4iQ recently completed research focusing on Americans’ attitudes about cybersecurity breaches and the efforts that organizations make to mitigate breaches’ effects on identity theft.
Where’s the data?
The findings indicate that a large proportion of Americans (44%) believe their personally identifiable information (PII) has been stolen as a result of a data breach. A strong majority (63%) are concerned that prior breaches could lead to future identity fraud, and a significant number (37%) believe they have already been a victim of fraud.
In addition to providing insights into the prevalence of citizen PII loss, the survey also uncovered perceptions around the effectiveness of those guarding data. While 75% of respondents perceived their employers to be “effective” or “very effective” at protecting PII, only 42% felt the same way about the government’s effectiveness.
Growing lack of trust
Similarly, in terms of actions taken in the wake of a breach resulting in PII loss, respondents also anticipated higher levels of response from employers than government.
More than 83% said they would expect security upgrades and proactive communications from employers and 54% would specifically expect the offer of identity protection services. This numbers shrunk to 74% and 50% for government breaches.
“We have heard about the growing lack of trust in government institutions, and when it comes to protecting PII, there’s a very good reason for the lack of confidence – the public sector worldwide has experienced a large number of data breaches,” said Monica Pal, CEO of 4iQ.
“4iQ saw a 291% increase in government sector breaches circulating in the underground in 2018. So far in 2019, we’ve validated over 700 government site breaches around the world, not including public records such as voter databases. This information, along with data breached from companies is being weaponized for identity theft, account takeover, fraud and other cyber fueled crime. It is high time that governments and companies get serious about working together to protect citizens, employees and consumers, and fight cybercrime.”
4iQ’s research also indicated that people may feel unprepared to contend with the threats presented by exposed personal information. When asked about their own effectiveness when it comes to protecting their PII, survey respondents actually rated themselves lower than their employers, with only 15% calling themselves “very effective,” versus 23% for their employers.
Everyday Americans may also feel significant pressure around avoiding mistakes with online security – 77% said that their employment status would be impacted by any mistakes they make with online security that compromised their employer’s systems, and 48% believed any errors they make could have a “high or very high impact” upon their employment.
“While cyber awareness campaigns and cybersecurity training are essential, it’s also important that we don’t simply pass the data protection buck to the end-user,” added Pal. “Citizens, consumers and employees can’t possibly be held responsible for all of the breaches of the past – government agencies and businesses must recognize that every employee is also a consumer and consumers are citizens and voters – who must be better protected from identity theft, account takeover, fraud and other cyber enabled crimes. In addition, consumers and companies must report these crimes and government agencies must do a better job of investigating, prosecuting and disrupting crimes.”