It’s hard to believe that January 2019 is soon coming to a close, albeit a very bitterly cold one at that here in Chicago.  As this first month wraps up, the news headlines in Cybersecurity really have not changed all that much.  This not to say that attacks are not happening; they are, but it’s about the same kind of thing we heard of last year. It does not seem like that there are any new variants that are coming out yet.

But, as Corporate America is scrambling to get their lines of defenses ramped, especially in the way of Critical Infrastructure, there is often one area of presence that tends to be forgotten about:  That is, the online presence these companies.  When people think of a Cyberattack that has happened, they often think that it has occurred at the physical location, such as a retail outlet like Target or a restaurant like Applebee’s.

While this is true, these business entities also have an online presence, where in fact, a bulk of these Cyberattacks have actually happened.  Once you the customer, for instance, have become a victim of a Security Breach, the chances that you will purchase anything from that same venue or even visit that site again greatly diminishes.

This is according to a recent study launched by a Cybersecurity company known as “Ping Identity”.  In their research, they found that a majority of respondents would never again purchase from the same online merchant if they have indeed become a victim.  Here are some of the major findings:

*78 % of the respondents said that they would stop engaging with a certain product or service online;

*36% would completely stop using that product or service and go directly with a competitor;

*Almost half (50%) of the respondents would not use an online service or Web/Mobile that recently experienced a Security Breach;

*47% of the respondents have already made drastic changes in the way they handle their PII;

*Over half of the respondents (54%) are much more concerned about protecting their PII than they were back in 2018.

It should be noted that the respondent pool from the above findings are actually from the 55+ age group bracket.  This story drastically changes as a much younger group of respondents are surveyed, especially those that are under 35 years of age. 

The bottom line:  They seem to be much more trustworthy and confident in the way that online stores and merchants safeguard their PII.

For example:

*53% of the total respondents under the age of 35 feel confident and/or very confident in the online merchant’s ability to protect their PII (as opposed to 27% those over 55);

*54% of the respondents under the age of 35 are willing to key in their credit card information online when compared with just 41% of those aged over 55;

*37% of the respondents aged under 35 are not willing to pay for extra services in order to ensure that their PII is never breached; this is in comparison with 62% of those over 55 and older.

This same survey also examined the level of Security that citizens of other foreign countries place in the hands of online stores and merchants.  The countries that were examined included France, Germany, and the United Kingdom.  Here is what they found:

*US Citizens are much more likely to share their Social Security Numbers if asked to do so;

*The French are the least confident group when it comes to trusting the level of the Security that is provided by online stores and merchants;

*Citizens in the United Kingdom have experienced the least number of Security Breaches.  But those that have been a victim have suffered a rather big, financial loss (this is what 42% of the respondents have claimed).

My thoughts on this?

Well, there are a couple of areas which do not surprise me at all.  First, it is a no brainer that the older population is far less trustworthy than the younger group.  It is quite possible that they have much experience in dealing with things on a daily basis, and have seen far too much when it comes to have PII compromised. 

Or perhaps, there simply just too old fashioned, and much prefer to visit a traditional brick and mortar store than shop online, nothing wrong with that either.

Second, it does not surprise me that the younger population refuses to pay more in the way of having extra Security levels in place to protect their PII.  I have seen this in other surveys as well.  Their thinking is that why should they have to pay more when they are already paying more in taxes and shipping of the products? 

Third, I am utterly shocked that a majority of Americans are willing to give away their Social Security numbers to an online store or merchant. There is absolutely no need for this, of course, you are going through a background check or applying for a government job.  No reputable merchant would ever ask for this kind of PII.  It is just way too risky to them to store this kind of data.

As I wrote in a previous blog, losing a customer after a Security Breach has occurred is a huge cost that needs to be taken into consideration.  Obviously, while it is very important for a business or a corporation to have Security Policies and Incident Response Plans put into place, it is also very equally important to have a plan in case you do lose customers in the case of a Security Breach from occurring.

Perhaps one way to do this is for Corporate America to reach out individually to their customers and let them know exactly the steps that are being taken (or that have been taken) to protect their PII.  They should also offer free Multifactor Authentication Services, and even watered-down Password Managers that are just designed for their online stores only. 

In this way, customers can create those crazy passwords that nobody can remember.  This will ensure a much higher level of confidence as they shop online.  In the end, nobody is immune from being a victim of a Cyberattack. 

An organization can lose customers even with no Cyberattack happening at all.  But if you at least try to educate your customers about the steps that you taken to protect their PII and keep them informed, that is all really anybody can do.