IBM Security has announced the results of a global survey examining consumers’ digital behaviors during the pandemic, as well as their potential long-term impact on cybersecurity. As society becomes accustomed to digital-first interactions, the study found that preferences for convenience often outweighed security and privacy concerns amongst individuals surveyed – leading to poor choices around passwords and other cybersecurity behaviors.
The global survey of 22,000 individuals in 22 markets, conducted by Morning Consult on behalf of IBM Security, identified the following effects of the pandemic on consumer security behaviors:
Digital Boom will Outlast Pandemic Protocols: Individuals surveyed created 15 new online accounts during the pandemic on average, equating to billions of new accounts created around the world. With 44 percent reporting that they do not plan to delete or deactivate these new accounts, these consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
Account Overload Led to Password Fatigue: The surge in digital accounts led to lax password behaviors amongst those surveyed, with 82 percent of respondents admitting to reusing credentials at least some of the time. This means that many of the new accounts created during the pandemic likely relied on reused email and password combinations, which may have already been exposed via data breaches over the past decade.
Convenience often Outweighed Security & Privacy: More than half (51 percent) of millennials surveyed would rather place an order using a potentially insecure app or website vs. call or go to a physical location in person. With these users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will likely fall more heavily on companies providing these services to avoid fraud.
“The pandemic led to a surge in new online accounts, but society’s growing preference for digital convenience may come at a cost to security and data privacy,” said Charles Henderson, Global Managing Partner and Head, IBM Security X-Force. “Organizations must now consider the effects of this digital dependence on their security risk profile. With passwords becoming less and less reliable, one way that organizations can adapt, beyond multi-factor authentication, is shifting to a ‘zero trust’ approach – applying advanced AI and analytics throughout the process to spot potential threats, rather than assuming a user is trusted after authentication.”
Consumers Report High Expectations for Ease of Access
The survey shed light on a variety of consumer behaviors impacting the cybersecurity landscape today and moving forward. As individuals increasingly leverage digital interactions in more realms of their lives, the survey found that many have also become primed with high expectations for ease of access and use.
- 5 Minute Rule: According to the survey, most adults (59 percent) expect to spend less than 5 minutes setting up a new digital account.
- Three strikes you’re out: Globally, respondents would attempt 3-4 logins before resetting their password. These resets not only cost companies’ money, they can also pose security threats if used in combination with an already compromised email account.
- Committed to Memory: 44 percent of respondents store online account information in their memory (most common method,) while 32 percent write this information on paper.
- Multi-factor authentication: While password reuse is a growing problem, adding an additional factor of verification for higher risk transactions can help reduce the risk of account compromise. The survey found that around two-thirds of global respondents had used multi-factor authentication within the past few weeks of being surveyed.