At the Crossroads of Compromise: The Problem of Data Security

As society becomes increasingly digitized and businesses ramp up both the utilization and production of digital data that is ferried across the world through the internet, the protection of data – chiefly defined as information in a digital format – has become a paramount task. Seeing as huge portions of the 21st Century economy run on this modern gold with the uneasy acceptance of the consumer public, it is imperative that data security evolves to the degree necessary to sustain economic growth by assuaging the fears of the modern consumer and strengthening the credibility of digital operations by making them immune, or as close to immune as possible, to external coercion or breach. If the necessary augmentation in data security does not materialize, then the shaky compromise between consumers and companies underpinning our current economy will be at existential threat.

In order to understand the gravity of the matter, we must first acknowledge just how valuable data is. It powers virtually all of the innovative business models that have come to fruition since the internet revolution and the subsequent rise of the app economy. The vast plethora of free services that many of us are accustomed to by this point and heavily rely on, including Facebook, Twitter, Instagram, YouTube, etc., have made tremendous profits by employing user data to generate key insights which go on to form robust monetization techniques, such as targeted advertising. The pursuit of data guides some of the boldest business strategies executed in recent years, such as Microsoft’s acquisition of LinkedIn for $26 billion in 2016: a move predicated on using LinkedIn’s data on professional user profiles to augment the efficacy of Microsoft’s workflow products, chiefly Office 365.

Beyond just large technology companies, businesses in all verticals have come to rely on the compilation and analysis of data in order to perform their daily operations. E-commerce, healthcare providers, fintech, media, and manufacturing are just some examples of this phenomenon, as firms from these industries create databases of sensitive information such as user ISPs, locations, email addresses, legal full names, residential and operational addresses, search queries, credit cards, social security numbers, device-specific information, and a whole host of other parameters. This metadata can be triangulated to predict and model consumption patterns, travel schedules, preferences and interests, household demographics, and other aspects of human behavior and identity. Whereas these tactics have disgruntled consumers, many have accepted that the services rendered by these companies may be worth the cost of their information, as long as it does not trickle into the wrong hands…leading us to our current conundrum.

In truth, data breaches are a daily occurrence simply because of the sheer quantity of information that is collected and stored around the world. But every so often a breach occurs in the servers of a large enough company so as to elicit an observable reaction from the public conscious. Perhaps the most impressionable in recent memory has been the Facebook-Cambridge Analytica scandal, where it was released in early 2018 that Cambridge Analytica, a political consulting firm working for the Trump campaign in the US 2016 Presidential Elections, had harvested the personal data of millions of Facebook users without consent, inciting public outrage and knocking more than $100 billion from Facebook’s valuation. Unfortunately, this social media company was delivered another blow recently in September, this time by a more sinister strain of hackers who exploited a vulnerability that allowed them to access the personal data of potentially up to 50 million users. Other notable examples where data integrity was compromised include Yahoo announcing that it had been subject to hacking in 2014 which exposed the sensitive data of roughly 3 billion users (the largest in all of history), eBay facing a cybersecurity attack in May 2014 that culminated in a data leak related to 145 million user accounts, Equifax getting breached in July 2017 which exposed the personal information (social security numbers, addresses, etc.) of 143 million users and the credit card data of over 200,000 consumers, and the list goes on.

Every time a data scandal of sufficient magnitude comes to light, public outrage is sure to follow, only for these heightened emotions to cool back into latent concerns that consumers put aside in the back of their minds as they go about their daily lives. But there is strong reason to believe that this tension is mounting, which translates into severe implications for future growth and innovation. Ponemon has actually identified the average cost of a breach to be roughly $3.62 million, once consumer-led litigation, post-breach repair costs, and reputational damages, including a fallout in user base, are taken into account. In total, data breaches are expected to cost the global economy $2 trillion by 2019.

But beyond direct losses borne by enterprises, the more alarming concern is how the consumer psyche is adjusting to these realities. Referring to the 2018 Edelman Trust Barometer, the industry standard for measuring consumer trust, only 48 percent of the general population in the United States trusts businesses, falling from 58 percent last year and with a general trend moving downward over the past decade. According to a national 2017 PwC survey, only about a quarter of respondents felt that most companies handle their sensitive data responsibility and close to 70% believe that companies are vulnerable to hacks and cyberattacks, indicative of the evaporation of trust consumers put into companies.

This erosion of trust had dire consequences as consumers leave brands who face breaches twice as more times than firms that do not. In fact, not only are consumers deterred from firms that have been breached, but studies show how some consumers are decreasing their online engagements as a whole, whether that be financial transactions, online shopping, or social networking.

Based on this trajectory, we can easily envision a scenario where larger numbers of people proactively limit their online activities and exposure to technology, which will cripple total factor productivity growth, an essential input for economic production. Japan provides a chilling example, as the island nation has consistently fell behind its G-7 peers in terms of productivity growth, a development largely attributed to the failure of widespread adoption of efficient technologies amongst workplaces and the general public, despite all the R&D conducted in the country.

Regardless of how bleak the circumstances seem, all hope is not lost however. As greater awareness of this crisis spreads, and users begin actively demanding more robust oversight of their data, it will be up to companies to implement more comprehensive policies to safeguard user information. Already, enterprises have begun investing more heavily in data security departments and training employees to become both more adept at monitoring as well as more cognizant of what constitutes as acceptable use of information to minimize vulnerabilities. Furthermore, cutting-edge technological innovations, such as AI and deep learning machines that scout out anomalous behavior and respond without the use of human input as well as blockchain-enabled decentralization which devolves concentrations of network power that could be coerced, can provide means of augmenting current lines of defense.

Despite the promises that innovation may potentially bring, it is imperative that companies first actually take this current crisis seriously and take deliberate steps to assuage the fears of users as opposed to expecting that these concerns are passive and will fizzle out, lest this fragile compromise between company and consumer goes up in flames first.

About the Author

Farhan Javed is a senior at Harvard College studying Economics and Government and is also both the co-Founder and Corporate Development lead for Inkrypt. Javed was born in Saudi Arabia and is of Pakistani ancestry, spending much of his later life in Canada and the United States. Javed comes from a financial background, with experience in cryptocurrency exchange analysis, economic research on the macroeconomic impacts of oil price fluctuations at the Central Bank of Armenia, and investment banking in Citi’s Mergers & Acquisitions Group. Javed is a freedom of information advocate and is passionate about utilizing technology to create social impact in a sustainable and economically feasible fashion that will facilitate a freer tomorrow.

 

Sign up for the free insideAI News newsletter.