A new study from Chubb finds that, despite the ever evolving and seemingly never ending frequency of cyber attacks, individuals are still largely unprepared and at risk should they or their family members be targeted.
Image: Chubb survey finds individuals are unprepared for the risk of a cyber breach. Photo: courtesy of Chubb.
The 2018 Chubb Cyber Risk Survey found that while most respondents (86%) reported being concerned about cyber incidents, most are either underestimating or completely unaware of the common cyber threats that are targeting their personal information across social media sites and through internet connected devices ranging from laptops, smartphones and voice assistants to smart refrigerators and thermostats.
For instance, just 12% said they were concerned about the risks associated with using public WiFi, despite being a common entry point for cyber criminals.
Further, only 4% cited concern with smart home-connected devices, despite the fact that these devices can serve as gateways for criminals looking to access other personal information.
Chubb North America personal risk services division president Fran O’Brien said: “In this day and age, anyone is susceptible to falling victim of a cyber attack.
“While it is promising that so many people are generally aware of everyday cyber risks our study shows that their concern isn’t translating into action—just 40% of individuals use cybersecurity software and less than one in three regularly change online passwords. Given what’s at stake, individuals should be taking every precaution they can to mitigate risk.”
While the risks exist — and are growing — for everyone, successful individuals and families should be particularly aware.
As a group, successful individuals are more likely to be business owners or senior business executives with access to confidential client and employee information, proprietary intellectual property, and other sensitive information that could spell disaster if stolen or leaked.
Understanding which risks are most prevalent and the ways in which cyber criminals target individuals and devices is a good place for anyone to start improving their cyber safety.
Knowledge is Power
Many people have a misplaced sense of which type of personal data is most harmful if stolen. Respondents were overly concerned about certain data being compromised and demonstrated a general lack of concern when it came to data that is actually more valuable if breached.
For example, bank breaches and other financial accounts becoming compromised were the top concern (80%); however, most financial institutions will reimburse members for lost funds in the event of a breach.
On the other hand, social security numbers (SSN) and medical records in the wrong hands are actually more valuable than bank information.
Yet, just 60% of respondents said they were concerned about a family member’s SSN becoming compromised and only 30% reported being concerned about medical record breaches.
Further, many people aren’t exactly sure what it is they’re afraid of. For example, ransomware, the malware that restricts access to data until a ransom is paid, is one of the most prevalent threats in recent years.
However, 50% of respondents could not define it, and nearly one-fifth (19%) had never heard of the term.
Time to Act
There are measures individuals can take to reduce some cyber risks; however, there is a clear misalignment between the apparent sources of a cyber breach and the steps people actually take.
Consider that while respondents cited a credit agency hack as the second-highest perceived threat after email exposures, half of respondents don’t regularly check their credit.
People could also be more proactive when it comes to staying cyber-safe, especially when it comes to password maintenance, one of the simplest deterrents available. Only 30% regularly change their passwords, and 67% say they “always” or “often” use the same password for multiple online sites.
More than half (54%) have shared one or more account passwords with someone other than an account holder, and 41% of respondents do not password protect their home WiFi networks.
Cyber Security at Work: Employers Should Lead by Example
A similar misalignment between knowledge and action exists at work: three quarters (75%) of respondents say their company has implemented “excellent” or “good” cyber security practices.
However, Chubb’s claims data shows that there has been a 930% increase in the number of business-related cyber insurance claims for over the past 10 years—suggesting that, even as companies establish better safeguards, there are still significant threat activities that continue to exploit the remaining vulnerabilities.
Employees seem to understand the importance of strong cyber security in the workplace, with nearly all (93%) agreeing that they understand the intent of the cyber security measures their company has implemented.
However, just 33% say their employers hold annual company-wide trainings or updates—which are becoming increasingly necessary due to the ever-evolving nature of cyber risk.
Chubb global cyber risk practice division president Bill Stewart said: “The economy is on a trajectory towards automation.
“As that automation becomes part of businesses in every industry, the potential for more cyber incidents grows by the day. It is important for both individuals and businesses to approach cyber threats proactively.
“While there isn’t an airtight, preventative way to safeguard against all risk, cyber insurance can indeed help fill the gaps and protect the remaining risk involved in cyber security.”
A Call to (Cyber) Arms
While awareness of cyber risks is on the rise, society has not yet achieved a strong culture of cyber security. Many risks are overlooked, and there is a knowledge gap and lack of cyber-education.
While proactive measures of cyber security are essential, in order to truly safeguard against cyber risk, a back-up plan is necessary.
The best back-up plan is cyber insurance—with the best policies providing a mix of defensive protective measures along with fast response capabilities in a worst-case scenario.
Source: Company Press Release