Gerald Beuchelt, CISO at Acronis, argues that the so-called privacy paradox – users fearing breaches but neglecting basic cyber hygiene – is fast becoming a critical liability for data centre operators.

In today’s hyperconnected world, data centres are the backbone of everything, from government operations to digital banking services. But while infrastructure continues to modernise, the human side of cybersecurity is proving harder to keep pace. 

A global Acronis study recently highlighted a familiar yet dangerous contradiction: 64% of consumers say they’re worried about data breaches, yet only 40% regularly update passwords, and fewer than half use two-factor authentication (2FA). For data centre operators, this gap between concern and action (which is often referred to as the privacy paradox) shouldn’t be seen as simply a consumer issue but a growing point of exposure.

While consumers’ failure to adopt basic cyber hygiene might seem like a personal problem, it has wide-reaching implications for infrastructure providers. As cloud services, hosted applications and mobile endpoints interact with backend systems, poor user behaviour becomes an attack vector. Insecure credentials, password reuse and unsecured mobile devices all provide potential entry points, especially in hybrid or multi-tenant environments. With the average global cost of a data breach reaching $4.88 million in 2024, a 10% increase on the previous year – clearly, more needs to be done to combat this growing problem.

Securing the expanding attack surface

An increasing volume of personal and professional data flows in and out of data centres via devices that users trust but are rarely secure.

The UK now formally recognises data centres as part of its Critical National Infrastructure (CNI). This means that data housed and processed in UK data centres – from photos taken on your phones to patients’ NHS records – is less likely to be compromised during outages, cyber-attacks and adverse weather events.

Putting data centres on an equal footing as water, energy and emergency services systems, will mean the data centre sector can now expect greater Government support in anticipating and recording critical incidents. 

This designation reflects their strategic importance but also brings greater regulatory scrutiny. It also comes against the backdrop of the UK Government’s Cyber Security Breaches Survey in 2024, which reported that 50% of businesses experienced some form of cyber breach in the past 12 months, with phishing accounting for 84% of incidents. This underscores how easily compromised direct or indirect endpoints can threaten core infrastructure.

Bridging the gap through design, education and endpoint oversight

Complacency plays a major role in cyber security breaches. Many individuals assume they have not been breached or believe their existing protections, such as built-in mobile security, are sufficient. Others may not even realise they have suffered a data breach, highlighting how cyber threats often go unnoticed. Additionally, many people still don’t believe they have anything particularly valuable worth protecting, underestimating how cybercriminals can exploit even seemingly insignificant personal data.

Closing the gap between consumer behaviour and infrastructure protection starts with proactive design. One effective step is embedding secure defaults across hosted platforms, such as enforcing 2FA, regular password updates and encryption. In parallel, operators can help bridge the knowledge gap with accessible, engaging education. 

The Acronis Data Privacy in 2025 survey found that 44% of consumers prefer online video content over written guides when learning about cybersecurity, presenting an opportunity for data centre operators to demystify core concepts and encourage safer habits across their user base.

Mobile vulnerabilities and the opportunity for trust 

Despite mobile devices being a primary target for phishing, malware and data theft, 35% of consumers still report being unfamiliar with mobile security apps. This disconnect creates a weak link in the broader security chain, particularly as mobile-first access becomes the norm. Data centres hosting business-critical applications must ensure that mobile connections receive the same level of protection as desktop access, with robust controls such as biometric authentication, secure browsing tools, and app permission management.

But beyond mitigating risk, this challenge also presents an opportunity. Privacy and security have become defining differentiators in the data centre market. Customers increasingly prioritise providers that demonstrate transparency, resilience and leadership in privacy-by-design.

Whether through zero trust architectures, clear incident communication or alignment with evolving international standards, data centre operators that embed proactive, user-focused security into their platforms can build lasting trust and competitive advantage.

Bridging the gap between behaviour and infrastructure

The privacy paradox may begin at the consumer level, but its consequences are absorbed by the entire digital ecosystem. Recognising this is the first step. Acting on it through better design, stronger defaults, and user-focused education allows data centre operators to safeguard not just their infrastructure, but the trust that underpins it.

Cyber threats are not slowing down, and neither should efforts to improve personal cybersecurity. There is an urgent need for individuals to move beyond awareness and take proactive steps to protect their data.

Businesses and security providers must take the lead in designing cybersecurity solutions that are easy to use, affordable, and effective. Security should not be an afterthought or a burden – it should be an integral part of every digital experience. By prioritising security by design, offering better education, and ensuring greater accessibility, organisations can empower individuals to take control and stay safe online.