In the debates on privacy and data-loss, share-value of major companies was affected, whilst the trustworthiness and safety of technology-enabled services were overlooked. The debate had got stuck in a data and consumer-as-user mind-set. Somewhere along the way, as the internet-of-things accelerated, people ceased to be users in the input-device and display-screen sense, and became participants in a system. What good were long-passwords when people were simply taking a shower, their medication or commuting? And all the time, data was collected to monitor, bill, manage, audit and heath-check. Moreover, because of levels of automation and opaque algorithms the UK had become increasingly vulnerable to attack without any consumer, user or participant being aware.
If we were looking back from 2020, we might think of 2015 as a time when security professionals were still frustrated with people’s inability to remember long passwords, neglect their smartphone security settings and ignore the acceptable use policy. More awareness and education seemed to be the answer.