If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. After all, they affect the public directly more often now, such as when attackers steal their personal information from a large company.

How do consumers perceive these attacks and the threat from future attacks? In what way does this new awareness change consumer behavior and expectations?

Enterprise Attacks Directly Affect Consumers

When attackers breach companies, consumers share the impact. The most measurable impact is in the price of goods and services.

Cyberattacks incur costs in the form of ransomware payouts, higher insurance prices, lawyer fees to remain compliant with regulations, operational disruption, the costs of getting back online and other expenses. These costs are borne by companies, but in the end, raise consumer prices.

And the costs of attacks are going up every year. The average cost of a ransomware attack, for example, was $1.85 million in 2020 — double the previous year, according to a survey from Sophos.

And the future looks grim on this count. Cybercrime costs worldwide are expected to grow by 15% per year over the next five years, reaching $10.5 trillion per year by 2025, according to a prediction by Cybersecurity Ventures. This is the increase in the cost of doing business, which will be reflected in consumer prices.

The other major impact of enterprise cyberattacks on consumers comes from when an attack breaches customer data. Many kinds of attacks leave customers open to identity theft and other kinds of fraud. When attackers sell customer data on the dark web and other criminals buy that data, they can turn an enterprise attack into hundreds of others. It can spin off into credit card fraud, identity theft and a world of social engineering scams. Cyberattacks may strike once, but identity- and personal data-related fraud is forever.

Attacks impact consumers. But what do consumers think about cyberattacks?

How Consumers Think About Cyberattacks

Public awareness about cyberattacks is high. More than three-quarters of consumers are concerned about the privacy of their data, according to a KPMG survey. This worry about the data that companies retain comes with concern about having that data stolen or compromised by a cyberattack.

Some 63% of consumers worry about their data being stolen, according to a survey by Norton. And more and more public reporting in the media on major cyberattacks and their impacts drives this concern.

The rise in cyberattacks on businesses has heightened consumer worries in the past year. Some 44% feel more at risk from cybercrime than they did before the COVID-19 pandemic began, according to the Norton survey.

That worry exists and is rising. But how does worry about cyberattacks manifest in the actions of consumers?

Changing Consumer Behavior and Attitudes

One major impact from concern over cyberattacks is that customers may mistrust brands that suffered an attack. And this mistrust drives consumers away.

A majority (59%) of consumers say they’ll avoid companies hit by a cyberattack in the past year, according to a survey by Arcserve. This means customers are likely to switch from the attacked company to its market rivals.

Consumers are seeing more and more that cyberattacks against the companies that hold their personal data put their own cybersecurity at risk. That data gives criminals the information they need to launch phishing attacks and other threats against them. This is especially acute in the financial services industry, and deeply concerning in health care.

And it’s not just business. Most American citizens are concerned about state-sponsored cyberattacks on U.S. financial institutions, national security and defense systems, energy systems, health care organizations, government agencies and their own personal information, according to a study from the Pearson Institute for the Study and Resolution of Global Conflicts at the University of Chicago and The Associated Press-NORC Center for Public Affairs Research.

What Does This Mean for the Future?

Two rising trends are coming together. First, look at the growing frequency, cost and impact of cyberattacks. Add to that the increasing awareness, concern and reaction of consumers. The one-two punch bodes ill for consumer-facing companies.

This means cybersecurity has major hidden costs they didn’t have in the past. Those are the cost of lost customers, the hesitancy of customers to give up personal and financial data and what could be major reputational damage from serious cyberattacks.

The cost of lost customers also magnifies the other costs by raising the incentive to make ransomware payments and spend more on cyber insurance, cybersecurity staff and tools, reputation management and PR and other costs. The consumer factor magnifies the impact of cyberattacks.

The good news is that there’s a flip side. Consumer concern presents an opportunity, too. You can address customers’ anxiety in advance in a few ways. First, establish very strong security and customer data protection. In addition, communicate to customers exactly why their data is safe.

It’s time to stop assuming that consumers don’t know or care about cybersecurity. They do, and they understand it. That’s why organizations need the right security posture. Combine that with clear and respectful messaging, and you get a way forward. You’ll need it in this new era of cyber threats and with growing public awareness and concern for the risks.

More from Data Protection

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…