Light Dark
November 29, 2021 By Mike Elgan 4 min read
Data Protection
Fraud Protection
Incident Response
Risk Management
Security Services

If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. After all, they affect the public directly more often now, such as when attackers steal their personal information from a large company.

How do consumers perceive these attacks and the threat from future attacks? In what way does this new awareness change consumer behavior and expectations?

Enterprise Attacks Directly Affect Consumers

When attackers breach companies, consumers share the impact. The most measurable impact is in the price of goods and services.

Cyberattacks incur costs in the form of ransomware payouts, higher insurance prices, lawyer fees to remain compliant with regulations, operational disruption, the costs of getting back online and other expenses. These costs are borne by companies, but in the end, raise consumer prices.

And the costs of attacks are going up every year. The average cost of a ransomware attack, for example, was $1.85 million in 2020 — double the previous year, according to a survey from Sophos.

And the future looks grim on this count. Cybercrime costs worldwide are expected to grow by 15% per year over the next five years, reaching $10.5 trillion per year by 2025, according to a prediction by Cybersecurity Ventures. This is the increase in the cost of doing business, which will be reflected in consumer prices.

The other major impact of enterprise cyberattacks on consumers comes from when an attack breaches customer data. Many kinds of attacks leave customers open to identity theft and other kinds of fraud. When attackers sell customer data on the dark web and other criminals buy that data, they can turn an enterprise attack into hundreds of others. It can spin off into credit card fraud, identity theft and a world of social engineering scams. Cyberattacks may strike once, but identity- and personal data-related fraud is forever.

Attacks impact consumers. But what do consumers think about cyberattacks?

How Consumers Think About Cyberattacks

Public awareness about cyberattacks is high. More than three-quarters of consumers are concerned about the privacy of their data, according to a KPMG survey. This worry about the data that companies retain comes with concern about having that data stolen or compromised by a cyberattack.

Some 63% of consumers worry about their data being stolen, according to a survey by Norton. And more and more public reporting in the media on major cyberattacks and their impacts drives this concern.

The rise in cyberattacks on businesses has heightened consumer worries in the past year. Some 44% feel more at risk from cybercrime than they did before the COVID-19 pandemic began, according to the Norton survey.

That worry exists and is rising. But how does worry about cyberattacks manifest in the actions of consumers?

Changing Consumer Behavior and Attitudes

One major impact from concern over cyberattacks is that customers may mistrust brands that suffered an attack. And this mistrust drives consumers away.

A majority (59%) of consumers say they’ll avoid companies hit by a cyberattack in the past year, according to a survey by Arcserve. This means customers are likely to switch from the attacked company to its market rivals.

Consumers are seeing more and more that cyberattacks against the companies that hold their personal data put their own cybersecurity at risk. That data gives criminals the information they need to launch phishing attacks and other threats against them. This is especially acute in the financial services industry, and deeply concerning in health care.

And it’s not just business. Most American citizens are concerned about state-sponsored cyberattacks on U.S. financial institutions, national security and defense systems, energy systems, health care organizations, government agencies and their own personal information, according to a study from the Pearson Institute for the Study and Resolution of Global Conflicts at the University of Chicago and The Associated Press-NORC Center for Public Affairs Research.

What Does This Mean for the Future?

Two rising trends are coming together. First, look at the growing frequency, cost and impact of cyberattacks. Add to that the increasing awareness, concern and reaction of consumers. The one-two punch bodes ill for consumer-facing companies.

This means cybersecurity has major hidden costs they didn’t have in the past. Those are the cost of lost customers, the hesitancy of customers to give up personal and financial data and what could be major reputational damage from serious cyberattacks.

The cost of lost customers also magnifies the other costs by raising the incentive to make ransomware payments and spend more on cyber insurance, cybersecurity staff and tools, reputation management and PR and other costs. The consumer factor magnifies the impact of cyberattacks.

The good news is that there’s a flip side. Consumer concern presents an opportunity, too. You can address customers’ anxiety in advance in a few ways. First, establish very strong security and customer data protection. In addition, communicate to customers exactly why their data is safe.

It’s time to stop assuming that consumers don’t know or care about cybersecurity. They do, and they understand it. That’s why organizations need the right security posture. Combine that with clear and respectful messaging, and you get a way forward. You’ll need it in this new era of cyber threats and with growing public awareness and concern for the risks.

 |  |  |  |  | 
Mike Elgan

More from Data Protection
November 2, 2023

Defense in depth: Layering your security coverage

2 min read - The more valuable a possession, the more steps you take to protect it. A home, for example, is protected by the lock systems on doors and windows, but the valuable or sensitive items that a criminal might steal are stored with even more security — in a locked filing cabinet or a safe. This provides layers of protection for the things you really don’t want a thief to get their hands on. You tailor each item’s protection accordingly, depending on…

November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 25, 2023

Cost of a data breach: The evolving role of law enforcement

4 min read - If someone broke into your company’s office to steal your valuable assets, your first step would be to contact law enforcement. But would your reaction be the same if someone broke into your company’s network and accessed your most valuable assets through a data breach? A decade ago, when smartphones were still relatively new and most people were still coming to understand the value of data both corporate-wide and personally, there was little incentive to report cyber crime. It was…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature