Are Americans Overly Cyber-Confident? Survey Shows Majority are Naïve to Cybersecurity Risks and Uninformed About Online Safety

Americans believe they are as or more knowledgeable about cybersecurity than Trump, Clinton, IT Departments and mothers everywhere; Yet 54 percent trust in online marketplaces such as eBay and Amazon

Blumberg Capital, a San Francisco based early-stage venture capital firm, today released findings that reveal 60 percent of Americans believe that they have never been a victim of cyber hacking or are unaware if they have. In fact, statistics reveal nearly the opposite is true. Every day, more than a million people become a victim of cybercrime (Source). In fact, in the U.S. alone, $15 billion was stolen from 13.1 million American consumers in 2015 (Source), prompting the question of why are Americans so overconfident about their own cybersecurity knowledge?

A large majority of Americans rate their knowledge of cybersecurity equal to or higher than the likes of Donald Trump (63 percent) and Hillary Clinton (62 percent), their employer’s IT departments (57 percent), former FBI director James Comey (44 percent) and former CIA director John Brennan (42 percent). Yet nearly half (45 percent) of people admitted to not being able to recognize a cyber crime unless contacted by a vendor or law enforcement authorities. The Blumberg Capital 2017 State of Cybersecurity survey, conducted in associated with ResearchScape, reveals the overconfidence and disconnect between American consumers’ cybersecurity knowledge and concerns with reality.

“Consumers vastly underestimate cybersecurity threats and don’t know how to identify, respond or protect themselves from future attacks,” said David Blumberg, founder and managing partner of Blumberg Capital. “Naiveté and arrogance are a really dangerous combination. The cybersecurity landscape is complex and ever-evolving. Bad actors are constantly finding new ways to bypass security measures to infiltrate confidential systems and steal information or sabotage infrastructure. Even experts can miscalculate how to mitigate risks and existing security solutions are no longer enough, especially in areas such as IoT or cloud security. At Blumberg Capital, we support companies at the forefront of innovation in cybersecurity. We partner with innovative startups creating new ways to minimize cybersecurity threats and protect personal, business and government information.”

Mother Knows Best, Unless it’s Cybersecurity

The national survey asked American adults about their general knowledge of cybersecurity and about their perception of the biggest cybersecurity issues facing them as consumers, businesses and the United States government. The survey found that Americans believe their cybersecurity knowledge to be superior or equal to American leaders and those with specialized training. Eighty-two percent of those surveyed believe they know more about cybersecurity then their mothers, but the survey did not ask about appetite for risk. The majority of people don’t believe they’ve been hacked; although data shows otherwise, and 74 percent believe that a simple password change is ample protection. Additionally, the survey revealed:

– About half of respondents don’t believe they have ever been a victim of a cyber-attack (48 percent), while a quarter thought it was possible they had been (24 percent).

– Baby Boomers are more likely to believe they have never been a victim (54 percent), while Millennials are more suspicious that they may have been comprised (32 percent).

– The most common actions taken in response to a cyber-attack were to change a password (74 percent) and to contact the bank (46 percent).

– Forty-five percent of people said they would not know if they had been hacked or would only know if contacted by a vendor or legal authority. Only 13 percent expressed complete confidence in their own ability to recognize if they have been hacked.

– Less than half (39 percent) of Americans are concerned about potential hacks of their laptop computers and 38 percent are concerned about potential hacks of their IoT devices such as smart appliances and smart phones.

Biggest Cybersecurity Concerns

Respondents are concerned about a variety of cybersecurity threats to their personal information and to U.S. businesses. Americans are also very concerned about espionage against the U.S. Government (72 percent), but are less concerned about hacking for a “cause,” presumably on they favor.

– Fifty-one percent of those surveyed cite identity theft as the biggest cybersecurity issue facing consumers. Forty-four percent listed their social security number as the most important information to keep safe, followed by bank account passwords (27 percent), credit card numbers (22 percent) and personal email passwords (12 percent).

– Consumers are least concerned about protecting their work email passwords (10 percent), online dating passwords (9 percent) and nude or racy photos (7 percent).

– Fifty-five percent believe the most important cybersecurity problem for businesses is securing customer information. Thirty-seven percent listed securing employee information as top priority with 17 percent listing data being encrypted by hackers and held for ransom.

– Overwhelmingly, 72 percent rank foreign espionage threats as the biggest cybersecurity problem facing the U.S. Government. Twenty-three percent believe the top government concern is securing confidential intelligence reports and 17 percent feel the top government concern is securing citizen records such as IRS filings. Only one in 10 believe interfering with elections through propaganda is a serious concern.

Sony Employee Hack or Locky Ransomware ring a bell? Apparently not– Despite those famous cybersecurity attacks, Americans still trust employers and doctors most to protect their personal data. Most Americans don’t know whom to trust with their online data. Those surveyed cited their current employers as being most trustworthy (61 percent), followed by their doctors (52 percent) and their banks (45 percent) despite infamous hacks such as the Sony breach and Locky Ransomware attacks on hospitals. When it comes to transferring sensitive information, most Americans reveal a distrust in technology and believe that in-person hand delivery is the best method, despite impracticalities.

– Eighty-four percent of Americans find social networks to be not all trustworthy, slightly trustworthy or only moderately trustworthy.

– Eighty-eight percent of Americans list dating sites as not all trustworthy, slightly trustworthy or only moderately trustworthy.

– Participants believe hand delivery is the safest way to send confidential information and secure its safety, followed by commercially encrypted email.

– On the contrary, only one percent of Americans ranked courier as the safest way to deliver information, ranking it only safer than a fax machine.

America Online: e-Commerce Risk Prevention Habits and Online Marketplaces

Ninety-Five percent of adults expressed at least some concern about their personal information being hacked on e-Commerce sites with eleven percent being very concerned. Gen X-ers are the most concerned with 25 percent reporting being “very concerned” compared to 17 percent of all other respondents.

– Fifty-four percent of Americans who shop online trust online marketplaces, such as eBay and Amazon, with their financial information

– Only 33 percent of consumers trust established retail brands such as Walmart, Gap, Target, and Macy’s

– Thirty-three percent of Americans believe they are more secure online if they don’t save their credit card information. Others choose to only use PayPal or other payment services they trust (30 percent).

To learn more about the findings, visit: http://cybersecurity.blumbergcapital.com 

Cybersecurity Companies Weigh In

Some of the founders and CEO’s of Blumberg Capital’s portfolio companies offered additional commentary on the survey results:

“To protect consumer information and identity, businesses of all sizes must overcome the growing frequency of cyber threats, requiring real-time analysis across a diverse set of data sources – many of which are siloed in legacy systems that are too slow and expensive to maintain. Arcadia Data partners with security professionals to build advanced visual applications that capture real-time incident response with guided data exploration across networks, entities, applications, and end-points.”

– Shant Hovsepian, co-founder and chief technology officer, Arcadia Data

“As the results of the survey highlight, consumers are the weakest link in terms of cybersecurity and the fact is, it’s only going to get worse as hackers get smarter, extra aggressive and more creative with the ways they defraud consumers and businesses. In addition to stressing the need to create more awareness of cyber threats in general, the survey also highlights the need for solutions that use passive techniques like behavioral biometrics to keep consumers safe from social engineering, malware and remote access attacks that are catching even the most vigilant people off-guard.”

– Eyal Goldwerger, CEO, BioCatch

“The data is clear: cyber attacks are far more prevalent than we think they are, and they can be devastating for consumers as well as businesses. Just as individuals should take care to secure their data and use only trusted online payment services and websites, businesses must implement the practices, tools and insurance necessary to protect their investment.”

– Keith Moore, CEO, CoverHound and CyberPolicy

“Companies should be concerned that only 10 percent of Americans are worried about protecting their work email passwords. An organization’s security is only as strong as its weakest link, and an attacker can easily gain access to a company’s data and systems through one compromised employee credential. These results demonstrate that despite a company’s best intentions to educate their employees, they cannot count on team members to always do the right thing. Companies today need advanced, ongoing and scaleable protection to identify and stop attacks before they gain the slightest foothold in your organization.”

– Slava Bronfman, co-founder and CEO, Cybellum

“With 87 percent of people surveyed using desktops or laptops every day in their job, and 52 percent believing they’ve fallen victims to cyber-attacks, the importance of protecting the endpoints cannot be overstated. This is a critical gateway to the business’ crown jewels. The continuous rise of cyber-attacks and data breaches shows that current solutions cannot handle today’s threats effectively. Businesses require solutions that can meet today’s challenges by taking a new approach to endpoint protection, leveraging new capabilities such as deep learning artificial intelligence.”

– Guy Caspi, CEO, Deep Instinct

“Consumers, businesses and governments have a lot to learn about protecting IoT devices both in the home and industrial settings. As fast as technology is evolving, so are the cyber threats. Operational security for critical infrastructure is paramount because it translates into safety and human lives. Using an existing enterprise-centric information-security based approach is like fighting tomorrow’s wars with yesterday’s weapons. At Firmitas, we believe mission critical systems should operate deterministically under any condition, and the only way to ensure this is to target the cause, not the symptoms with a new paradigm of operational security rather than adapting existing information security systems.” 

– Gil Keini, co-founder and CEO, Firmitas

“With more than 50 percent of respondents naming identity theft as the top personal cybersecurity concern and 37 percent identifying securing employee information as the top concern for businesses, it is clear Americans are becoming more aware of identity related threats. As the risks increase, we’ve seen a booming adoption of new behavioral analytics solutions to discover compromised identities in the consumer and enterprise world.”

– Idan Tendler, CEO and co-founder, Fortscale

“Consumers and businesses alike all face open hacking and virus threats on a daily basis, yet according to the survey 45 percent of people admit to not being able to recognize a cyber crime unless contacted by a vendor or law enforcement. Making matters worse, the more dangerous threats in the deep and dark web are often unseen and go undetected by far too many security vendors and experts who should know better. At IntSights, we use automatic cyber intelligence to detect, analyze and remediate cyber attacks and exploitation of data and personnel on the open, deep and dark web.”

– Guy Nizan, CEO and founder, IntSights

“Only 16 percent of Americans believe they’ve definitely been a victim of a cyber attack, but data shows that up to 30 percent of consumers have been exposed to invisible client-side malware attacks. These attacks can compromise e-Commerce and financial institution websites as well impact the privacy, data integrity and trust of the consumer. At Namogoo, we prevent these attacks, protecting both the enterprise and the consumer without changing user behavior.”

– Chemi Katz, co-founder and CEO, Namogoo

“The proliferation of smart devices and the connected home offers an unprecedented opportunity for consumers to use technology to improve their day-to-day lives. At the same time, adding a variety of digital devices into the home presents a unique and threatening cybersecurity challenge – one that many people do not fully understand. According to the survey, only 13 percent are extremely confident they could identify if their connected devices had been hacked. Rather than trying to protect each individual device, consumers need to protect all connected devices from the router or network gateway, the nexus of all communication between IoT devices. By effectively securing this critical access point SAM enables ISPs to ensure their customers can embrace the connected home safely and securely.”

– Sivan Rauscher, co-founder and CEO, SAM Seamless Networks

“It is no surprise that consumers named identity theft as the biggest cybersecurity issue facing them today. We’re living in a post-Snowden era where many people have a heightened awareness towards data privacy. As a result, it is important for businesses to build a layer of trust and safety on the Internet that meets the data privacy expectations of consumers, while keeping homeland security, and the risks of financial fraud and money laundering activities in check.”

– Stephen Ufford, CEO & founder, Trulioo

Methodology

To better understand current cybersecurity attitudes and concerns, Researchscape International surveyed 1,012 U.S. adults about their technological devices, cybersecurity knowledge and top concerns. Respondents were quota-sampled using 32 different cells (gender by age by region) to closely match the overall U.S. population.