ISACA has released the results of its inaugural consumer cybersecurity research study, which shows that one in three consumer households in Australia have had their personal information stolen by cyber criminals, leading to a growing sense of hopelessness in consumers who think nothing can be done to protect them from cybercrime.
The report, which coincides with the aftermath of Australia’s recent Optus breach, is critical in demonstrating consumer attitudes towards digital trust and is a sound reality check for companies about the views and actions being taken by consumers.
The report reveals expectations of being a victim of cybercrime are high with almost one in two consumers in Australia acknowledging they could experience identity theft, fraud or a scam.
Worryingly for the Australian companies that experienced a breach in security of their customers Personalised Identifiable Information (PII), one in four consumers severed ties with the company.
Jo Stewart-Rattray, Information Security Advisory Group, ISACA said understanding and listening to consumer perceptions of digital trust must be prioritised and considered part of ‘business as usual’ for companies today.
“We know that digital trust among professionals and consumers has been waning rapidly since 2019, so the recent attack on Optus will have implications that we are yet to realise in years to come,” said Stewart-Rattray.
“It also raises concerns around the knock-on effect this breach has on the wider business community and government, considering the enormous resources and cost involved to manage the aftermath of such a significant cyber-attack.
“The question also remains as to whether the Optus breach will undermine the trust landscape across the telecommunications and utilities sector as a whole, or whether it will be centralised on the company itself.”
Regardless of the mandatory Notifiable Data Breach reporting required under the Australian Privacy Act, the report shows 32% of Australian consumers surveyed believe companies under-report a breach, even if required, and 30% are not confident a business can safely secure their PII.
Respondents in Australia showed differing views in some instances to their global counterparts including:
- 54% of respondents indicate it is likely a company they do business with will experience a cyberattack in 2022 (58% globally).
- 34% of consumers reported a significant increase in cybercrime in the past twelve months (31% globally).
- 30% are not confident a business can safely secure their PII (23% globally).
- 45% believe it likely they will be the victim of cybercrime (39% globally).
With consumer confidence waning, the research indicates a significant number of Australian consumers (58%) would be more confident doing business with companies that hire certified cybersecurity professionals.
In addition, 61% of consumers surveyed believe companies should be independently graded on data security practices and the scores shared with the public.
“The potential loss of business and need to regain and maintain consumer confidence highlights the importance of investing in robust cybersecurity precautions,” added Stewart-Rattray. “Security professionals are critical in protecting customers personal information and transparency is essential, along with adhering to the necessary privacy laws and regulations.”
The global study was conducted with more than 3,000 consumers across Australia, USA, UK and India.