June 12 — Roughly 128 million Americans are more concerned about identity security than they were a year ago. And yet, the gap between “concern” and “action” remains wide. So, why aren’t consumers taking more responsibility for their own cybersecurity, and what could motivate them to change these behaviors?
IDology’s Consumer Digital Identity Study found that 90 million Americans have received at least one notification in the last year that their data has been breached, and over three-quarters of those surveyed for the study were concerned about mobile malware stealing their identity and password information. When asked if they were more or less concerned about someone gaining access to their personal information than they were a year ago, 27 percent responded they were “much more” concerned, and 30 percent reported feeling “somewhat more concerned.” Only 37 percent reported feeling the same level of concern compared to last year, and those who were “somewhat” or “much” less concerned only made up 3 percent of those surveyed, respectively.
However, even with breach prevalence growing, consumers still aren’t often willing to take the steps necessary to protect themselves in the cybersphere. While 98 million people write their passwords down, 164 million people seldom change them. Reviewing the actions of Americans whose data had been hacked, IDology’s study found determined how breach victims responded (or didn’t respond, as the case may be) to an attack:
- Changed my online account passwords: 40 percent
- Had my credit/debit card reissued: 23 percent
- Turned on fraud alerts with my financial providers(s): 23 percent
- Signed up for credit monitoring or identity protection: 21 percent
- I have not taken any steps to protect my identity: 20 percent
- Enabled two-factor authentication: 19 percent
- Placed a fraud alert on my credit file: 18 percent
- Placed a freeze on my credit file: 13 percent
Part of the disconnect between falling victim to a data breach and response may stem from consumer perceptions about whom or what is ultimately responsible for the safety of their data. When asked, “Do you feel that it is a company’s responsibility to protect your personal information,” 67 percent of those surveyed agreed strongly. In contrast, when asked “Do you feel that it is your responsibility to protect your personal information,” while 59 percent also strongly agreed with this sentiment, 12 percent neither agreed nor disagreed.
With customers somewhat unwilling to take as much responsibility for their own data (and less willing to make substantive changes to their security practices even when faced with a breach), it falls on institutions themselves to step up to the plate. After all, research published in Radware’s 2018 Executive Application & Network Security Report shows that, in the Americas, the number one impact of a security threat on a business in customer loss. While this is considered a “soft cost” in terms of damage done to the bottom line, the report states, “While soft costs are difficult to quantify, it’s likely that their impact is much higher over the long run than hard costs [quantifiable losses from lost business, use of internal resources, cost of external resources, ransom, legal fees and other items that can be accounted for].”
The report also finds that 59 percent of financial companies worldwide have experienced a cyberattack in the last 12 months. However, if your bank isn’t in that 59 percent, attacks on other institutions may be to your benefit. It turns out that attacks on “peer” institutions can greatly influence a firm to reflect upon and improve its own security systems. While this can be said for over half of all business types globally, for the financial industry, it’s the majority. Eighty-six percent of finance companies surveyed for Radware’s report felt that “high-profile data breaches at peer companies were the most influential event affecting their own security planning.”
If consumers are unwilling to learn from the mistakes they themselves make, maybe it’s a good thing banks are learning from the mistakes (or misfortunes) of others.