Many businesses have increased their investments in cybersecurity and data protection in recent years and, in many ways, it has paid off. Consumers have seen a 25 percent decrease in debit and credit card compromises since 2017, according to a recent Cybersecurity Awareness Insights Study from Fiserv. Businesses have innovated, incorporated more layers of protection and leveraged emerging technologies to thwart bad actors before they strike.
But what does the consumer think of this? They’re sending mixed messages. Consumers realize businesses have made considerable efforts to protect them and their data, yet nearly 60 percent remain bothered by the temporary inconveniences of advanced security measures. Perhaps unsurprisingly, consumers want security without sacrificing convenience.
Turning Ambivalence into Awareness: According to the same study, 44 percent of consumers can be classified as ambivalent when it comes to cybersecurity – meaning nearly half of all consumers are aware that cybercrime is a real threat, but will only protect themselves against it when convenient.
For businesses, a high rate of ambivalence among their employees may mean they are not following best practices for data security. As such, businesses shouldn’t pause on improving their cybersecurity posture. They should press forward and take additional actions to continually improve the business, educate both consumers and employees on cybersecurity, and work diligently to shift ambivalence into heightened awareness.
Showcase behind the Scenes: Two-factor authentication has become a staple for confirming consumer identity when transacting or entering personal information online. But the temporary inconvenience of going through these motions, or additional steps when forgetting a password, annoy consumers the most. Behind the scenes, businesses remain committed to innovation and employing more artificial intelligence and machine learning to quickly prove digital identity and create a less cumbersome process. Educating consumers about these innovations can put them at ease. Evolving cybersecurity strategies is also imperative. This starts with re-assessing how data is secured at a transaction’s starting point and employing point-to-point encryption.
Educating Employees: According to the Fiserv study, fewer than half of employees said they would delete a suspicious email without opening it – a small task that should be viewed as cybersecurity 101! There’s clearly work to be done in educating employees about the risks of phishing and other cyberattacks.
More often, employees are looking to their employer to provide cybersecurity training, but aren’t always getting the support they expect. To that end, only 58 percent of employees said their employer sends regular cybersecurity updates, and 45 percent said their employer offers formal cybersecurity training. Among employees who aren’t provided cybersecurity training, only nine percent said their employer has a plan in place to do so.
So what can businesses do? Cyber education programs must go beyond sharing web, email and pamphlet literature. There is a clear opportunity for businesses to educate consumers and employees to help them understand both the potential impact of inaction and how security measures are designed to protect them. Businesses should also evaluate new delivery methods for conveying cyber hygiene messages. Larger businesses have the resources to be on the cutting edge of education programming by experimenting with gamification. Businesses also can maximize the knowledge base of their customer facing employees, particularly customer care agents, so they are ready to provide helpful cybersecurity tips in situations that warrant them.
Heading into 2020, it’s clear that businesses are on the right cybersecurity track and should be applauded for their investment and innovation to enable more secure experiences. But in the business of constant improvement, there is plenty of runway to do more.