Our latest research into consumer behaviour has unearthed a conundrum: people knowingly take risks online even though they understand the dangers. On the one hand, we’ve got two out of three saying life is riskier now than it was five years ago, with serious concerns about losing data or being hacked. But on the other hand, one third of people are still neglecting basic cybersecurity hygiene.
Consumers seem somehow unable or unwilling to protect themselves. But our research reveals an interesting knock-on effect from this: consumers welcome organisations who take the security initiative – and actively move their business to them.
Let’s look at the dynamics of this prime opportunity for organisations.
Weak cybersecurity is widespread
Our research found that one in three consumers are extremely lax at updating software, clearing cookies and routinely resetting passwords. In fact, the passwords people commonly use are so easy to guess it would take no more than a couple of seconds for hackers to break them. And nothing’s really changed for the past five years: ‘123456’ and ‘password’ are still the top choices.
You might think that older people are the most likely to be anxious about cybersecurity and make the most mistakes, but our research shows a mixed picture. Younger people feel more vulnerable online than the over 65s, and yet they are far more likely to reuse passwords than their parents and grandparents. Despite this, however, younger people also demonstrate relatively advanced cybersecurity hygiene, such as having alias accounts for email and social media.
It’s clear low levels of cybersecurity hygiene are down to more than just life stage factors. The lesson here is that we shouldn’t assume to understand what age groups want in terms of security or how they behave online – and generalising our actions based on assumptions could be a mistake. Perhaps the possible consequences of a breach are just too overwhelming, and people tune out from the dangers?
Cyber risks paralyse consumers into inaction
It’s true that the news is so awash with stories and warnings about data breaches that people may just have become immune to the impact. And they don’t want to stop sharing their information either: they’re resigned to the commercial deal where they only get the digital services they value in exchange for their personal data. So, people close their eyes to the risks.
On top of this, people don’t really have a concept of what they’re giving away when they click to accept the terms and conditions – and even if they do read them, they’re unlikely to understand the implications because they’re hidden under layers of legalese. Here’s an eye-opener: a social experiment in the US found only 1% of technology users read the terms and conditions of a contract.
The bottom line is, consumers are going to keep on behaving in ways that make them susceptible to cyber crime. So where does that leave businesses?
Good security is good for business
This situation is a huge opportunity for organisations to make security a differentiator. Our research reveals that consumers value companies they perceive as more secure, with 64% saying they would recommend a large organisation that they think makes a big effort to keep their data secure. A business with clearly visible cybersecurity will reassure consumers and create confidence in its digital products and services, carving itself a competitive advantage.
The future of security
Organisations need to strike a balance between the ease of use consumers are looking for and the security consumers are expecting the business to provide. And it falls to the CISO to make this happen.
Start assessing your current position by asking yourself these questions:
- What are your customers’ perceptions of your cybersecurity? How do you know?
- To what extent is your cybersecurity profile attractive to customers?
- How can you better communicate the measures you have in place to protect customer data?
To find out more about consumer attitudes and behaviours around security, download our new whitepaper, ‘CISOs under the spotlight’.
Contributed by Tristan Morgan, Director of Global Advisory, BT