It would not be hyperbolic to suggest that 2015 is the year cyber security awareness went mainstream. Breaches hit headlines on a seemingly daily basis and some, like Ashley Madison and TalkTalk, were top of the news agenda for weeks. Meanwhile, we only have to look at Bond’s Spectre and Mr Robot to see how embedded cyber security is becoming in our cultural references.
I am particularly interested in trends among the general public with regards to awareness and behaviours online. I’m casting an eye back over some of the cyber.uk surveys and analyses this year to see what we’ve learnt.
- People are worried. I recently asked 1,000 people in the UK to rate their worries about cyber security on a scale of one to five (one being not at all worried and five being very worried) and found most people rated their worries at a middling three, as the table below shows. 41.7% of people selected four or five on the scale, compared to 28.6% who selected one or two. So, nearly three questers of respondents (71.4%) rated their worries to middling to high. The response to the TalkTalk attack really illustrates this: consumers were concerned about their data, critical of TalkTalk’s handling of the crisis and keen to change supplier.
- These worries have a real impact, on the economy and on individual lives. The UK is the largest digital economy in the G-20, with the Internet contributing 10% to GDP, but how much stronger would it be without cyber security issues holding us back and will this strength be undermined as concerns of cyber security grow? At Christmas time, worries about cyber security stop 20% of people buying presents online. And, in the year of the Ashley Madison breach, it’s clear how cyber insecurity can impact people’s lives in a profound way. The deeply personal repercussions of that breach reportedly contributed to some people committing suicide, and are still being felt by many of the site’s users, some of whom have been receiving blackmail threats sent to their home addresses.
- Context is everything and perceptions of security and privacy differ according to country and demographics. Two years after Edward Snowden’s leak of information and the differences between UK, US and German perceptions of him are evident, as my survey of 3,000 people across those countries highlights. The survey I reference in point 1, about cyber security worries, reflected the impact demographics have on the extent to which people are worried about cyber security. Of those aged 18-24 years, 22.9% said they were not at all worried about cyber security, compared to only 7.1% of those aged 65 years and over.
- Cyber crime is the biggest type of crime in the UK and police are not equipped to solve the problems of cyber insecurity. Non-traditional targets, like SMEs, are in need of greater support.
- Awareness does not equal action and we are not doing enough to encourage behavioural change and to help people better-protect themselves. The cyber.uk two-factor survey of 1,000 people showed, for example, 70% of people don’t understand 2FA and 80% don’t use it. We need to more fully consider how we communicate cyber security messages if we want to turn increased awareness into behavioural change.