What your cyber clients are doing right (and wrong)
Cyber insurance customers are getting better at protecting their personal information and data from cyberattacks but poor cybersecurity behaviours remain prevalent, according to the results of Chubb’s Fifth Annual Report on Personal Cyber Risk.
For the first time, the annual study found more than half of polled Canadians and Americans were taking concrete steps to protect their personal data and information from cyberattacks. In 2022, 51% of the 1,605 survey respondents reported using multi-factor authentication (MFA) to log into their online accounts – twice the level found in the 2021 survey.
Although this is a positive development, it’s not enough from a cyber insurer’s perspective. Canadian cyber insurers are now often requiring businesses to implement MFA and have cybercrime/date breach response plans in place before qualifying for cyber insurance coverage. Industry sources tell Canadian Underwriter MFA is now really table stakes in the market.
“While the progress is encouraging, poor cybersecurity behaviours remain far too common,” Chubb said of the results showing just 51% of respondents used MFA. As for poor cybersecurity behaviours, the 2022 survey found three in five respondents (61%) have trouble keeping track of their passwords and 63% are annoyed when they are forced to update them. And half are still including the name of their pet, or some other identifiable name or date in a new password, Chubb said in a press release announcing the results of the survey.
Conducted by Dynata, the survey showed some positive results: nearly 80% said they prefer to use MFA. Adoption of practices such as regularly clearing browser histories and using password protection apps, pop-up blockers and malware protection were also up significantly from 2021. Also, three out of four people reported updating the password for their primary bank account in the last 12 months, and 70% have voluntarily updated a password for a digital account without being required by the provider.
The bad news? Eighty-five percent of your high-net-worth clients are using identifiable terms or dates in their passwords – more than three times the rate of middle-income respondents (27%). “Remarkably, the wealthiest people – those who are most vulnerably to a cybercrime that involves money – are continuing to use such identifiable terms or dates as passwords,” the report said.
In the last year, 30% of high-net-worth respondents reported falling victim to a cyberattack involving their money, Chubb said. That’s twice the average for all income groups and seven times the frequency cited by middle-income respondents. Mass affluent and high-net-worth consumers were twice as likely as the members of the middle class to have fraudulent charges made on their credit card.
“Our fifth annual report on personal cyber risk has a compelling narrative: Awareness of and concern over cyber threats is high and growing,” Ana Robic, division president of Chubb North America Personal Risk Services, says. “At the same time, people are annoyed and frustrated by taking actions to protect themselves online. Thankfully, the gap between awareness and action has started to narrow.”
Other survey results include:
Nearly nine in 10 (87%) are concerned there will be a significant cyberattack on the power grid in the U.S. Most are worried about the threat of a cyberattack waged by a hostile foreign country (85%) and cyberattacks on a nuclear power plant, chemical factory or water supply (84%).
Consumers most fear a breach of their financial information, with 53% saying this is the most concerning type of breach.
About two in five (39%) currently have a personal cyber insurance policy, with wealthy consumers are much more likely to have this coverage. But 19% are not at all familiar with the protections personal cyber insurance offers individuals and families.
But people with personal cyber coverage may have too much piece of mind, the study found. “Personal cyber policyholders are less likely to take precautions to protect themselves compared to those without a policy, such as conducting business while using a wi-fi hot spot, posting personal information on social media or regularly clearing their browser history.”
Feature image by iStock.com/tsingha25