Here’s a statistic that underscores the tough job cyber insurers have in convincing clients to reduce risks: 57 percent of individuals said they use personal information to inspire a password. That’s been a cybersecurity “no-no” for years.
That result – part of Chubb’s Fourth Cyber Report – shows Americans aren’t yet changing their behavior in the wake of ever-increasing cyber risks, many of which have increased after COVID-19 related changes to work, activities and daily habits.
Two other data points show how bad the disconnect is between the perception and practice of cybersecurity. More than two thirds of Americans said they have become somewhat or much more concerned about the potential for a cyber breach in the past year. That’s a positive development, but a third of respondents also said they haven’t taken any preventative actions to protect themselves or their data. What’s more, Chubb said, the figures are relatively unchanged since 2019.
“While we’re encouraged to know that Americans’ cyber security concerns are growing, today’s consumers rely heavily on technologies to aid them in managing their personal lives, and because of that reliance, they should implement important cyber security measures to help protect themselves and their families from rapidly-evolving cyber threats,” Fran O’Brien, division president of Chubb North America Personal Risk Services, said in prepared remarks.
Cybersecurity experts have said for years that consumers need to make their passwords and screen names more complex to prevent cybercrime. But consumers seem resistant to that advice even now, according to the Chubb survey.
Regarding that large percentage of individuals who said they’d use personal information for their username or screenname, 42 percent said they used their own name, while 25 percent relied on a pet’s name. About 24 percent turned to a favorite food or drink, and 22 percent relied on a favorite movie, TV show or book. About 26 percent made their username or screen name using family information, and 27 percent relied on a favorite username or screen name. Just 20 percent relied on randomly generated numbers or letters – a much more secure option.
As the Chubb report notes: “sharing personal information, no matter where, is dangerous – individuals tend to also use this information to build passwords, allowing bad actors in to then guess log-in credentials to access accounts.”
Individuals can make this worse because they often rely on the same passwords in multiple platforms, Chubb noted, which makes it more likely that a cyber criminal could gain access to multiple accounts rather than just one.
And yet, individuals feel they would know what to do if their personal information was compromised, even though they’re not actually taking steps to protect themselves from cyber risks. About 85 percent said they either have a general idea or know exactly what to do if a cyber attack compromises their personal information, the Chubb report found.
Other statistics from the report.
- 28 percent of respondents said they regularly change online passwords. Before the pandemic, when far fewer people were working from home, that number was at 31 percent (in 2019).
- 18 percent said they no longer share passwords with others.
- 22 percent said they don’t use the same passwords for multiple accounts.
- 17 percent said they use a personal VPN for password protection.
- 22 percent of respondents ranked in-office work as the most vulnerable to cyber attack versus 11 percent who said working from home was most vulnerable. (Working from home creates more cyber risks).
- 12 percent of Americans purchased a personal cyber insurance policy in the last year.
Regarding those that lacked cyber insurance coverage, 34 percent said they’d turn to friends and family for advice about a cyber insurance policy, 42 percent would ask an existing agent or broker, and 70 percent wat to purchase such a policy through their existing carrier.
Chubb conducted its survey through Research Now SSI, which it ran between Feb. 11 and 25 2021. Results stem from 1,208 completed surveys.