Data breaches in 2024 had a slightly reduced impact on consumer trust in brands, with a 6.5% decline in concern compared to the previous year, according to a study by Vercara.

The survey of 1,000 U.S. adults highlighted that while breaches remain a major issue, most consumers are still unaware of their own role in cybersecurity incidents and continue to place primary blame on external bad actors.

When asked about the causes of breaches, respondents cited bad actors hacking systems (36%), companies with poor security measures (33%), physical office break-ins (8%), and insider threats (5%).

The study found 58% of consumers perceive breached brands as untrustworthy, and 70% would stop shopping with a company following a security incident.

However, generational divides are evident — Generation Z tends to overlook security issues, while Baby Boomers are the most likely to change their purchasing habits in response to breaches.

Kern Smith, vice president, Americas at Zimperium, said for Baby Boomers, organizations must emphasize clear communication about breaches and proactive security upgrades.

“For Gen Z, showcase mobile security measures and modern threat detection capabilities to align with their tech-focused expectations and reinforce loyalty,” he said.

This includes emphasizing how robust mobile security measures actively protect their information and respect their privacy, without requiring behavior changes.

“Highlight enterprise-level threat detection and proactive security efforts to earn loyalty by demonstrating care for their data, without violating their privacy,” Smith said.

Risky Consumer Behavior Persists

Despite growing awareness, consumer behavior continues to elevate security risks.

More than a fifth (21%) of respondents admitted to reusing passwords across work and online shopping accounts, while 57% said they were comfortable using their work devices for personal shopping, a practice that significantly increases the risk of cyber incidents for organizations.

Carlos Morales, senior vice president and general manager, DDoS and AppSec at Vercara, said educating consumers on the role of insider threats and human errors may not be in the best interest of companies, as it would degrade consumer confidence further and open businesses up to potential lawsuits.

“It’s better for businesses if consumers believe that data breaches result from a motivated attacker who got past the company’s defenses rather than admitting that a mistake was made to lose the data or that a trusted employee stole it,” he explained.

He added timely communication and transparency with the consumer base are very important steps for businesses that have been breached.

“They must ensure customers have an explanation of the breach after it happens, why it got past their defenses, and the steps they’re taking to protect customer data and prevent measures moving forward,” Morales said.

Should a breach result in a service outage, businesses must communicate that they’re working to resolve the issue and update customers when systems are back up and running.

He noted the level of brand distrust year over year has been dropping in consumer concern, indicating that society is starting to accept that breaches are a part of doing business on the internet.

“Over the past few years, the heavy uptick in incidents has resulted in more consumers showing apathy about breaches,” Morales said.

Transparency, Speed Critical in Response

Victor Monga, global cybersecurity technologist at Menlo Security, said he agreed a swift, transparent response is critical for restoring faith.

“Businesses must disclose the facts openly and responsibly, outline the steps taken to strengthen defenses, and offer tangible remedies relevant to the type of breach,” he said.

By adopting relevant security measures companies can show customers they’re serious about preventing repeat incidents.

He noted many consumers overlook that a single misguided click or weak password by an employee can open the door to a major data breach.

“Organizations should clearly explain how internal mistakes lead to breaches — beyond the external hacker narrative — and consider integrating a secure cloud-based browsing solution,” Monga said. “This isolates every web session to prevent mistakes from spiraling into large-scale incidents.”