simpson Vice President, Canada, Public Affairs

Society