A new survey confirms what many IT industry insiders have known for years: the average internet user values convenience far more than cybersecurity.
In a 2009 press release, Gartner outlined a troubling state of affairs in the consumer cybersecurity space: “Despite widespread security concerns, consumers continue to rely on service providers to protect their safety and persist in using unsafe password management practices, preferring to maintain the status quo rather than exploring new security methods.”
Nearly a decade later, the status quo is anything but a pretty picture. In 2017 alone, the WannaCry malware outbreak infected over 200,000 computers sprinkled throughout 150 countries, and Petya ransomware compromised more than 12,500 computers in over 60 countries. According to an infographic assembled by Best VPNs, cybercriminals stole some $16 billion from nearly 15.5 million American consumers in 2016, and the annual global cost of cybercrime is expected to surpass $2 trillion by next year.
Despite this ever-growing threat, the average consumer seems, at best, nonplussed. For years, “123456” and “Password” have topped the rankings of most commonly used passwords, suggesting that the general public is more than willing to place convenience ahead of cybersecurity. Sadly — though perhaps not surprisingly — this hypothesis is borne out by the results of a recent Google Survey conducted by R Street Institute Senior Fellow Paul Rosenzweig.
Disheartening Responses All Around
The salient takeaway of the survey is clear: on the whole, the general public rarely makes an effort to protect itself online. Over half (50.7%) of the respondents do not take steps to encrypt data on their phone and/or computer, and a further 31.6% are unsure if they do. Considering that roughly 75% of mobile applications fail basic cybersecurity tests, this lack of data encryption is deeply concerning.
Usage of consumer-grade cybersecurity tools is even less common. A mere 12.3% of respondents actively use a password management tool like LastPass or OnePass, and an even smaller 7.2% have used an anonymous browser like Tor.
If there is one bright spot in Rosenzweig’s data, it’s that just under half (48.3%) of the respondents claim that the password they use most frequently is at least eight characters long.
However, it’s the survey’s final question — “Have you ever had personal information of yours stolen from a company you patronize, like Target or Home Depot?” — that produced the most interesting answers. 16.3% of respondents said “Yes,” which might not sound like a lot; that is, until you consider the implications.
Correcting for Consumer Apathy
In short, despite the fact that one in every six consumers has actually experienced having their data stolen from a company to whom they’ve entrusted it, most internet users remain confident that they don’t need to shore up their own personal cybersecurity. Unfortunately, data from the Global Cyber Alliance indicates that this confidence simply isn’t grounded in reality.
A November 2017 survey administered by the Alliance found that half of US consumers are unable to tell if an online shopping site is legitimate and safe, the same fraction who admit to having visited a website that they feared could compromise their device. What’s more, an astounding 68% of respondents report having clicked on a link in an email that directed them to an unexpected site — a recipe for falling prey to a phishing attack.
In light of these alarming findings, many cybersecurity experts are beginning to accept that the general public is something of a lost cause, or at least a very long-term project. In fact, Global Cyber Alliance President and CEO Philip Reitinger expressed precisely this sentiment in response to Rosenzweig’s data.
“Industry should stop asking consumers to make security decisions for which they are ill-equipped, especially when implementation of those decisions is burdensome,” Reitinger argues. “Industry also needs to position bad security decisions so that they are, to use technical jargon, really hard to make.”
In other words, fairly or not, the burden of cybersecurity has fallen squarely on corporate shoulders — at least for the time being. Simply put, the average consumer has neither the know-how nor the desire to implement robust cybersecurity protocols as part of their daily online activities.
For many enterprises, ensuring adequate cybersecurity for themselves and their consumers is a daunting task. Fortunately, by partnering with a cybersecurity expert like Turn-key Technologies, enterprises of any size operating in any industry can rest easy knowing that their networks are as secure as they are high-performing. In an online environment that’s fraught with cybercrime and apathetic consumers, this is an absolutely essential part of doing business.