Cybercrime seen to be getting worse: The time to act is now

(Editor’s note: contributed blogs like this are part of ChannelBuzz.ca’s annual sponsorship program. Find out more here. This article was originally posted to the ESET site We Live Security by ESET’s Stephen Cobb

Stephen Cobb, senior security researcher at ESET

Stephen Cobb, senior security researcher at ESET

Is the risk of becoming a victim of cybercrime increasing? Most people in North America and Europe think it is, based on the surveys that I’ve been looking at. Earlier this year the European Union published the results of its latest consumer survey on internet security in which 87% of internet users agreed that the risk of becoming a victim of cybercrime is increasing (see the Resources link below for details of EBS480: Special Eurobarometer 480: Europeans’ attitudes towards Internet security).

Facts and figures

ESET recorded similar concern in a North American survey that asked the same question in roughly the same timeframe. In the US, 87% of respondents agreed that the risk of becoming a victim of cybercrime was increasing. Canadian respondents were slightly less pessimistic at 83% (sample sizes: 2,500 and 1,000 respectively.)

These findings have to be worrying news for companies whose business models rely on public trust in the internet. They should also concern politicians and the government, including law enforcement agencies. The survey findings strongly suggest that government efforts at cybercrime deterrence have not given the public much cause for hope.

Clearly, fear of crimes like identity theft and misgivings about data privacy loom large in many countries and some people are reducing or adjusting their use of online technology as a result. The following graph charts responses to the question: Has concern about security issues made you change the way you use the Internet in any of the following ways? (The EU data are from EBS480 fieldwork in October and November, 2018. US and Canada data are from ESET’s fieldwork in July and August, 2018.)

The number of people who are self-limiting their exploration of the internet has to be bad news for companies trying to start businesses online; and while the percentage of people limiting their online shopping and banking is a lot lower, it should still concern the retail and financial services sectors.

When ESET asked Americans about a variety of concerns related to online banking and shopping, 70% of those surveyed indicated that they are worried about the misuse of personal data supplied online. The EU study found a lower level of concern (43%), but this varied widely within the EU – from 32% in Austria and Poland to 50% in Croatia and 62% in Cyprus.

As you can see, roughly two thirds of respondents (66%) in North America expressed concern about the security of online payments. Again, this could be interpreted as a call to online merchants to step up their security efforts and demonstrate that they take the security of online transactions seriously.

To help assess privacy concerns related to use of the internet, the EU and ESET surveys asked respondents if they agreed or disagreed with this statement: I am concerned that my online personal information is not kept secure by websites. Sadly, one third of US respondents said that they totally agreed, compared to one in four Canadians. The percentage that agreed totally or tended to agree was 80% in the US, 72% in Canada, and 77% in the EU. That EU result is up from 70% in 2013, which is not a good sign.

The survey also asked people if they agreed with this statement: I am concerned that my online personal information is not kept secure by public authorities. Unfortunately, more than three quarters of US respondents (76%) either tended to agree or totally agreed, versus two thirds in Canada. In the EU, 68% of internet users share this concern, up from 64% in 2013.

Given the extent to which companies and government agencies have come to rely on the internet as a tool for communication and interaction with the public, these numbers should be worrying. If the public doubts the ability of organizations to protect personal data from exposure, those organizations may find it much harder than expected to realize net gains from further digital transformation, such as the Internet of Things, machine learning, artificial intelligent, big data, self-driving vehicles, and 5G.

What can we say?

Cybersecurity is concerned with the protection of digital technologies – technologies upon which our world is now heavily dependent – against criminals and other entities who seek to abuse those technologies for their own selfish ends. Public support for efforts to reduce cybercrime is critical to society’s efforts to preserve the benefits of digital technologies. That is why it is so important to know what the public thinks about cybercrime and cybersecurity, the safety of online activities, and the privacy of personal data shared with companies or government agencies.

So why don’t the governments of the world do a better job of researching these things? My take is that the cost of such research strikes many politicians as too high, but that strikes me as extremely short-sighted, given what is at stake, and how much surveys like those reviewed here can teach us. Consider the lost opportunities for retailers and financial firms that were revealed: by digging deeper into the demographics of this distrust, a savvy company could craft targeted marketing to improve engagement with customers who are nervous about online activity because of cybercrime.

Maybe industry lobbyists should be pushing for more of these studies given that they reveal valuable business intelligence. For example, the current numbers suggest that marketing strategies which rely on people giving up data online may be facing stronger headwind if cybersecurity does not improve. Conversely, these statistics might prove useful to Chief Information Security Officers (CISOs) and Chief Privacy Officers (CPOs) as they argue the case for greater emphasis on cybersecurity within their organizations.

Clearly, these surveys show that more needs to be done to deter cybercrime. Given the extent – revealed by these surveys – that cybercrime is impeding progress and threatening the promised benefits of the next wave of digital transformation, concerted action by government agencies and corporate entities to improve this situation would seem to be seriously overdue.

The findings of the EU and ESET surveys strongly suggest that – unless cybersecurity initiatives and cybercrime deterrence are made a top priority of government agencies and corporations – the rate at which systems and data are abused will continue to rise, further undermining the public’s trust in technology, trust that is vital to the economic wellbeing of our planet, now and in the future.

Resources

You can get “Special Eurobarometer 480: Europeans’ attitudes towards Internet security” as a summary report or full report, and you get the data sets for further analysis.

Here is a roundup of articles and papers on WeLiveSecurity that address various aspects of measuring and communicating the impact of cybercrime:

There is a video of my 2015 presentation “Sizing cybercrime: incidents and accidents, hints and allegations” at Virus Bulletin, as well as the full paper and slides.

In 2018, I presented research at Virus Bulletin on the topic of “An international ‘who-cares-ometer’ for cybercrime” and the slides are here.

Finally, for lovers of statistics and data analysis, here is where you can access the 27,333 responses to the: Special Eurobarometer 480: Europeans’ attitudes towards Internet security.