When it comes to cybersecurity, Americans say they are concerned, but many are not taking the preventative steps needed to protect themselves from a cyber attack.
According to Chubb's Third Annual Cyber Report, complacency seems to have taken hold: eight-in-10 Americans continue to be concerned about a cyber breach, yet only 41% use cybersecurity software and 31% regularly change their passwords. These numbers are virtually unchanged from 2018.
"When it comes to your cybersecurity, there's no such thing as being over prepared," said Fran O'Brien, division president of Chubb North America Personal Risk Services. "While it's important that the vast majority of respondents remain concerned about a breach, concern itself isn't enough. "
O'Brien said the lack of cybersecurity action is because people think it's too time consuming. "But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur," she said.
Businesses aren't much better about cybersecurity.
For instance, while a consistent number of individuals (75% and 70%) say that their company has "excellent" or "good" cybersecurity practices in place from 2018 and 2019, many companies continue to fail to implement the most basics of safeguards. From 2018 to 2019, there was virtually no change in the percentage of companies that hold annual employee trainings (31% and 33%), deploy filters for online content (38% and 40%) and leverage social media blocks (32% and 33%).
About 19% of respondents say they learn about cybersecurity protections through their employer, while more than a third say they most often learn about how to protect against cybersecurity risks from mainstream media (35%), and family and friends (34%). Chubb says this "education gap" means employees and individuals cannot spot incoming attacks — while 54% of respondents correctly defined ransomware—a form of malware that restricts access to files unless a ransom is paid—this was the only common form of attack that a majority of individuals could correctly identify.
According to Chubb, the continued failure to implement cybersecurity safeguards means a breach is inevitable. Yet, just 10% of respondents report having a cyber insurance policy in place.
According to Chubb's online study, individuals don't recognize the value of individual pieces of personal data. For example, just 18% of respondents are concerned about their email addresses being compromised. Similarly, only 27% of respondents cite concern about their medical records being breached.
Survey results indicate that a consistently large portion of older respondents employ better cyber practices than younger generations. Per the survey, 77% of those 55 years and older delete suspicious emails, compared to half (55%) of respondents between 35 to 54 and just a third (36%) of respondents from 18 to 34. Similar patterns arise when looking at those enrolled in cybersecurity monitoring services, ac cording to the survey.
More concerning is that the behavior of younger generations appears to be getting worse. For example, 76% and 74% of adults over 55+ regularly deleted suspicious emails in 2017 and 2018, respectively, as compared to just 47% and 40% of adults between 18 and 34 during the same time period.
Conducted by Dynata, the online survey was fielded between May 7 – May 17, 2019. The results are based on 1,223 completed surveys.