Consumers never take all the precautions they should to prevent cybercrime. What’s worse, however, is that with cyber attacks up sharply, a growing number of consumers may believe these attack are so inevitable there’s no point in worrying about it.
Harris Poll and CSI surveyed more than 2,000 adults about their habits and perceptions around cybersecurity. While 85% of Americans say they are concerned about cybersecurity, the number of people who are not worried about security has risen to 15% from 8% in 2019.
Worse, the number of consumers who are concerned about identity theft and stolen card information fell to 60% from 72% in 2019. That’s striking, given that in 2020 the Federal Trade Commission received more than 1.4 million reports of identity theft, double the number it received the previous year.
Identity theft is now so common that roughly a quarter of surveyed consumers experienced some type of fraud during the 2020 holiday season, according to Experian.
Survey authors say the findings could represent a form of “fatalistic acceptance” as consumers become desensitized to the threats and develop a greater risk tolerance.
“Since many Americans perceive cyberattacks to be beyond their control, it seems they have accepted this risk as part of everyday life,” say the survey authors. “This acceptance may have resulted in lower security standards and lax practices in their personal lives, further exacerbating the likelihood of falling victim to an attack.”
An annual survey of banking customers and bank leaders reveal how banks need to invest and engage customers in 2024 to earn their loyalty.
Explore a three-month view of consumer transactions and trends during the 2023 holiday spending season, including BNPL activity and mobile wallet purchase performance.
Increased Risk for Financial Institutions
Consumers may be becoming complacent about cybercrime, but cyberattacks come with big tolls on financial institutions, as well as their customers. The average cost of a data breach in the financial services industry rose to $5.85 million in 2020, according to IBM. A bigger issue for banks and credit unions is the brand damage that can occur when consumers blame them for the loss.
The CSI survey found that three-fourths of consumers believe their financial institutions can protect their personal information from hackers. That’s a mixed blessing, however. The trust is great, but the reality is that financial institutions can’t prevent all or even most cyber attacks, so there could be a backlash when something goes wrong.
Almost half of consumers say they would leave their financial institution in the event of a data breach.
CSI found that nearly 60% of consumers between the ages of 35 and 44, and 54% of those with an annual household income of $100,000 or more would leave their institutions after a breach — the overall average is about half. Consumers also say they were more likely to leave a big bank in the event of a breach than they would a smaller bank or credit union.
Primary findings of the Harris/CSI cybersecurity poll:
- 60% of consumers are concerned about identity theft and stolen credit or debit card information.
- More than three-fourths of consumers believe their financial institutions can protect their personal information from hackers.
- Nearly half of consumers would leave their financial institutions if it suffered a data breach.
- 30% of consumers believe it’s okay to use the same password for an online bank account that they use for other accounts.Nearly 70% believe they know what to do if their personal data is compromised.
- Half believe a person’s payment information is more likely to be compromised with a physical card versus a digital payment.
Perennial Problem: Poor Password Protection
Consumers say they’re concerned about the risks, but they don’t always act on it. The number of people who believe it’s okay to use the same password for an online bank account that they use for another account rose from 24% in 2019 to 30% in 2020, according to the CSI study. This leaves them at risk for “credential stuffing,” an automated attack where criminals use the same login credentials to gain access to accounts at other sites.
Financial institutions can partly mitigate this risk by deploying and encouraging their customers to use multi-factor authentication. This adds an extra layer of security so the attack cannot gain access to the account with only a password.
As noted above, the survey found that half of Americans believe that a person’s personal payment information is at greater risk with a physical card than it is on a digital channel. With the increased reliance on digital channels, financial institutions should look beyond current payment practices to cryptography and tokenization. Tokenization ensures if breach were to occur at one merchant, it would prevent the same credentials from being used elsewhere.
An Opportunity to Build Trust
While challenges remain, authors of the CSI poll believe there’s a unique opportunity for financial institutions to build on customer trust by ramping up cybersecurity education.
As the early days of the pandemic forced millions of new consumers to digital channels, they now need more education to protect themselves from the threats, says Shirley Inscoe, Senior Analyst at Aite-Novarica Group, in the report. “More education on how to protect themselves digitally would be very beneficial as many consumers fell for a wide variety of scams during the past year and a half,” she says.
Financial institutions can reinforce how they are safeguarding customer or member data through institution-sponsored security awareness training. And naturally banks and credit unions should implement strong security controls and multiple layers of protection.
Institutions also need a strong incident response team and plan with procedures for notifying customers what steps are being taken to protect them. “Institutions should… avoid going silent in response to a security breach,” the CSI report states. “Any silence is likely to be filled in with misinformation. If consumers believe their institution is handling a security incentive well, they are likely less inclined to leave.”