As consumers spend more time on digital channels in their personal and professional lives, which cybersecurity issues are they most concerned about in 2021?
To find out, CSI worked with The Harris Poll to survey more than 2,000 U.S. adults age 18 and above.
Respondents were asked to identify their primary financial institution, providing a look into the perceptions of big bank customers (e.g., Chase, Wells Fargo, etc.), community bank customers, credit union members and those without a primary institution. The data from this online survey was then analyzed and used to create an executive report to help financial institutions understand consumers’ cybersecurity perceptions and expectations.
The executive report provides key insight into 2021’s survey results and a comparison to data from a similar online survey conducted on behalf of CSI by The Harris Poll in 2019, exploring how consumers’ cybersecurity concerns have shifted.
Fatalistic Acceptance: Is Tolerance for Cybersecurity Risk Growing?
Although a substantial number of consumers (85%) reported cybersecurity concerns as it pertains to their personal confidential data, 15% are not particularly worried—a surprising number considering the surge in pandemic-related cyberattacks and the ever-present risk of data breaches for consumers and institutions.
This result marks an increase of seven percentage points in those not concerned about cybersecurity compared to 2019 (8%), which could signal that consumers are becoming desensitized to cybersecurity risks. From SolarWinds to the Kaseya attacks, there has been no shortage of major breaches to report on, which could be contributing to greater risk tolerance among consumers.
Since many Americans perceive cyberattacks to be beyond their control, it seems they have accepted this risk as part of everyday life. This attitude of fatalistic acceptance has resulted in lower security standards and lax practices in their personal lives, further exacerbating the likelihood of falling victim to an attack. If consumers grow more comfortable with risk and have less expectations for security, this could lead to adverse effects for financial institutions, making effective cybersecurity education even more important.
Examining the Top Cybersecurity Threats
To see how perceptions shifted due to the changes driven by the pandemic, consumers were asked about their thoughts regarding password habits, payments security, data breaches and more.
Let’s explore a few takeaways for financial institutions:
Top Cybersecurity Concerns
Identity theft and stolen credit or debit card information tied as the top cybersecurity concerns among consumers, at 60%. This is down significantly from 2019, when identity theft topped the list of concerns at 73%, followed closely by stolen card information (72%). These changing perceptions among Americans indicate that institutions should prioritize educating consumers on these evolving risks.
Consumers are right to be wary of these cyber threats. In 2020, the Federal Trade Commission received 1.4 million reports of identity theft—double the number from the previous year. As consumers turned to digital channels during the pandemic, incidents of e-skimming—which occurs when a hacker obtains credentials during an online transaction by installing malicious code in a retailer’s website—also rose substantially.
Risks of a Data Breach
Nearly half of consumers (48%) would leave their institution if it suffered a data breach, a decrease of 10 percentage points from 2019 (58%). Breaking the findings down further, 60% of consumers who identified a big bank (e.g., Chase or Wells Fargo) as their primary financial institution agreed they would leave compared to 51% of community bank customers and only 45% of credit union members—indicating slightly higher levels of consumer loyalty among community financial institutions.
To avoid high levels of customer attrition, institutions should have a strong incident response team backed up by an effective—and regularly tested—incident response plan. This plan should include the procedures for notifying customers or members and communicating what steps are being taken to protect them.
Importance of Strong Authentication
30% of consumers believe it is okay to use the same password for an online bank account that they use for other online accounts, which is up from 24% in 2019. To mitigate the risk of unauthorized account takeover, financial institutions should provide and promote multi-factor authentication (MFA)—which provides an additional layer of protection—and reinforce the importance of strong passwords.
Consumers who use the same password for multiple accounts are at risk for various cyber threats. If a cybercriminal obtains lists of usernames, email addresses and passwords on the dark web, they can use this information to launch credential stuffing attacks, or automated attacks in which the usernames and passwords are used on other sites in attempt to gain access to customer accounts.
Communicate Steps to Take Post-Breach
Most Americans (69%) believe they know what to do if their personal confidential data is compromised. While this result is encouraging, institutions should continue educating customers or members on the necessary steps to take after their information is potentially compromised, including alerting their financial institutions, finding out what information was compromised and monitoring credit reports.
Embrace Secure Payments
Half of Americans (50%) believe a person’s payment information is more likely to be compromised when using a physical card vs. a digital payment such as a contactless card or digital wallet. Institutions should embrace the latest payments technology and provide consumers with resources on best practices for using secure digital payments, including reminding consumers to be mindful about where they use their cards.
Build Trust Among Consumers
More than 3 in 4 Americans (76%) believe their financial institution can protect their personal and payment information from hackers. Community financial institutions should continue building trust among consumers by hosting cybersecurity awareness training.
Another effective way for institutions to build trust among customers or members is to avoid making headlines because of a cyberattack or breach. Implementing cybersecurity monitoring solutions that offer multiple layers of protection will better position institutions to fend off threats.
How to Approach Cybersecurity Awareness and Education
Americans are becoming increasingly desensitized to the risk of security breaches, making it more critical than ever for your financial institution to break through the noise and educate consumers on cybersecurity best practices. Empowering consumers with information through cybersecurity awareness campaigns is an important step in the fight against cybercrime.
Providing valuable education and promoting good cyber hygiene will mitigate cybersecurity risk for consumers and your institution while increasing the potential for new business through knowledge sharing. To really capitalize on this opportunity, your institution must be intentional and strategic in your planning:
- Determine the Needs of Your Customers or Members: Avoid a one-size-fits-all approach; different customers or members have varying needs and concerns.
- Tailor Your Approach: Create campaigns to reach different groups, tailoring based on age, work schedules, etc.
- Embrace Creativity: Think creatively about how best to communicate with your consumers and deliver a compelling message.
- Go Digital: Leverage digital channels to reach a broader audience – don’t limit the size and scope of your event to physical locations.
- Provide Actionable Tips: Inspire confidence in your bank and motivate customers through actionable tips, such as best practices for creating strong passwords, etc.
Gain Additional Insight on 2021’s Top Cybersecurity Threats
As cybercriminals adopt the latest tactics to carry out malicious attacks, your financial institution should embrace a layered approach to cybersecurity to strengthen its defenses—a key component of which includes delivering continued education to your customers and members.
Download your copy of the executive report to learn more about consumers’ perceptions surrounding cybersecurity.
Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.