Security Balance

This question was made by Martin McKeay during a Panel on RSA (Avoding the “Security Groundhog Day”, hosted by Mike Rothman). I took a note at that moment because the answer came to me immediately:

Half of the companies are not doing that because their customers don’t ask for it

The other half uses Security as a Marketing feature, but only as that, i.e., they sell that their products/services are secure but they are not. Consumers don’t know how to verify their claims.

A good example of that are those “Hacker Proof” signs hosted by some online stores. Everyone that have already performed some kind of security assessment on a e-commerce environment know that a vulnerability scan (all you need to have one of those seals) is not enough to say that a website is “hacker proof”.

The question is, how to educate consumers on identifying which companies really protect their data. Or, are consumers really worried about that?