Survey: New Yorkers Demand Businesses Prioritize the Security and Resilience of Their Data - And are Penalizing Those that Don't

Rhea-AI Summary

Commvault (NASDAQ: CVLT) released a Dec. 17, 2025 survey of 1,001 New York professionals, gig workers, and students showing consumers now penalize firms that mishandle data.

Key findings: 85% would or might stop using a company after a breach (41.8% would; 43.7% might), 38% already stopped using a service over trust concerns, and 48% said they had been a victim of a cyberattack. The survey also found personal security gaps: 56% reuse passwords and only 33% use a VPN on public WiFi.

The results highlight consumer-driven reputational and revenue risk and the need for stronger corporate data resilience.

Positive

• 85% would or might stop using a company after a data breach
• 38% already stopped using a service for data-trust reasons
• 56% of respondents would recommend companies that protect data

Negative

• 56% of New Yorkers reuse passwords across multiple accounts
• 48% report having been victims of at least one cyberattack
• Only 33% use a VPN or secure network on public WiFi

New study also finds that while some New Yorkers are prioritizing their own personal security practices, gaps exist that put them and the businesses they work for at risk

TINTON FALLS, N.J., Dec. 17, 2025 /PRNewswire/ -- Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today announced findings of a new Commvault-commissioned survey revealing a significant paradox in the security habits and expectations of adults in New York City, the nation's most populated metropolis.

The results show that New Yorkers are becoming increasingly focused on how organizations handle their data – and many are willing to reconsider or abandon brands that don't hit the mark. At the same time, even as many New Yorkers report taking meaningful steps to protect themselves, notable gaps remain in personal security habits. This tension illustrates the growing importance of a shared-responsibility model in today's threat environment: consumers play a role, but businesses must lead with stronger cyber resilience or potentially pay the price in terms of lost revenue and brand loyalty.

The survey of 1,001 New York professionals, gig workers, and students found that New Yorkers surveyed* expect businesses to take every precaution possible to safeguard their data and prioritize data protection and security.

• Over 85% of everyday New Yorkers said they would (41.8%) or might (43.7%) stop using a company if it suffered a data breach – underscoring that a perceived lack of focus on data security and resilience can erode trust.
• Over a third (38%) have already stopped using a service because they did not trust it to protect their data.
• Over two in five (43%) New Yorkers continue doing business with companies that they believe take data security seriously, and more than half (56%) would recommend them to friends and family.

These high expectations also come at a time when cyber fraud is widespread. Many of the New Yorkers surveyed (48%)¹ stated they have been the victim of a cyberattack at least once – leading some residents to be more vigilant when it comes to their own data.

And while many are indeed attempting to follow best practices, behaviors also reveal meaningful gaps that leave a substantial portion of the population more vulnerable than they may realize.

• 44% of New Yorkers use unique passwords for all of their accounts – both personal and professional, yet 56%² still reuse passwords across multiple accounts, creating a single point of failure that bad actors can exploit. This not only puts personal data at risk, but businesses they work for as well. A compromised personal password reused on a corporate account is one of the most common ways attackers gain entry to enterprise systems.
• When using public WiFi, slightly more than half of New Yorkers³ try to follow best practices like using two-factor authentication (53%) and a VPN or secure network (33%). However, 15%⁴ report using no security measures at all, leaving their devices — and any accounts they access — fully exposed to credential theft, session hijacking, and other forms of data interception.
• And some New Yorkers (49%) avoid accessing sensitive information like banking accounts and email when on public WiFi altogether. But that leaves more than half who may still take chances, often without knowing how easily attackers can capture credentials or personal data on unsecured networks.

"Consumers are more security-minded than ever before - making decisions like where to shop or what bank they use based on the company's data stewardship," said Vidya Shankaran, Field CTO, Cloud, Security, and Emerging Technologies at Commvault. "For companies, especially retailers during this holiday season, prioritizing customer data is now a prerequisite for maintaining customer confidence and loyalty." Read more of Vidya's thoughts in today's blog here.

"New York City is a microcosm of what we're seeing in the rest of the country," said Jessica Barker, MBE, PhD, co-CEO, Cygenta. "Consumer expectations tied to security and resilience have never been higher for businesses, and that's only going to get more pronounced as the AI era accelerates. Once businesses lose consumer confidence, it's incredibly hard to get it back. You must be prepared because consumers are watching, and their trust is on the line."

Research Methodology
*This survey was conducted independently and exclusively for Commvault by Censuswide. It reveals the views of 1,001 New York professionals, gig workers, and students. The sample included 36% Managers/Supervisors, 30% Individual Contributors, and 19% Executives. Data for this report was collected between June 4 and June 10, 2025. Censuswide abides by and employs members of the Market Research Society, follows the MRS code of conduct and ESOMAR principles, and is also a member of the British Polling Council.

About Commvault
Commvault (NASDAQ: CVLT) is a leader in unified resilience at enterprise scale. In a constantly evolving threat landscape, Commvault keeps customers ready by unifying data security, identity resilience, and cyber recovery, on one cloud-native, AI-enabled platform. Customers trust Commvault to conduct the fastest, most complete recoveries – not just their data, but their entire business. Purpose-built for the agentic enterprise, Commvault also enables organizations to safely embrace AI while protecting against AI-driven threats.

---

¹ 'Multiple times, please specify' and 'Once' answers combined
² 'I reuse passwords across work and personal accounts' and 'I reuse passwords but not the same across work and personal accounts' answers combined
³ Those who have connected to public Wi-Fi in places like cafes, parks, or transit hubs
⁴ 'I don't take any security measures because I think it is safe' and 'I don't take any security measures even if I don't think it is safe' answers combined

View original content to download multimedia:https://www.prnewswire.com/news-releases/survey-new-yorkers-demand-businesses-prioritize-the-security-and-resilience-of-their-data--and-are-penalizing-those-that-dont-302644175.html

SOURCE COMMVAULT

FAQ

What did Commvault's Dec. 17, 2025 CVLT survey of 1,001 New Yorkers find about data breach impact?

The survey found 85% would or might stop using a company after a breach (41.8% would; 43.7% might).

How many New Yorkers in the CVLT survey already stopped using a service over data-trust concerns?

38% of respondents said they have already stopped using a service because they didn't trust its data protection.

What personal security gaps did the CVLT Dec. 17, 2025 survey reveal?

The survey showed 56% reuse passwords and only 33% use a VPN on public WiFi.

How prevalent was cyberattack experience among respondents in the CVLT survey?

48% of New Yorkers reported being the victim of a cyberattack at least once.

What does the CVLT survey imply for CVLT investors and businesses?

High consumer sensitivity to breaches implies reputational and revenue risk for firms that fail to prioritize data resilience.

When was the data for Commvault's CVLT survey collected?

Data were collected between June 4 and June 10, 2025 from 1,001 respondents.