GFI Software™ has released the findings of an independent study examining the business and societal impacts of cyber security issues, revealing stark concerns over the increasing business risks posed by cyber crime and the growing likelihood that cyber crime acts will escalate to physical retaliation.
With multiple recent high-profile attacks targeting large employers—including the Sony hack, the Netflix-user data leak, and the hit on health insurer Anthem that exposed valuable employee and member records—the survey shows that individuals increasingly fear cyber crime and its resulting consequences. In fact, according to the survey, 46% of respondents have been victimized by at least one cyber crime in the last year alone. Key findings from the survey include:
- 43% see banks as the main target for cyber criminals in the coming year.
- 17% fear that large business institutions will be targeted for crime and cyber espionage, but only 12% believe retailers will be a major target, despite the potential for high levels of credit card data theft.
- With healthcare data increasingly digitized, 10% are concerned that cyber criminals will target hospitals, HMOs, and health insurers in the coming year.
- The perceived threat from cyber attacks is hurting adoption of Internet of Things (IoT) technology, with almost 60% either viewing Internet-connected home devices as too risky to own, or hesitating to purchase more devices.
- 57% of respondents believe malware still poses the biggest threat to business information security.
The Business Impact Of Cyber Crime
The research revealed that almost all cyber crimes have a noticeable, detrimental impact on businesses, with 88% of respondents believing that a cyber attack against their employer would have measurable financial and productivity implications. An additional 6% believe that a single cyber attack against their employer could easily put the organization out of business permanently.
“Cyber attacks have profound consequences for the business community, whether companies are the target, or the victim of an attack elsewhere. In the last few months alone we’ve seen major corporations targeted in systematic acts of espionage and geopolitical retaliation, as well as hundreds of thousands—potentially millions—of individuals affected by the fallout of data being stolen and misused,” said Sergio Galindo, general manager of GFI Software. “Usernames, passwords, credit card data, health records—malicious use of this data by criminals can quickly create financial hardship and significant stress for affected individuals, while the negative fallout for organizations the data was stolen from can range from loss of reputation to fines, falling sales, civil and criminal legal proceedings, and more,” Galindo adds.
Impact Of Cyber Crime On Public Services
Until recently, companies rarely thought of hackers accessing everyday public and utility services to wreak havoc. Such services are at much greater risk, however, with everything from traffic lights and CCTV cameras to power stations and smart meters being increasingly computerized and networked to improve efficiency, centralize management, and reduce cost. This new vulnerability was highlighted in November 2014, when the NSA reported that hackers successfully accessed the U.S. power grid.
As a result, nearly three quarters (71.5%) of those surveyed now believe the hijacking of major services (utility services, traffic management, transport etc.) by cyber criminals is a genuine threat to U.S. national security. In addition, 50% believe that increased cyber crime is making life harder by making it more challenging to access everyday services, and 37% believe the heightened cyber crime environment hinders productivity.
Reliance on digital devices makes us more of a target, according to 28% of respondents who believe that our everyday use of technology has left businesses more exposed than ever to virtual crime. Most worrying is that more than one third (35.3%) believe that acts of cyber crime and cyber terrorism are likely to spill over into physical acts of crime and terrorism.
“Cyber crime is not a victimless activity—virtual acts of criminality affect real people, put jobs at risk, and have lasting consequences for everyone impacted by them,” Galindo added.
Taking Steps To Improve Online Security
The survey also revealed that growing cyber security concerns have prompted people to take more aggressive steps to protect themselves and their online footprint, both at work and at home:
- 63% now regularly change passwords for web sites and online services;
- 56% have taken steps to strengthen their anti virus protection;
- 51% have activated PIN or password protection on tablets and smartphones;
- 50% now avoid duplicating passwords across multiple sites and services;
- 32% have, where supported, activated two-factor authentication for logging in;
- 5.5% have done nothing to improve their online security.
“It is particularly encouraging to see that one third of those surveyed have embraced two-factor authentication. While some financial institutions now insist on this technology to protect online banking access, people are increasingly activating two-factor to protect social networking, e-mail, e-wallet, and other online services,” said Galindo.
Comparison With The U.K.
The same survey, conducted among a parallel demographic in the U.K., produced broadly similar results—with one interesting difference: U.S. respondents were between four and five percent more security conscious with regards to the steps taken to secure personal data and prevent unauthorized access to online services.
In the U.K., just over one quarter (27%) of those surveyed have begun creating dedicated e-mail addresses for use with specific online services in an effort to minimize the impact of a security breach. In the U.S., the site of several high-profile username and password thefts, this number is as high as one third.
The blind, independent study was conducted for GFI Software by Opinion Matters and surveyed 1,008 U.S. adults, working for companies with up to 5,000 staff that use a computer or mobile computing devices.