By David J. Blumberg
2019 saw a rising number of major corporations and governments become victims of serious and damaging cyberattacks, including Capital One, the Australian parliament, Citrix and the city of New Orleans. Due to the threat magnitude of these data breaches, it’s estimated that global cybersecurity-related spending on hardware, software and services is on track to reach $151.2 billion by 2023. The average cost of cybercrime for an organization is $13 million.
Cyberattacks and data breaches are increasing each year and they’re being more widely reported. As such, one would presume that consumers want to become more knowledgeable about security vulnerabilities and the associated dangers. But how much do consumers really understand about cyberattacks and their consequences?
To investigate, Blumberg Capital recently conducted a survey of consumers’ understanding and opinions about personal, business and government cybersecurity. We found that consumers overwhelmingly feel (84%) that they have a strong understanding of the consequences associated with personal data being stolen. However, their perceptions don’t reflect reality.
Consumers most concerned with financial loss, but they shouldn’t be
Consumers are most concerned about financial loss, with nearly 60% saying their greatest fear is hackers accessing their financial information. The threat of loss of financial information ranked well above personal healthcare information becoming public (14%), political campaigns using data to target and influence their opinions (8%) and paying ransom if information is held hostage (6%).
While we know that cyberattacks cost companies large sums each year, the financial cost to consumers is next to nothing. In fact, it’s required by U.S. law that financial institutions refund customers if money is taken from their account without authorization.
This discrepancy demonstrates that consumers confuse their personal liability for financial losses with established institutions and how the U.S. financial system has been designed to buffer them from direct costs. That said, someone is paying for these breaches. The industry allocates the costs for prevention, remediation and liability as an expense of doing business across the board, which can result in raising prices for consumers.
Hackers are increasingly sophisticated and we simply cannot rely on consumers or employees to protect themselves and their systems through cybersecurity education alone. While training is helpful, it’s not sufficient. A better way forward is through technological solutions that minimize end users’ interactions in the cybersecurity realm. For example, asking a user to update a password, accurately use a CAPTCHA or an external verification from a retina or thumb scan is cumbersome and doesn’t ensure full protection. Even with these common cybersecurity tools, a users’ credentials could be stolen after logging in, giving the hacker free reign over personal data. One way to solve this is with passive behavioral biometrics, which our portfolio company BioCatch is using to continuously verify and authenticate users.
Beyond the financial costs and inconveniences, survey findings show consumers are also concerned about being embarrassed as a result of data breaches. In particular, consumers rank online dating sites and social networks as the least trustworthy – by a long shot.
Once burned, twice as safe?
Despite public knowledge of the serious repercussions of cyberattacks, survey results found that a majority of consumers still believe that most big companies and American federal and state governments have their best interest at heart.
Surprisingly, 77% of consumers trust federal/ state governments to keep their information private. Further, 64% believe that organizations have learned from the large-scale data breaches of other companies (Facebook, Target, Equifax) and have therefore become more secure and can better protect their sensitive information.
Unfortunately, this is not necessarily true. Cyber criminals are adapting quickly and companies and governments need to be continually updating their defenses. Cybersecurity managers need to know how to prevent, triage, prioritize and solve the problem, not just know they have one.
Consumers are willing to be part of the anti-fraud solution
The fear is that once consumers consent to companies and governments tracking their online behavior, it’s very difficult to control the further use of that data. The tradeoffs of sharing personal data with enterprises and governments are dynamic social contracts, the terms of which have yet to be finalized. This is a complicated and rapidly changing realm of social policy. Some domestic and international lawmakers have started to implement new regulations, but the longer-term consequences are unclear.
That said, 62% of survey respondents say they are comfortable with companies using AI to track their online activity if it helps prevent fraud and to keep their identity secure. This provides interesting insight into potential future trade-offs where consumers segment their data into acceptable and unacceptable uses.
A number of our portfolio companies are at the cutting edge of helping find new solutions to these vexing problems, including IntSights, Namogoo, Deep Instinct, Medigate, Trulioo, SAM, Hunters and Cybellum. With this continued innovation, businesses will be able to stay one step ahead of cybercriminals and protect the people that matter most: their customers.