Misplaced confidence is a dangerous thing when it comes to cyber crime. Over three quarters of British adults say they know enough to keep themselves safe online, and yet too few are using the basic cyber hygiene that experts have long urged us to perform to protect ourselves when using the internet. For example, only 29% of people even know what two-factor authentication (2FA) is, and even fewer use it.
These figures come from our latest Digital Futures sentiment research into cyber perceptions and chime with a report released over a year ago by the Government that found compelling evidence of a perception gap between what people believe about cyber crime and the reality of the threat. This gap, said the Government report, was propped up by three generally accepted (but inaccurate) myths: cyber crime isn’t a real crime, it isn’t something I need to be concerned about, and there isn’t anything more I can do to stay safe.
The Government’s report is important to consider alongside Nominet’s research because it shows how little has changed in the past 12 months when it comes to the perception gap. This is despite the rising number of high-profile companies suffering breaches and hacks. Even more worryingly, there seems to be a dwindling trust in external agencies to help keep citizens safe online.
Our findings show that self-confidence levels are sky-high, with 77% of adults saying they know enough to keep themselves safe online while just 38% believe the Government, intelligence agencies and law enforcement will keep them safe online. Technology companies are slightly more trusted – 42% of people we asked felt these companies were working to keep them safe – yet over half (51%) of people didn’t trust them to act ethically.
Confidence extends into the beliefs about the likelihood of an incident. Despite being repeatedly told that cyber breaches are now a ‘when and not if’ scenario, only 5% of British adults believe they will be a victim of cyber crime in the next 12 months, with a third (31%) thinking it’s unlikely and a bullish 10% assuming it is ‘not at all likely’ or convinced it will ‘definitely’ not occur.
These convictions don’t correlate with the prevalence of cyber crimes nor the vast number of people that fall foul. Spend a few minutes on the Action Fraud website and the scale of the issue becomes clear: in December 2018 alone, 200 crime reports were made in relation to fraudulent TV licensing emails, with victims reporting a total loss of £233,455. That is one month, and one scam, and only includes those who reported the incident.
The ease with which criminals are able to part people with their money is due to the fact that too few people are taking enough protective action or employing the basic cyber hygiene practices that experts recommend. Our research found that only 29% of people knew what 2FA was and just 27% actually use it. Just over half of people knew how to change their privacy setting on social media sites, and only 51% were even aware of what their privacy settings are currently set on.
There was also a reticence among those we surveyed to recognise the risks when a company is breached or hacked; 24% of people didn’t bother changing their passwords when their online bank or phone or utility provider was hacked, and only 61% changed their passwords when a company suffered a breach.
Optimism bias could be to blame for this misalignment between risks and beliefs. Our tendency to believe that bad things won’t happen to us may sometimes help us stay sane in a risky world, but it employs no favours when it translates into leaving ourselves vulnerable online. Are you, for example, one of the 23 million people who set their password as ‘123456’?
This last statistic comes from the National Cyber Security Centre’s (NCSC) first annual cyber survey, released in April, which has similar findings to Nominet’s: only 15% of those asked knew a great deal about how to protect themselves from harmful activity.
There are easy steps we should all be taking to keep ourselves safe online, starting with abandoning the misplaced confidence that leaves us vulnerable. Practical changes then include using a password manager to create strong passwords or creating passphrases ([email protected]!), implementing 2FA wherever possible, checking privacy settings and being wary about what you share across Wifi connections that may not be secured (public Wifi is particularly vulnerable). More advice on basic cyber hygiene is available from my colleague Cath Goulding, Nominet’s CISO, in her blog on shopping securely online, while NCSC has some good advice on their site too.
As we rush towards a digital future in which technology and the internet infiltrate more aspects of our life, adopting a healthy level of anxiety – and making good cyber hygiene habitual – will become crucial to keeping ourselves, our data and our money safe online.