Chubb Survey Finds Disconnect between U.S. Consumers’ Awareness and Actions toward Cybersecurity

A new study from Chubb finds that when it comes to cybersecurity, Americans are concerned, but not necessarily prepared to take the appropriate—and necessary—preventative steps to protect themselves from a cyber attack.

Source: Chubb | Published on September 18, 2019

Online internet secure payment and network safe communication and banking concept. Person pay in web via computer. Locks and padlocks on diagram.

According to Chubb's Third Annual Cyber Report, which examined individuals' comprehension of cyber risks and the steps they are taking to protect themselves, complacency seems to have taken hold: eight-in-10 Americans continue to be concerned about a cyber breach, yet only 41% use cybersecurity software and 31% regularly change their passwords. These numbers are virtually unchanged from 2018.

"When it comes to your cybersecurity, there's no such thing as being over prepared," said Fran O'Brien, Division President of Chubb North America Personal Risk Services. "While it's important that the vast majority of respondents remain concerned about a breach, concern itself isn't enough. Individuals often say their lack of cybersecurity action is because it seems too time consuming in the moment. But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur."

For a copy of the full Executive Summary, click here. Key findings are outlined below.

When "The Little Things" are Actually "The Big Things"
According to the study, individuals don't recognize the value of individual pieces of personal data. For example, just 18% of respondents are concerned about their email addresses being compromised. But, coupled with the fact that less than one-third of respondents regularly change online passwords—consistent with 2018's findings—a single email address can be a gold mine for hackers.

Similarly, a mere 27% of respondents are concerned about their medical records being breached. However, for all commercial claims submitted to Chubb by its healthcare policyholders, 54% of cyber claims were the results of an external actor, a significant increase from all prior years, according to the Chubb Cyber Claims IndexSM. If individuals knew that a compromised medical record often gives enough information to completely steal one's identity, they would likely be more concerned.

History is Repeating Itself
Survey results indicate that when it comes to cybersecurity, a consistently large portion of older respondents employ better cyber practices than younger generations. Per the survey, 77% of those over 55 delete suspicious emails, compared to half (55%) of respondents between 35 to 54 and just a third (36%) of respondents from 18 to 34. Similar patterns arise when looking at those enrolled in cybersecurity monitoring services.

More concerning is that younger generations don't just continue to shun the cyber lessons of older generations, their behavior is actively getting worse. For example, 76% and 74% of adults over 55+ regularly deleted suspicious emails in 2017 and 2018, respectively, as compared to just 47% and 40% of adults between 18 and 34 during the same time period. Learning from past events and generations before us is critical to prevent repeating the same cyber missteps.

Workplace Responsibilities
Businesses aren't immune to the lack of progress around cybersecurity.

For instance, while a consistent number of individuals (75% and 70%) say that their company has "excellent" or "good" cybersecurity practices in place from 2018 and 2019, many companies continue to fail to implement the most basics of safeguards. From 2018 to 2019, there was virtually no change in the percentage of companies who hold annual employee trainings (31% and 33%), deploy filters for online content (38% and 40%) and leverage social media blocks (32% and 33%). With the number of commercial cyber incidents only rising, employers must course correct in order to protect them for the long-term.

Insurance Back-Ups
The continued failure to implement cybersecurity safeguards means a breach is inevitable. Yet, just 10% of respondents report having a cyber insurance policy in place. A good cyber insurance policy includes more than just a financial loss mitigation tool; it can help individuals address the very preventative measures they're currently failing to implement.

Methodology
This is the third survey by Chubb measuring consumers' approaches and behaviors toward cyber risk. Conducted by Dynata, a leading global provider of first-party consumer and professional data, the online survey was fielded between May 7 – May 17, 2019. The results are based on 1,223 completed surveys. A breakdown of respondents is as follows:

  • Gender: Male (46%), Female (54%)
  • Age: 18-34 (21%), 35-54 (40%), 55+ (39%)
  • Regions: Midwest (20%), Northeast (22%), West (36%), South (32%)
  • Socioeconomic Status: Middle Class (25%), Upper Middle Class (25%), Mass Affluent (27%), Successful (22%)

About Chubb
Chubb is the world's largest publicly traded property and casualty insurance company. With operations in 54 countries and territories, Chubb provides commercial and personal property and casualty insurance, personal accident and supplemental health insurance, reinsurance and life insurance to a diverse group of clients. As an underwriting company, we assess, assume and manage risk with insight and discipline. We service and pay our claims fairly and promptly. The company is also defined by its extensive product and service offerings, broad distribution capabilities, exceptional financial strength and local operations globally. Parent company Chubb Limited is listed on the New York Stock Exchange (NYSE: CB) and is a component of the S&P 500 index. Chubb maintains executive offices in Zurich, New York, London, Paris and other locations, and employs more than 30,000 people worldwide. Additional information can be found at: chubb.com.