Crossroads Blog | Institute National Security and Counterterrorism

Current Affairs, cyber attack, education, IT security

Massive Data Breach Not Enough to Change Americans’ Habits

According to a recent Associated Press-GfK poll, the massive security breach at the retail giant Target, which compromised over 40 million debit and credit card numbers and the personal information of at least 70 million people, has done little to encourage the American public to take a more active role in the security of their personal data.

Since the breach:

  • Nearly 50% of Americans say they are worried about their personal information when shopping in stores
  • 61% say they are worried about spending online
  • 62% are worried when they use their mobile phones to make purchases

Despite the concerns Americans have about electronic purchases, the poll indicates that citizens are still refusing to take steps to combat the threats from a cyber attack.

  • Only 37% of Americans have made the switch to cash as opposed to credit or debit cards
  • 41% have started checking their credit reports

And an even smaller percentage have elected to take simpler protective measures, such as:

  • changing passwords to online accounts,
  • requesting new credit and debit card numbers, or
  • signing up for a credit monitoring service.

Why are Americans so apathetic about cyber security? According to AP, security experts think that while Americans understand that these types of information thefts are a possibility, they have just come to expect it. It just comes with the territory when using credit and debit cards or giving retailers personal information and it seems Americans just are not ready to give that part of their lives up.  Additionally,

Experts say the results show another expectation Americans have: While nearly 4 out of 10 say they have been victimized by personal data theft, most expect credit card companies, banks or retailers to take responsibility when that happens.

[Which, as we have discussed in other posts, is not exactly the case.]

But, those who have actually suffered a theft of their personal data have different views

52% check their credit report

41% have started using more cash

28% have signed up form credit monitoring service

In my opinion, at least based on this poll, it seems no matter how large the data breach is, no matter how many people affected or millions of dollars lost, if it does not personally affect them, a cyber attack is not likely to change Americans’ attitudes or habits.

2 Comments

  1. wcsnyder

    So, what do you think it will take to get Americans to practice safe cyber hygiene short of personal victimization? Nothing? Will Americans always choose convenience over safety until such an event, and someone has to change the incentives through taxes, regulation, etc.? Is your solution to cyber security in the long run to speed up the rate of cyber crime now so that we can sooner get to the point where the majority has been personally victimized?

    • Comment by post author

      Jason

      When it comes to practicing cyber hygiene I think Americans engage in a cost-benefits analysis of sorts. With credit and debit cards, Americans get a large amount of convenience as well as a sense of security. The security comes from the idea that the banks and credit card companies will take the losses that result from a cyber attack. Americans balance that convenience and sense of security against the danger of failing to securing their information. If they do not feel that the a data breach will have a significant adverse effect of if they feel a data breach is not likely to occur then they won’t accept the burden of losing the convenience they have become accustomed to.
      Americans do not feel a great urgency in practicing proper cyber hygiene because Americans do not view the likelihood of being a victim of cyber attack as very high. They look at the risk of being a victim of a cyber-theft of their personal information as being so remote that it is not worth the investment to prevent.
      I do not think one solution will solve this problem but the first thing that needs to be done is education. If we can alter the cost-benefit analysis and make the benefit of practicing cyber hygiene outweigh the costs then Americans will be more likely to take steps to secure their information. This can be accomplished by educating Americans so they understand the impact of theft of their personal data may be a more significant problem than they imagine it is. If Americans understand this then the benefits of convenience might not carry as much weight. If Americans think that there is a significant risk associated with failing to secure their information and a strong likelihood of a security breach and theft of that information then they will be more likely to accept the costs of securing it.
      As evidence by numerous bad habits including smoking, something is difficult to change once it becomes a habit. Educating Americans earlier is the key to developing proper habits with cyber. If we educate Americans at a young age on the nature of cyber space and the inherent dangers of interacting with it they will be more likely to engage in safe cyber practices in the longer term.

Leave a Reply

Bitnami