Press Release


 ISACA Survey: Most Indian Consumers Aware of Major Data Breaches but Fewer Than Half Have Changed Key Behaviors 

Results also reveal struggles with privacy and security as use of connected devices and wearables grows

Mumbai, India (12 November 2014)—In a world where the growing use of connected devices such as smart watches and connected cars is occurring at the same time that massive data breaches are making headlines, a new global study by ISACA shows that consumers have conflicted attitudes about the benefits of connected devices.

The 2014 ISACA IT Risk/Reward Barometer shows that the vast majority of Indian consumers (88%) have read or heard about major retailer data breaches in the past year, but fewer than half (45%) say retailer data breaches have increased their concerns about their personal data privacy during the same period. The majority (46%) characterize the way they manage data privacy on connected devices they own as Take-Charge rather than Reactive (39%) or Passive (15%).

Yet despite knowing about retailer data breaches and claiming they are taking charge of their privacy, fewer than half (47%) have changed an online password or PIN code, one-third started using cash more often when shopping, rather than credit cards, and 29% shopped less frequently at one or more of the retailers that experienced a data breach.

According to ISACA International Vice President Vittal Raj, CISA, CISM, CGEIT, CRISC, CFE, CIA, CISSP, FCA, “Indian consumers say they are protecting their personal devices, yet their behavior says otherwise. One of the biggest takeaways from this year’s study is the significant gap between people’s concerns about protecting their data privacy and security versus the actions they take.”

Adds ISACA’s International President Robert Stroud, CGEIT, CRISC, “Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks.”

In the area of online shopping, global IT association ISACA recommends that consumers protect their personal information by creating a strong password unique to each account, protect their devices with current security software, and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, Big Data and BYOD (Bring Your Own Device). The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, including nearly 100 in India, and a survey of more than 4,000 consumers in four countries, including 1,007 in India.

The potential risk caused by this gap between knowledge and action is amplified by the rapid spread of wearables and other connected devices in everyday life. By next year 44% of Indian consumers wish to get a smart TV and 41% hope to get a smart watch.

Among the top concerns Indian consumers have about the Internet of Things—which is defined as devices that connect with each other or to the Internet—are someone hacking into the device and doing something malicious (25%), not knowing how the information collected by the devices will be used (20%), and companies or organizations being able to track an individual’s actions or whereabouts (16%).

Wearables at Work

Despite these privacy and security concerns, wearables are making their way into the workplace:

  • 88% of employed Indians would consider using one or more connected wearable devices in their current workplace, according to the consumer survey.
  • In fact, half (50%) of employed Indians would consider wearing smart watches in their current workplace.
  • However, 36% of ISACA members in India believe the risk of using smart watches in enterprises outweighs the benefits.

IT Departments Still Not Ready for the Internet of Things
The 110-country survey of ISACA members shows that few IT departments or workplaces in general are ready for the invasion of wearables. A third (31%) of Indian members say their organizations have plans in place to leverage the Internet of Things, but the majority is not ready for wearable tech. Close to half (43%) say their BYOD policy does not address wearable tech and another 31% do not even have a BYOD policy.

A majority of ISACA members in India (41%) believe that the benefits of the Internet of Things outweighs the risk for individuals, while 33% say the benefits and the risks are appropriately balanced. However, 72% describe themselves as very concerned about the decreasing level of personal privacy.

“The Internet of Things (IOT) and the proliferated use of it should emerge as a strategic initiative instead of a tactical plan,” said Sunder Krishnan CISA, chairman of ISACA’s India Growth Task Force and past president of the ISACA Mumbai Chapter. “Companies should take an ‘embrace and educate’ approach to these devices by creating clear policies and educating employees on appropriate use that can result in increased productivity—a benefit to the enterprise.”

ISACA recently established the Cybersecurity Nexus (CSX) as a resource that enterprises and security professionals can turn to for security advice. Additional information is at

For a full survey report, including related infographics, video and global results, visit

About the 2014 IT Risk/Reward Barometer

The annual IT Risk/Reward Barometer is a global indicator of trust in information. Conducted by ISACA, a global association of more than 115,000 IT security, assurance, risk and governance professionals, the Barometer polls thousands of business and IT professionals and consumers worldwide to uncover attitudes and behaviors about essential technologies and information, and the trade-offs people make to balance risk and reward. The study is based on September 2014 online polling of 1,646 ISACA members from 110 countries. Additional online surveys were fielded by M/A/R/C Research among 1,209 consumers in the US, 1,001 consumers in the UK, 1,007 consumers in India and 1,007 consumers in Australia. The US survey ran 8-11 September 2014, and the UK, India and Australia surveys ran 8-17 September 2014. At a 95 percent confidence level, the margin of error for each individual country sample is: US: +/- 2.8 percent and UK/India/Australia: +/- 3.1%. To see the full results, visit


With more than 115,000 constituents in 180 countries, ISACA ( helps business and IT leaders build trust in, and value from, information and information systems. Established in 1969, ISACA is the trusted source of knowledge, standards, networking, and career development for information systems audit, assurance, security, risk, privacy and governance professionals. ISACA offers the Cybersecurity Nexus, a comprehensive set of resources for cybersecurity professionals, and COBIT, a business framework that helps enterprises govern and manage their information and technology. ISACA also advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. The association has more than 200 chapters worldwide.

Participate in the ISACA Knowledge Center:

Follow ISACA on Twitter:

Join ISACA on LinkedIn: ISACA (Official),

Like ISACA on Facebook:


Ketchum Sampark
Sharon Lobo,, +91.98.6981.3869
Rajdeep Bose,, +91.84.5094.6338