Consumers exposed, confused and apathetic in fight against cybercrime

By Rikard af Sandeberg, Managing Director Denmark and Norway, Affinion

Consumers are in the dark when it comes to preventing, detecting and resolving cybercrime. This is despite the fact that concern and awareness of cybercrime is growing and occurrences soaring; estimates show cybercriminal revenues worldwide of at least $1.5 trillion.

Bewildered consumers

In the recently published Affinion Cybercrime SOS report, we found that three quarters of consumers have no idea what to do if they experience a cybercrime attack. Instead, there is widespread confusion about who to turn to and how to fight back. Given the number of different types of cybercrime, many consumers don’t know the best way of resolving an incident, who they can contact or whether they should simply rely upon themselves. This is leaving people bewildered and overwhelmed.

Interestingly, American consumers are the most confident– 37 per cent of those interviewed said they knew how to resolve a case of cybercrime. This could be due to a higher incidence rate in the US – the country has significantly higher claimed instances of identity theft (49% affected), and fraudulent transactions (84% affected) compared to the global averages of 33% and 55% respectively. This still means that nearly two thirds of Americans are ill-equipped to handle the aftermath of an attack. Residents in Turkey felt the least confident to resolve a cybercrime incident with only 17 per cent stating they knew what to do.

Open to attack

There is also a universal lack of knowledge about how to prevent cybercrime. Many consumers have not moved beyond basic measures to protect themselves online – only 16 per cent of people worldwide have access to identity theft protection; 17 per cent to a credit report subscription and 30 per cent to a password manager.

Even the simplest forms of online security are not universally adopted – a third (31%) of respondents do not employ any type of software protection and only 58 per cent have access to a firewall, suggesting that many consumers are leaving themselves completely exposed and vulnerable to cybercrime.

Who to turn to?

We are used to hearing about high profile cases of cybercrime and watching the drama unfold as big companies like British Airways, Ticketmaster, Yahoo and Equifax struggle to get on top of data breaches and handle the ensuing backlash. But what about isolated cases of identity theft or times when individuals notice suspicious activity on their accounts? Who should they turn to then?

Our research suggests that financial services providers come top when respondents were asked who they had reported their most recent experience of cybercrime to. Consumers expect to turn to their banks and insurance providers for help resolving incidents, as well as the police.

The situation is hard for consumers to navigate because there are often so many involved parties. Also, the lines of reporting and responsibility are blurred and advice and best practice varies across the globe. In the US, the Federal Trade Commission suggests that in most cases you don’t need to report ID theft cases to the police. Whereas in the UK, organisations like Action Fraud provide a raft of options and steps to take.

Turn to the experts

The research suggests that consumers are looking for support. They are happy to take day-to-day responsibility for managing their digital lives but if a cybercrime occurs, they would prefer to hand the situation over to experts. Only one in three (35%) are interested in learning themselves how to resolve an issue if they fall victim whereas more would like to learn how to prevent (50%) or detect it (45%).

Sixty-five per cent of people do not want to be personally responsible for handling an incident instead preferring to delegate to an organisation that understands the complexities of cybercrime. When incidents have happened, 39 per cent credit their bank with resolving the issue and this has boosted brand perception.

In many ways, the attitude of consumers resembles the approach they have towards car ownership. With a car, people are usually willing to take responsibility for maintaining and keeping it working, but if it breaks down, they like to get help from a mechanic. In the same way, consumers seem happy to manage their day-to-day digital activity but if targeted by cyber criminals, they want to hand over the case and aftermath to experts.

This is understandable because resolving cybercrime is complex and can take many months to get to the bottom of. For example, if someone’s identity is stolen and used, it can be hard (and upsetting) to resolve. Some victims may never be entirely sure if the problem has been 100 per cent settled as information can sometimes be traded and passed around the dark web.

If consumers delay reporting suspicious activity because they don’t know what to do, the criminals will have more time to share personal information and the negative impact will escalate.

In light of the confusion and uncertainty that exists, there is a huge need for businesses to empower customers to take responsibility for protecting themselves and to show them what to do when something does happen. The uptake of even the most basic forms of protection is not widespread and consumers are looking for guidance and intervention from the financial organisations they know and trust.  There is therefore a window of opportunity for businesses to step in and walk alongside customers as they tackle an issue that can be incredibly delicate and distressing. Those firms that really invest in this area and seek to play a more meaningful role in their customers’ lives will inevitably be rewarded with loyalty and engagement, something that will differentiate them from competitors.

To read the full report visit: https://affinion.dk/insight/cybercrimesos/

Image credit: Christiaan Colen