Engineers and designers have credited hardware and interfaces that can be used to control complex technology with little or no training. The upside of this is that it has made that technology usable by virtually everyone. The downside, however, is that it has blinded users to device vulnerabilities that can expose a user’s personal and financial information to hackers and cyberthieves.
A recent Pew Research Study revealed that a majority of U.S. citizens have little or no cybersecurity sophistication. What awareness of cybersecurity issues they may have is overshadowed by a pervasive sense that cybersecurity is somebody else’s problems and that they are immune to cyberattacks.
This lack of sophistication extends more to a lack of comprehension of the level of threat and risk that U.S. citizens face, rather than to the actions they take to protect their networks and devices. For example, a 2017 report published by United Kingdom-based Wombat Security suggested that at least nine out of ten Americans routinely back up their files, and that at least two thirds were more likely to use a virtual private network (VPN). These actions suggest that Americans are following cybersecurity and privacy suggestions apart from being able to explain why they are doing so. This inability to explain the reasons for their actions might explain, for example, why Americans are twice as likely to trust the cybersecurity of a free, unsecured Wi-Fi hotspot than citizens of other countries.
The key to improving the cyber smarts of U.S. citizens is to increase their knowledge and awareness of the cybersecurity threats they face. Cybersecurity industry experts recommend that businesses can take the lead in this effort by first improving their own cybersecurity strategies and then impressing on customers and clients that they are often the weakest link in the cybersecurity chain. The ecommerce companies that customers patronize should assume the primary role as influencers of their customers’ online actions, ultimately aiming to generate positive online habits that make those customers savvier about their own cybersecurity.
Businesses cannot control everything about their customers and clients, and even if an information network is made as secure as possible, that security will still have gaps. A complete cyber security policy for any business, regardless of size, should include insurance that will cover losses and liabilities suffered by the business when its customers or clients inadvertently open the network to hackers or when hackers otherwise breach the business’s cybersecurity defenses.
Critics might argue that a cybersecurity insurance policy will further encourage people to ignore their own security obligations to the extent that they will be able to fall back on insurance proceeds when a cyberattack causes damages. This is a short-sighted argument that fails to account for the potential effects of a cyberattack.
A U.S. citizen whose personal and financial information is stolen by hackers might require weeks or months to limit or control the damages that flow from the theft, including monitoring credit agency reports and re-establishing banking and other financial relationships. Identity theft victims experience long-term adverse effects that are akin to experiencing physical or psychological trauma. Educating U.S. citizens of the risks and long-term effects of cyberattacks will make them more savvy about cybersecurity, even if they know that cybersecurity insurance can provide some compensation for losses.
The silver lining on America’s cybersecurity issues is that awareness is higher among a younger demographic that has grown up with technology. That demographic is more likely to perceive cybersecurity as an integral part of online activity rather than an adjunct to it. As business take the lead in improving cybersecurity and the American demographic age population evolves, business’s efforts to educate Americans will take better hold. Until then cyber security insurance is the final backstop to imperfect cybersecurity awareness.