A new study from Citrix, conducted by Porter Novelli on behalf of the software company during the spring and fall of 2016, revealed that nearly three-quarters of Americans overall — 72 percent of those surveyed — are concerned about identity theft.
But, setting those fears aside, survey subjects indicated a greater confidence in government to keep their private information safe.
In a related development, though one with less immediate impact likely on state and local agencies, the Security Industry Association (SIA), a roughly 700-member trade association for global security companies, announced creation of an SIA Data Privacy Advisory Board that could include a federal agency member.
Made public on Thursday, the announcement was also timed to Data Privacy Day.
Citrix’ national survey asked people which entities kept their information more secure — the public sector, including federal, state and local government agencies; or the private sector, including retailers, banks and credit card companies.
Their answers, collected using a proprietary styles survey from Porter Novelli, showed the public sector inspires more trust than private entities — albeit with a somewhat narrow spread.
According to Citrix, 54 percent of adults said they believed the public sector kept their personal information more secure. Only 46 percent of adults felt private companies did a better job of keeping their information private.
Results varied slightly when the question was further divided between Americans who were concerned about identity theft and those who were not.
In responding to the same question then, 56 percent of Americans surveyed who were concerned with identity theft — a slightly higher number — said they trusted government agencies with their personal information.
The percentage of Americans who were concerned with identity theft and trusted the private sector with their personal data dropped a bit, to 44 percent.
Conversely, Americans who weren’t concerned with identity theft were evenly divided in their trust of the public sector versus private companies. Half, or 50 percent, said they trusted government agencies; and half, or 50 percent, said they would put their faith in the private sector.
Citrix Public Sector CTO Faisal Iqbal said part of the reason for Americans’ trust of the public sector could be the amount of media attention given to cybersecurity breaches at public companies like Home Depot and Target – even though local public agencies have also had breaches and in some cases remain at risk.
He said residents should be mindful of security even when they’re revealing sensitive data in environments they may believe to be secure, such as local departments of motor vehicles and tax collection websites.
“We’ve seen some interesting things in that space that shows us that’s where people should be the most vigilant,” Iqbal said, noting that Citrix worked about a year ago with the North Carolina Department of Transportation to create an intelligent application firewall solution capable of differentiating between normal data and data that could be coming from a bad actor.
“That’s the next sort of attack that is becoming more prevalent, and these state and local agencies make a perfect attack target,” Iqbal said.
Asked in the survey how concerned they were about identity theft, 72 percent of respondents indicated relatively high degrees of concern. Specifically, 37 percent of subjects said they were “very concerned” and 35 percent said they were “somewhat concerned.”
Another 21 percent of survey subjects said they were “a little concerned” about identity theft, while 6 percent said they were “not at all concerned.” An additional 2 percent of subjects gave no answer to the question.
Iqbal said in a statement that respondents showed generally significant levels of concern that transcended statistical differences depending on their ages, genders and locations. However, he told Government Technology, people over age 40 did tend to be more concerned about identity theft.
According to the survey, only 22 percent of respondents ages 18-35 were “very concerned” about identity theft. That percentage jumped to 34 percent among survey takers ages 36-50; and 53 percent of answerers ages 61-79.
“Unfortunately, the older sector of the population tends to be the victims because they tend to be less tech savvy. I think the folks in that age group have more to lose,” Iqbal said.
The lesson for people and public agencies alike, he said, is to remain cognizant about security – whether for your own data, or data from thousands of residents.
“Maintain vigilance about your own information and don’t necessarily think, if it’s a government agency or a commercial agency, that they have all their ducks in a row. Sometimes there are going to be gaps that introduce vulnerabilities,” Iqbal said.
“And for all the agency and government workers, remain vigilant with citizen data. Even something as innocent as ‘I’m going to download it to my laptop and work on it,’ now you’ve created an avenue for somebody to attack,” he added.
The SIA board’s mission, according to SIA Director of Industry Relations Ronald L. Hawkins, is to develop and promote best practices to ensure the security industry protects customer data. To the extent security companies provide goods and services to public agencies, the board will help secure their information and that of end users, Hawkins said via email.
In an interview, he confirmed the board may have a representative from the public sector.
“Ideally, we have worked with agencies in the past on webinars and things, the Department of Homeland Security, the Coast Guard,” Hawkins said, noting a representative would not necessarily come from those agencies but likely from within the federal government, though “certainly not closing off the possibility of state participation.”
“Obviously, the federal government kind of sets the tone in a lot of different tech areas. We want to identify their big concerns, as well as those from other big end users. Obviously, privacy and data concerns from the government are going to be shared by many others, people and agencies,” Hawkins added.
The board’s other members will come from the security industry – and could include manufacturers, suppliers and experts from outside the industry.
The objectives of National Data Privacy Day as a national effort to educate and raise awareness around privacy and safeguarding data “perfectly explain” the board’s creation, Hawkins said via email.
“We want to make the security industry a leader not only in physical protection, but also in data protection,” he wrote.
Citrix’ survey was conducted among a sample of 6,490 U.S. adults from March 24 to April 16, 2016; and among 3,544 U.S. adults from Sept. 19 to Oct. 3, 2016. It was weighted to reflect U.S. demographics from the 2015 U.S. Census current population survey.
Its margin of error was plus or minus 1.3 percent in the spring sample, and plus or minus 1.65 percent in the fall sample.
