Survey: There’s a divide between cyber security concerns and cyber security actions

When it comes to cyber security, U.S. businesses and citizens alike have plenty of concerns, but they may not know how to mitigate them.

That observation is based on the third annual Cyber Report from property and casualty insurer Chubb (pdf), which found that eight in 10 Americans continue to be concerned about a cyber breach, yet only 41% use security software and only 31% change their passwords regularly. Both those survey findings are essentially flat year over year. The survey, conducted on Chubb’s behalf by research firm Dynata, measured consumer behavior toward cyber risk. It was conducted only between May 7 and May 17, 2019, and the results are based on 1,223 completed responses.

Looking at U.S.-based companies, survey responses indicated that many companies fail to implement the most essential security controls. Throughout 2018 and 2019 there has been little increase in companies that provide annual security training (31% in 2018 and 33% in 2019), use online content filtering (38% and 40%) or mitigate social media access (32% and 33%). Also relatively unchanged was the number of respondents who said their company has “excellent” or “good” cyber security practices in place from 2018 and 2019, 75% and 70% respectively.

Stunningly, just 27% of respondents were concerned about a breach of their medical records. Yet, according to insurance data from Chubb’s healthcare policyholders, just over half of cyber claims stemmed from an external attacker. “If individuals knew that a compromised medical record often gives enough information to completely steal one’s identity, they would likely be more concerned,” the Chubb report states.

I hope that the findings are a reflection of a lack of understanding about the nature of medical identity fraud and how broader identity theft can occur. Perhaps this is an indication that health care providers and health insurance companies need to do more consumer education when it comes to protecting their information.

It was also interesting that older respondents appear to be more attentive to cyber security than younger generations. According to the survey, 77% of the over 55 demographic delete suspicious emails, compared to half (55%) of respondents between 35 to 54 and just a third (36%) of respondents from 18 to 34. The survey found very similar results regarding cyber security monitoring services.

Additionally, the survey found that, when it came to some basic cyber security practices, younger generations are actually heading in the wrong direction. According to the report, in 2018, 47% of respondents aged between 18 and 34 delete suspicious emails. That number dropped to 40% in 2019.

With all of the attention on the dangers of phishing attacks and identity theft in recent years, one would hope that those numbers would actually trend the other way.