New study also finds that while some New Yorkers are prioritizing their own personal security practices, gaps exist that put them and the businesses they work for at risk

TINTON FALLS, N.J. , Dec. 17, 2025 /PRNewswire/ -- Commvault (NASDAQ: CVLT), a leader in unified resilience at enterprise scale, today announced findings of a new Commvault-commissioned survey revealing a significant paradox in the security habits and expectations of adults in New York City, the nation's most populated metropolis.

The results show that New Yorkers are becoming increasingly focused on how organizations handle their data – and many are willing to reconsider or abandon brands that don't hit the mark. At the same time, even as many New Yorkers report taking meaningful steps to protect themselves, notable gaps remain in personal security habits. This tension illustrates the growing importance of a shared-responsibility model in today's threat environment: consumers play a role, but businesses must lead with stronger cyber resilience or potentially pay the price in terms of lost revenue and brand loyalty.

The survey of 1,001 New York professionals, gig workers, and students found that New Yorkers surveyed* expect businesses to take every precaution possible to safeguard their data and prioritize data protection and security.

• Over 85% of everyday New Yorkers said they would (41.8%) or might (43.7%) stop using a company if it suffered a data breach – underscoring that a perceived lack of focus on data security and resilience can erode trust.
• Over a third (38%) have already stopped using a service because they did not trust it to protect their data.
• Over two in five (43%) New Yorkers continue doing business with companies that they believe take data security seriously, and more than half (56%) would recommend them to friends and family.

These high expectations also come at a time when cyber fraud is widespread. Many of the New Yorkers surveyed (48%)¹ stated they have been the victim of a cyberattack at least once – leading some residents to be more vigilant when it comes to their own data.

And while many are indeed attempting to follow best practices, behaviors also reveal meaningful gaps that leave a substantial portion of the population more vulnerable than they may realize.

• 44% of New Yorkers use unique passwords for all of their accounts – both personal and professional, yet 56%² still reuse passwords across multiple accounts, creating a single point of failure that bad actors can exploit. This not only puts personal data at risk, but businesses they work for as well. A compromised personal password reused on a corporate account is one of the most common ways attackers gain entry to enterprise systems.
• When using public WiFi, slightly more than half of New Yorkers³ try to follow best practices like using two-factor authentication (53%) and a VPN or secure network (33%). However, 15%⁴ report using no security measures at all, leaving their devices — and any accounts they access — fully exposed to credential theft, session hijacking, and other forms of data interception.
• And some New Yorkers (49%) avoid accessing sensitive information like banking accounts and email when on public WiFi altogether. But that leaves more than half who may still take chances, often without knowing how easily attackers can capture credentials or personal data on unsecured networks.

"Consumers are more security-minded than ever before - making decisions like where to shop or what bank they use based on the company's data stewardship," said Vidya Shankaran, Field CTO, Cloud, Security, and Emerging Technologies at Commvault. "For companies, especially retailers during this holiday season, prioritizing customer data is now a prerequisite for maintaining customer confidence and loyalty." Read more of Vidya's thoughts in today's blog here.

"New York City is a microcosm of what we're seeing in the rest of the country," said Jessica Barker, MBE, PhD, co-CEO, Cygenta. "Consumer expectations tied to security and resilience have never been higher for businesses, and that's only going to get more pronounced as the AI era accelerates. Once businesses lose consumer confidence, it's incredibly hard to get it back. You must be prepared because consumers are watching, and their trust is on the line."

Research Methodology
*This survey was conducted independently and exclusively for Commvault by Censuswide. It reveals the views of 1,001 New York professionals, gig workers, and students. The sample included 36% Managers/Supervisors, 30% Individual Contributors, and 19% Executives. Data for this report was collected between June 4 and June 10, 2025. Censuswide abides by and employs members of the Market Research Society, follows the MRS code of conduct and ESOMAR principles, and is also a member of the British Polling Council.

About Commvault
Commvault (NASDAQ: CVLT) is a leader in unified resilience at enterprise scale. In a constantly evolving threat landscape, Commvault keeps customers ready by unifying data security, identity resilience, and cyber recovery, on one cloud-native, AI-enabled platform. Customers trust Commvault to conduct the fastest, most complete recoveries – not just their data, but their entire business. Purpose-built for the agentic enterprise, Commvault also enables organizations to safely embrace AI while protecting against AI-driven threats.

---

¹ 'Multiple times, please specify' and 'Once' answers combined
² 'I reuse passwords across work and personal accounts' and 'I reuse passwords but not the same across work and personal accounts' answers combined
³ Those who have connected to public Wi-Fi in places like cafes, parks, or transit hubs
⁴ 'I don't take any security measures because I think it is safe' and 'I don't take any security measures even if I don't think it is safe' answers combined

View original content to download multimedia:https://www.prnewswire.com/news-releases/survey-new-yorkers-demand-businesses-prioritize-the-security-and-resilience-of-their-data--and-are-penalizing-those-that-dont-302644175.html

SOURCE COMMVAULT