Consumers Care Deeply About Data Security and Privacy, but Are They Doing Enough to Protect their Information?

Protecting personal information is a top priority for consumers, with 90% saying it’s either very or extremely important to them. 

Yet despite this, many remain uncertain about how well they’re actually safeguarding their information. The continued rise of cyber threats, combined with complex and fragmented privacy settings, makes it challenging to know which actions effectively safeguard their personal information.

This uncertainty leaves many people questioning what steps they should take to stay protected.

We surveyed more than 400 consumers to learn about their top concerns and current security habits, shedding light on how well they’re actually protecting their personal information.

They’re Doing Their Best, but Consumers Aren’t Sure They Can Protect Their Personal Data Online

With so much of everyday life taking place digitally, only around half (55%) of consumers are confident that they can protect their personal data online. In fact, 57% of respondents claimed their personal data has been compromised at least once before.

While consumers feel like the risk of a data breach is higher than ever, guidance for better security hygiene is often fragmented and unclear. That uncertainty is compounded by the complexity of modern technology. Data protection settings are scattered across devices, apps, browsers, and platforms, each with different terminology and tradeoffs.

How can consumers realistically know which settings matter, which actions actually reduce risk, and which still allow for a good user experience?

Without a single model for managing privacy, consumers struggle to know where to focus their efforts or which actions actually reduce risk. As a result, many are waiting too long to follow best practices to protect their personal data, taking security seriously only after the damage has been done.

Three-quarters (75%) of those who have experienced a data breach have changed their behavior — compared to 36% of those who who haven’t — suggesting that many are waiting until they’ve experienced a data breach to take the right security measures.

However, protecting your data doesn’t have to be complicated. There are a few easy steps people can take to make sure that their data is protected.

What Concerns Consumers the Most

Consumers are most concerned by identity theft (40%), and financial fraud (38%). These threats can have immediate and long-lasting consequences, impacting everything from bank statements to credit cards and social security benefits.

It can be hard to recover financially from these attacks, making these risks feel more threatening than if contact information, personal communication, or even sensitive medical data is leaked.

That worry is only growing as evolving threats, especially those powered by AI, make data protection even harder. Personal data can now be used to craft highly convincing phishing messages that appear to come from trusted brands, coworkers, or even friends, making scams more difficult to detect.

Company Breaches are Actually the Biggest Risk

The most common ways personal data has been compromised are exposure during a company breach (30%), account hacking or unauthorized access (20%), identity theft (20%), and financial fraud (18%).

When a business’s systems or databases are accessed without authorization, sensitive customer or employee information can easily be shared or stolen. While it’s not at the forefront of consumers’ minds, it can leave them vulnerable to identity theft, financial fraud, and targeted scams. For instance, criminals can use exposed credit card numbers or bank details to make unauthorized charges.

The threat is only growing. A 2025 Clutch survey showed that 73% of businesses have experienced a cyber incident, with malware (65%), compromised emails (61%), and phishing scams (59%) being the primary cause.

One major example is the SoundCloud data breach in December 2025, which impacted approximately 29.8 million user accounts. Attackers were able to access user names, email addresses, locations, and other profile details through a compromised service dashboard.

Source

The incident was confirmed by security trackers adding the affected accounts to breach databases, where people are able to see if their personal accounts were compromised.

This isn’t uncommon. In 2025, there were 12,000 confirmed company data breaches worldwide, leading to roughly 16 billion leaked credentials, despite increases in data security spending.

“Breaches still dominate even with all the security spending because attackers have gotten faster and more automated, while many organizations are still struggling with fundamentals like identity security, visibility across systems, and quick response,” says Evan Kirstel, B2B TechFluencer and TV Host, TECH IMPACT. “A single compromised login can still unlock a ton of data.”

For consumers, this means it’s more important than ever to be careful about the data they share, to choose companies they trust, and to take necessary steps to protect themselves if a company breach occurs.

Back to the Basics: How Consumers Are Protecting their Personal Data

Many people already have basic protections in place, like strong and unique passwords (72%), two-factor or multi-factor authentication (65%), and regularly update software and apps (43%).

What Steps are Consumers Taking to Protect their Personal Data?

• Use strong or unique passwords - 72%
• Enable two-factor or multi-factor authentication - 65%
• Regularly update software and apps - 43%
• Limit data sharing on social media - 41%
• Use a password manager - 40%
• Avoid public Wi-Fi for sensitive activity - 39%
• Regularly delete unused apps or accounts -30%
• Review app permissions before installing - 29%
• Use a VPN -17%

The good news is that, while simplistic, these steps are some of the most effective ways to protect your data. “Strong passwords and multi-factor authentication stop most basic attacks,” says Mike Murphy, CEO of IT Goat.

Even though consumers worry these steps aren’t enough, these habits protect against brute-force attacks, guessing, and credential-stuffing, where hackers try stolen usernames and passwords from other breaches.

If you use unique, complex passwords, you can ensure that if one of your accounts is compromised, your other accounts remain secure. Multi-factor authentication adds another layer of protection, preventing an attacker from accessing your account even if your password is stolen.

These easy habits are essential to protecting your data. “Most breaches happen when small habits are overlooked,” said Murphy. “Google found that SMS-based 2-step verification blocked 96% of bulk phishing attacks (and device prompts performed even better), which shows how powerful basic MFA can be.”

Additional (But Necessary) Security Steps

Fewer consumers avoid public Wi-Fi (39%), regularly delete unused apps (30%), review app permissions (29%), and use a VPN (17%), but these steps can make a big difference in securing your personal data.

“It’s also essential to update software, avoid phishing links, and only share data that’s strictly necessary,” advises Murphy. “Beyond that, you should limit app permissions and avoid public Wi-Fi without a VPN.”

Updating software is critical because security patches fix vulnerabilities hackers could exploit. Sharing only necessary information reduces exposure if a breach occurs, while limiting app permissions and avoiding public Wi-Fi without a VPN helps prevent unauthorized access to your data.

The Importance of Reviewing Privacy and Security Settings

77% of consumers say that a company’s data privacy policies will influence their purchasing decisions and 88% would most likely stop using a product or service if their data wasn’t secure.

But far fewer are actually acting on those intentions. Only 28% of consumers regularly review privacy and security settings, despite it being the best way to assess a company’s data privacy practices and take control of their data.

Settings across devices, apps, and online accounts often change over time, and default configurations can leave you exposed to unnecessary risks.

By checking these settings, you can limit who has access to your information, reduce the chances of being targeted by phishing or scams, and ensure that your accounts are protected with the latest security features.

“For apps and services, I always think in terms of necessity and trust,” advises Kirstel. “Does this app really need access to my contacts, location, camera, or mic to work? I review permissions once in a while, delete apps I don’t use, and try to limit how much data I share in the first place. Less exposure usually means less risk.”

Wearable technology and health and fitness apps are clear examples of why reviewing privacy and security settings matters. Devices like smartwatches and fitness trackers collect highly sensitive data, such as heart rate, sleep patterns, location, and activity levels.  

While this data powers useful features, default settings may also allow wearable tech companies to share data with third-party apps, analytics providers, or even advertising partners, without consent. For example, data collected by Samsung’s Galaxy Watch can be shared across Samsung’s ecosystem and used to tailor ads and experiences.

Adjusting your privacy and security settings is one of the most effective ways to protect your data. When reading through new privacy and security settings, you should consider:

• turning off location tracking
• managing app permissions
• updating passwords

Corporate Responsibility to Protect Consumer Data

Consumers clearly place responsibility on companies when it comes to data protection. Nearly seven in ten (68%) believe that organizations that collect and store personal data are responsible for maintaining security and privacy.

That expectation reflects a growing understanding that consumers can only do so much on their own, especially when companies control the systems, infrastructure, and default settings that dictate how data is handled.

Most importantly, companies need to be responsible for ensuring they’re protecting consumer data. That’s why cybersecurity is more important than ever, and training is key to ensuring data security.

“Most breaches come from poor password hygiene, missed updates, or misconfigured cloud services,” explains Murphy. “These are preventable with regular reviews and the right internal policies. People still underestimate how small oversights lead to big losses.”

Beyond that, companies need to be transparent about how they’re using consumer data. Consumers want to know what data is being collected, how it’s used, and who it’s shared with, not buried in dense policies or vague language.

Many companies benefit from collecting large volumes of user data, and as a result, they intentionally make privacy and security settings vague. The data they collect fuels targeted advertising, personalization, monetization, and product and market insights.

Are Personalized Experiences Worth It?

While companies justify these practices as a way to provide personalized experiences, only 40% of consumers say they’re comfortable with companies using their data to tailor experiences.

That discomfort is even more pronounced among older consumers. More than half (57%) of those over the age of 60 say they’re uncomfortable with how companies use personal data for personalization, compared to just 27% of younger generations.

Part of the concern is about  the security risks that come with storing and sharing large amounts of sensitive information. Companies often collect everything from location and activity data to health metrics and purchase history. The more data that’s stored, especially when shared across third-party partners, the greater the potential for breaches or misuse.

For many consumers, the benefits of personalization don’t outweigh the risks, particularly when they aren’t confident about how their data is being used. One way to regain control is by reviewing privacy and security settings across apps and devices, and making adjustments to limit unnecessary data access.

Still, as consumer concern about data security and privacy grows, organizations that are transparent about their data use and give users meaningful control over their data will be better positioned to earn long-term trust and loyalty.

Additional reading, ‘How Generations Feel About Sharing Personal Data.’

Protecting Your Data in 2026

Overall, consumers are taking important steps to protect their personal information, even as complex technology, unclear privacy settings, and evolving cyber threats leave many feeling exposed.

Many follow basic protections, such as using strong passwords, enabling multi-factor authentication, and keeping their software up to date, but there’s more they can do to stay secure.Taking additional precautions, like regularly reviewing privacy and security settings and limiting unnecessary sharing, can significantly reduce risk.

Methodology

Clutch surveyed 413 consumers across all age groups in the United States in January 2026. 48% of respondents were male and 52% were female.

About the Author

Hannah Hicklen Content Marketing Manager at Clutch

Hannah Hicklen is a content marketing manager who focuses on creating newsworthy content around tech services, such as software and web development, AI, and cybersecurity. With a background in SEO and editorial content, she now specializes in creating multi-channel marketing strategies that drive engagement, build brand authority, and generate high-quality leads. Hannah leverages data-driven insights and industry trends to craft compelling narratives that resonate with technical and non-technical audiences alike. 

See full profile