If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. After all, they affect the public directly more often now, such as when attackers steal their personal information from a large company.
How do consumers perceive these attacks and the threat from future attacks? In what way does this new awareness change consumer behavior and expectations?
Enterprise Attacks Directly Affect Consumers
When attackers breach companies, consumers share the impact. The most measurable impact is in the price of goods and services.
Cyberattacks incur costs in the form of ransomware payouts, higher insurance prices, lawyer fees to remain compliant with regulations, operational disruption, the costs of getting back online and other expenses. These costs are borne by companies, but in the end, raise consumer prices.
And the costs of attacks are going up every year. The average cost of a ransomware attack, for example, was $1.85 million in 2020 — double the previous year, according to a survey from Sophos.
And the future looks grim on this count. Cybercrime costs worldwide are expected to grow by 15% per year over the next five years, reaching $10.5 trillion per year by 2025, according to a prediction by Cybersecurity Ventures. This is the increase in the cost of doing business, which will be reflected in consumer prices.
The other major impact of enterprise cyberattacks on consumers comes from when an attack breaches customer data. Many kinds of attacks leave customers open to identity theft and other kinds of fraud. When attackers sell customer data on the dark web and other criminals buy that data, they can turn an enterprise attack into hundreds of others. It can spin off into credit card fraud, identity theft and a world of social engineering scams. Cyberattacks may strike once, but identity- and personal data-related fraud is forever.
Attacks impact consumers. But what do consumers think about cyberattacks?
How Consumers Think About Cyberattacks
Public awareness about cyberattacks is high. More than three-quarters of consumers are concerned about the privacy of their data, according to a KPMG survey. This worry about the data that companies retain comes with concern about having that data stolen or compromised by a cyberattack.
Some 63% of consumers worry about their data being stolen, according to a survey by Norton. And more and more public reporting in the media on major cyberattacks and their impacts drives this concern.
The rise in cyberattacks on businesses has heightened consumer worries in the past year. Some 44% feel more at risk from cybercrime than they did before the COVID-19 pandemic began, according to the Norton survey.
That worry exists and is rising. But how does worry about cyberattacks manifest in the actions of consumers?
Changing Consumer Behavior and Attitudes
One major impact from concern over cyberattacks is that customers may mistrust brands that suffered an attack. And this mistrust drives consumers away.
A majority (59%) of consumers say they’ll avoid companies hit by a cyberattack in the past year, according to a survey by Arcserve. This means customers are likely to switch from the attacked company to its market rivals.
Consumers are seeing more and more that cyberattacks against the companies that hold their personal data put their own cybersecurity at risk. That data gives criminals the information they need to launch phishing attacks and other threats against them. This is especially acute in the financial services industry, and deeply concerning in health care.
And it’s not just business. Most American citizens are concerned about state-sponsored cyberattacks on U.S. financial institutions, national security and defense systems, energy systems, health care organizations, government agencies and their own personal information, according to a study from the Pearson Institute for the Study and Resolution of Global Conflicts at the University of Chicago and The Associated Press-NORC Center for Public Affairs Research.
What Does This Mean for the Future?
Two rising trends are coming together. First, look at the growing frequency, cost and impact of cyberattacks. Add to that the increasing awareness, concern and reaction of consumers. The one-two punch bodes ill for consumer-facing companies.
This means cybersecurity has major hidden costs they didn’t have in the past. Those are the cost of lost customers, the hesitancy of customers to give up personal and financial data and what could be major reputational damage from serious cyberattacks.
The cost of lost customers also magnifies the other costs by raising the incentive to make ransomware payments and spend more on cyber insurance, cybersecurity staff and tools, reputation management and PR and other costs. The consumer factor magnifies the impact of cyberattacks.
The good news is that there’s a flip side. Consumer concern presents an opportunity, too. You can address customers’ anxiety in advance in a few ways. First, establish very strong security and customer data protection. In addition, communicate to customers exactly why their data is safe.
It’s time to stop assuming that consumers don’t know or care about cybersecurity. They do, and they understand it. That’s why organizations need the right security posture. Combine that with clear and respectful messaging, and you get a way forward. You’ll need it in this new era of cyber threats and with growing public awareness and concern for the risks.
I write a popular weekly column for Computerworld, contribute news analysis pieces for Fast Company, and also write special features, columns and think piece...