New Data Provides Insight into Unknown Cyber Vulnerabilities, Data Privacy
4iQ commissioned market research and consumer experience specialist, HarrisX, to conduct a survey of more than 1,000 adults in the United States to better understand password security and data privacy issues. The survey results shed light on consumer concerns pertaining to cybersecurity and provides analysis on how various demographics treat their passwords and online security. The ultimate goal of the research was to identify ways in which organizations and individuals can reduce their risk of getting breached.
Sensitive information has never been more at risk. You’ve read the headlines, you’ve followed the news. Major data breaches are a common occurrence. In the digital age, simply being aware of online threats isn’t enough.
Password credentials are the first and simplest defense against cyber criminals — yet it is something all too often overlooked by individuals and companies combined. One would think major companies would understand the necessity of protecting the sensitive nature of their customers’ data and do everything within their power to prevent data from getting breached. But on a weekly basis we read about the most notorious companies in crisis after falling victim to a cyberattack. Taking the necessary steps to safeguard your personal information is crucial.
Passwords: Consumers Prioritize Convenience Over Security, and Are Putting Their Companies at Risk
The study revealed the average person only uses two or three passwords for all their online accounts, and 30% of millennials use the exact same password for multiple accounts, which represents the highest demographic.
This is alarming when you consider that they may be using the same or similar passwords across their personal and work accounts. Meaning once a password is compromised, any account with the same password — personal or work-related — is at risk. Employees may be inadvertently making it easy for cyber criminals to access their company’s sensitive data.
Millennials are not the only sub-group that companies need to be made aware of; any employee with corporate credentials. Even those who have been in the workforce for decades, who haven’t had to worry about today’s cybersecurity concerns the majority of their professional lives, are liable to become compromised.
Employees may not be fully aware of the risks that their employees’ digital identities pose to the company, but several of the most notorious breaches began with one single employee’s password becoming compromised.
By nearly a 2:1 ratio, respondents expressed more concern about someone gaining unauthorized access to their personal email or private text messages than to their company email.
Results of our survey showed that “someone hacking into my work email” ranked last in respondents’ concerns about personal data privacy. Atop the list was their social security number.
Cybersecurity is not a job solely for IT professionals. Every employee plays a role in preventing outside attacks, and a concerted effort to protect sensitive information must be made by every member of an organization. But if the company doesn’t invest the time and resources to train their employees, it’s unfair to hold them accountable.
A seemingly innocuous error made by an individual, even just in the form of accidental exposure, can potentially cost a company and its shareholders millions of dollars, hefty legal fees and the trust of its customers.
Too Little, Too Late
Our survey revealed that the majority of individuals wait until a threat risk is noticeably high to change their passwords, with data showing that nearly 70% of respondents would change their passwords immediately if there was just a 30+ chance of their logins being compromised. On the other hand, only 1/4 of respondents change their password before the service they are using suggests or forces them to change it.
Although it is a positive sign that consumers are reacting to breaches by changing their passwords, they must think beyond that breached platform. For example, if users changed their password following the LinkedIn breach, but never changed the identical password used to log-in to their employer’s VPN, they are still vulnerable, as is their employer.
The Digital Divide of Generations
The survey data shows that Generation Z respondents are less worried about their digital safety, showing less concern about somebody hacking their medical or banking information or online passwords when compared to Millennials, Generation X, and Baby Boomers. Baby Boomers and the Silent generation are most concerned about social security numbers being stolen, and Baby Boomers are split when it comes to concern level about their mobile phone contacts and private text messages, where you see higher levels of concern in this category from Generation Z, Generation X, and Millennials.
Women More Concerned About Data Privacy Than Men
Across all aspects of digital identity in our poll, women consistently showed higher level of concerns as compared to men, but were not any more likely to sign up for identity protection services. This finding suggests that although women realize the risks associated with their online digital identities, they are not aware of the benefits of protection services and how they can better secure themselves online.
Is There More We Can Be Doing?
Yes. Absolutely.
There are several steps consumers can take — from using a password manager to using complex, unique passwords to signing up for identity protection services.
As companies and organizations, we can do more to educate our employees about risks. We can do more to protect them in order to protect the enterprise. We can monitor not only for vulnerabilities in our system, but also exposed credentials and personal identifiable information (PII) of employees and our business on the surface,deep or dark web.
These results illustrate a lack of appreciation among consumers regarding the nature of these services. Understanding just what identity protection services have to offer is important, so that consumers see the value in this form of protection and proactively sign up before it is too late. Complacency and digital identity protection do not go hand in hand.
70% of respondents are willing to consider signing up for a real-time service that sends alerts as soon as their personal information is suspected to have been stolen or breached. However, a majority of respondents are not currently signed up for identity theft protection services, mostly because they don’t think it’s worth the investment. While there are a multitude of reasons one would want to sign up for an identity protection service, companies should take it upon themselves to secure their employees’ digital identities. By extension, they’re directly protecting themselves, their business partners, and their valued customers.
“Our survey shows that consumers are concerned about protecting certain aspects of their digital identities, such as their social security number, banking and credit card information, but they are not taking all the steps they can to adequately protect this data,” said Monica Pal, CEO of 4iQ. “We need to be clearer about what risky online behavior is, the steps consumers can take to protect their accounts and identity, and what solutions are out there that can alert people to compromised or vulnerable information.”
More often than not, companies act in the best interest of the enterprise and their consumers. When it comes to cybersecurity, these two usually overlap. But cybercriminals are always a step ahead. In addition to utilizing and requiring best practices for password hygiene, identity monitoring services can alert individuals when things do go wrong, and alert businesses when their employees become compromised.
