1(630)802-8605 Ravi.das@bn-inc.net

The common theme with all of my blogs so far has been that I have written primarily about how to avoid Cyber-attacks, and what to do after you have been hit by one.  Sure, after you have fallen victim the first thing that crosses your mind is: “How did this happen to me?”

That is just a natural human reaction to anything bad that has happened.  Even I ask myself that question all the time when something I totally unexpected happens to me.

It’s OK to think about this for a little while, but the next course of action is how to recover quickly.  For a business, any downtime means lost revenue, so you need to be up and running within literally hours after being hit, at least with your baseline operations.  Then, the other stuff can come later.

But there is another thing that you have to worry about as well:  Your brand reputation, and your customers.  As any Cyber security professional will attest to, one of the first things that the Cyber attacker will go after is the private and confidential information/data of your customers.

Once you have notified them as to what has happened, the chances that they will come back you again, are unfortunately low.

This has been underscored by a recent survey entitled the “Ping Identity 2018 Consumer Survey: Attitudes and Behavior in a Post-Breach Era.”  Some of the findings of this survey include the following:

*78% of respondents claimed that they would stop being customers of a company if they have been hit by a Cyber-attack;

*49% of respondents reported that they would stop using an online service (such as that of an online store) if they fell victim to that;

*47% of the respondents already have made changes to the way they create and use their password (such as changing it out more frequently, creating more complex passwords, making use of a Password Manager, etc.);

*53% of the respondents that were under 35 years of age felt confident in the security that was being used by the vendor with whom they made a recent purchase from;

*Only 27% of the respondents over 55 years old felt the same about the above;

*56% of respondents said that they would not pay extra services to a company that they purchase products and services from in order to make their information/data that is stored with them (but, the younger customers were willing to pay extra, anywhere from $1.00 to $50.00);

*54% of the younger respondents were willing to use online financial applications in order to conduct a business transaction;

*But, only 41% of the respondents 55 or older were willing to engage in the above;

*16% of respondents based in the United States were willing to share their Social Security numbers, while only 9% of French respondents, 6% of German respondents, and 4% of United Kingdom respondents were willing to do the same.

It should be noted that this particular study surveyed 3,264 consumers based in the United States; the United Kingdom; France and Germany.  The subject pool were at least 18 years old and have also used at least one of the following types of online services:

*Shopping;

*Banking; Movie/TV;

*Music;

*Government services,

*Travel;

*Uber/Lyft-type apps.

More details about this survey can be seen at this link below:

https://www.pingidentity.com/en/resources/client-library/faqs/consumer-attitudes-post-breach-era-3375.html

My thoughts on all of this?

Well, it is obviously clear from the results from this survey that a customer will not likely return to a merchant after they have been hit with a Cyber-attack.  I can understand that point of view, because I too was once a victim of Identity Theft.  My credit card info was stolen from a local Wal Mart store, and used to make purchases in other suburbs.

Luckily, the damage was only limited to about $200.00.  But it took me months before I could feel confident once again about shopping at Wal Mart.  I try to keep an open mind, and that is why I returned after they installed chip readers onto their Point of Sale terminals.

But what surprises me are the disparaging differences in the view of Cyber security from the younger and the older generations.  It seems like that the former are much more attuned to the Cyber threat landscape, versus the former.  This is best exemplified by the fact that the younger crowd seems to be much more proactive about protecting their password, versus the older crowd.

Perhaps they understand the importance of this more, or are simply aware of using technologies to protect it? I think that it is a combination of both.  Also, it looks like that the younger crowd has more faith in the Security that is being provided to them by the store wherever they shop at; and are much more willing to take a risk by entering their personal and confidential information at an online, financial website.

I also found it surprising, that when compared to the other countries that were surveyed, that United States citizens were more willing to share their Social Security numbers.  Does this reflect the fact that our society is just too open or that we are still naïve about Security? This one is hard is harder to answer, because you have to look at it on an individual basis.

But here are some key takeaways, looking at both sides of the coin here:

*To the online merchant, or even the brick and mortar store:  You MUST take all of the proactive stances that you can to beef up your lines of defenses.  You MUST even consider getting Cyber security insurance.  But even despite doing all of this, there is no guarantee that you will not become a victim of a Cyber-attack.  But at least, you have done everything you could, which most everybody will look favorably upon.

To the customer (and yes, this even includes me):  I think it is only fair that you also pay for your fair share of Security at the store you frequent.  I think that it is totally wrong for us to think that they should be responsible for footing the bill for all of the Security. After all, since are voluntarily submitting our personal information and data, I think that it is only right that we help financially in helping to secure that as well.