Everyone should have heard the news by now: 2017 brought a record number of data breaches and there was no end to the carnage of identity fraud and theft. So what's the all-important consumer reaction? Leaders can hope for evidence that consumers are getting better at protection, but it seems that all they got was more widespread wariness. Who can blame identity-holders though, when the collective body of Identity-protection advice and methods is a confusing and even sometimes contradictory maze. The good news is that there's no leveling off of consumer motivation.
With last year bringing a record 1,579 breaches in the U.S. (nearly 500 more than 2016, according to the Identity theft Resource Center), it should be no surprise that there was $17B in consumer identity theft (Javelin Strategy & Research). Data breaches feed fraud, and consumers simply react in the way in the way they find most rational. The success of many business, government and even non-profit leaders often depends on consumer behavior, so a current understanding of ever-changing consumer behavior is vital. To this end, I've summarized a few key findings from anew research project I just completed with IDology, and you can access the full study here.
First-off: people really care about increased threats. 57% of the 1,000+ US adults who completed our survey are more concerned that their personal information will be compromised in a data breach. Designers of new technology–digital opening of new accounts for instance–can take heart that more consumers prioritize security than ease of use or speed for instance. And yet convenience is still a top issue, with over 3 in ten say king that they "abandoned signing up for a new account because the process was too difficult or took too long" (see page 6 of the report).
When asked to rank the perceived security of 7 different digital identity methods, highest ratings were given to biometrics, knowledge-based questions, and one-time passwords. Still-emerging methods such as authentication apps, mobile authentication, and third-party authentication ranked lowest, which I suspect is at least partly because people have less familiarity with them. Meanwhile, consumer practices remain somewhere between frightening and bleak, with no-no's such as password reuse or infrequent quite widespread. (35% never or infrequently change their passwords, for instance). Perhaps this is why 45% are either very or extremely willing to 'switch to an easier, more secure identification method (other than passwords) to access (their) online accounts". In consumer security behaviors the problem is a lack of supply, not demand.
Consumers hold both their providers and themselves responsible for protecting their personal information, which should be good news for those taking leadership steps. 67% strongly agree that it is a company's responsibility to protect personal information, in comparison to 59% who feel the same way about their own behavior. My personal view of the gap between the two stats is that enterprises need to find improved ways to share incentives–of both a positive and negative nature–with identity-holders. After all, identity safety is a win for all (honest) parties.
Consumer security behaviors and attitudes are an ever-changing field, with risks and opportunities that parallel changes in volume and nature of data compromises and follow-on identity crimes. Should we be surprised? No, we should be informed, in order to be our best at what we do.