Results of a global survey examining consumers digital behaviours during the pandemic, as well as their long-term impact on cybersecurity has showed society becoming increasingly accustomed to digital-first interactions. The study, conducted by Morning Consult on behalf of IBM Security, found that preferences for convenience often outweighed security and privacy concerns amongst individuals – leading to poor choices around passwords and other cybersecurity behaviours.
Consumers’ lax approach to security, combined with rapid digital transformation by businesses during the pandemic, may provide attackers with further ammunition to propagate cyberattacks across industries – from ransomware to data theft. According to IBM X-Force, bad personal security habits also carry over to the workplace and can lead to costly security incidents for companies, with compromised user credentials representing one of the top root sources of cyberattacks in 2020.
The global survey of 22,000 individuals in 22 markets, including 1,000 Australians, identified the following effects of the pandemic on Australian consumer security behaviours:
- Digital Boom will Outlast Pandemic Protocols: Australian individuals created an average of 7 new online accounts during the pandemic on average, equating to tens of thousands of new accounts across the country. With more than half (55%) not planning to delete or deactivate these new accounts, Australian consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
- Account Overload Leads to Password Fatigue: The surge in digital accounts has led to lax password behaviours, with four in five (79%) of Australian respondents admitting to reusing credentials at least some of the time. This means a majority of new accounts created during the pandemic likely relied on reused email and password combinations, exposed via data breaches over the past decade.
- Convenience Outweighs Security & Privacy: Nearly half of Australian Gen Zers (42%) and one third of Millennials (31%) would rather place an order using a potentially insecure app or website vs. call or go to a physical location in person. With users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will fall more heavily on companies providing these services to avoid fraud.
“Like other regions of the world, Asia Pacific was propelled by the pandemic into a digital-first interaction for nearly every facet of life and it continues to shape our day-to-day interactions,” said Chris Hockings, Security Technical Leader at IBM A/NZ. “From groceries, banking, social interactions to even healthcare services for COVID-19, consumers are demonstrating a sophisticated command of digital tools. As a result, businesses are increasingly reliant on digital channels for customer engagement and service delivery, greatly increasing their cybersecurity risks. Organizations are actively looking for advanced tools, leveraging AI and analytics, to modernize their Identity and Access Management platforms to provide a frictionless user experience across digital platforms while creating a stronger security posture and limiting potential risk. To assure the greatest levels of security, adopting a ‘Zero-trust’ approach, developing and understanding context around every user, every device and every interaction is mission critical.”
Paving the Way for Digital Credentials
The concept of vaccine passports introduced consumers to a real-world use case for digital credentials, which offer a technology-based approach to verify specific aspects of our identity. According to the survey, 51% of Australian adults say they are familiar with the concept of digital credentials, and 65% would be likely to adopt them if they became commonly acceptable.
This exposure during the pandemic may help spur wider adoption of modernised systems of digital identity, which could replace the need for traditional forms of ID like passports and driver’s licenses, offering a way for consumers to maintain greater privacy by only providing the limited information required for a specific transaction. Leveraging a digital form of identity can also create a more sustainable security and privacy model for the future – with security protections in place to avoid counterfeiting, and the ability to update these credentials in the event they are compromised.
Additional Survey Findings:
The survey also shed light on a variety of consumer behaviours impacting the cybersecurity landscape today and moving forward. As individuals increasingly leverage digital interactions in more realms of their lives, the survey found that many have also become primed with high expectations for ease of access and use.
- 5 Minute Rule: According to the survey, two thirds of Australian adults (65%) expect to spend less than 5 minutes setting up a new digital account.
- Three strikes you’re out: Australian respondents would attempt 3 logins before resetting their password. These resets are not only cost companies’ money, they can also pose security threats if used in combination with a compromised phone or email account.
- Committed to Memory: 44% of respondents store online account information in their memory (most common method,) while 32% write them on paper.
- Multi-factor authentication: While password reuse is a growing problem, adding an additional factor of verification for higher risk transactions can help reduce this risk. The survey found that more than two-thirds of Australians (68%) had used multi-factor authentication within the past few weeks of being surveyed.
How Organisations Can Adapt to Shifting Consumer Security Landscape
Businesses that have become increasingly reliant on digital engagement with consumers as a result of the pandemic should consider the impact this has on their cybersecurity risk profiles. In light of shifting consumer behaviours and preferences around digital convenience, IBM Security offers the following guidance:
- Zero Trust Approach: Given increasing risks, companies should consider evolving to “zero trust” security approach, which operates under the assumption that security may already be compromised, and therefore continuously validates the conditions for connection between users, data, and resources to determine authorisation and need. This approach requires companies to unify their security data and approach, with the goal wrapping security context around every user, every device, and every interaction.
- Modernising Consumer IAM: For companies that want to continue leveraging digital channels for consumer engagement, providing a seamless authentication process is key. Investing in a modernised Consumer Identity and Access Management (CIAM) strategy can help companies increase digital engagement – providing a more seamless user experience across digital platforms, and using behavioural analytics to decrease the risk of fraudulent account use.
- Data Protection & Privacy: Having more digital users means that companies will also have more sensitive consumer data to protect. With data breaches costing Australian companies $3.35 million on average, organisations must ensure that strong data security controls are place to prevent unauthorised access – from monitoring data to detect suspicious activity, to encrypting sensitive data wherever it travels. Companies should also implement the right privacy policies in order to maintain consumer trust.
- Put Security to the Test: With usage and reliance on digital platforms changing rapidly, companies should consider dedicated testing to ensure the security strategies and technologies they’ve relied on previously still hold up in this new landscape; re-evaluating the effectiveness of incident response plans, and testing applications for security vulnerabilities are both important components of this process.