Most of us recognise the online risks, and many of us have been hacked, and still we do nothing about it.
Nothing ever changes… right up to the point when it does. On one level this is blindingly obvious. But less obvious or predictable is what it actually takes for change to occur? How do you get to the tipping point?
The plain and cold truth of it is that change, whether that's behavioural, social or cultural, can be tricky to bring about. None of us are huge fans of it. Instinctively, we perceive change as something unruly and precarious. The familiar is a cosy blanket, whereas change is a groan and grimace.
Change implies hassle and inconvenience. And change’s bedfellow, uncertainty, positively brings on palpitations. Uncertainty might be good for newspaper sales, but it’s the kind of cortisol spike most of us instinctively cross the street to avoid.
We recently commissioned a research study into online behaviours and perceptions of safety. Very simply, going into 2018, we wanted to take a temperature read on where people’s attitudes and behaviours are at.
We asked people to tell us us how safe they feel online, and how prone they feel they are to cyber threats. We also looked at their attitudes to communicating safely via email, and whether people and businesses are starting to act differently in line with the online risks they face.
Based on research with over 2,000 UK adults and interviews with 200 senior managers, these are some of the key findings:
Awareness of the risks
Some 87 per cent of respondents acknowledged that their personal and confidential information is at risk when stored and communicated via unsecure webmail platforms like Gmail, Hotmail and Outlook.
Among business owners and senior management, 73 per cent recognised that using their clients’ personal email for sending and receiving personal and confidential information makes them cybercrime targets.
Prompting people to take action
Worryingly, half of those who’ve been hacked in the past continued to send personal and confidential information via personal web-based email accounts.
One in three businesses interviewed were worried cybercrime is becoming more of a threat to their company. A further 46 per cent of businesses suspect they are likely to be a future victim of cybercrime.
What’s fascinating is how the above findings reveal our human condition, our current inaction to online dangers, and the speed at which we begrudgingly consider changing our ways.
Forbes recently reported the estimated cost of cybercrime, on average and projected through to 2021, at around $6trn (£4.5trn) a year.
Accenture’s 2017 Cost of Cybercrime study reported a 27 per cent net increase in the average annual number of security breaches. It did however also report that companies are starting to respond, spending 23 per cent more year-on-year on security technologies to counter the growing threats from hackers and malware.
Typically, something has to happen to drag us out of our default state of indifference and denial. 'Implicit threat' is often not enough for us to act differently.
Our actions and inactions could even have something to do with how we’re cognitively wired. The survival function in our brain is little different to the animals from which we evolved.
Our fight, flight or freeze mechanism originates in the amygdala. The moment we perceive a potential danger, our amygdala immediately flicks the switch.
The ‘thinking part’ of our brain, responsible for judgement and values, has nothing to do with the amygdala. Reason and rational thought lives in the prefrontal cortex. When our amygdala talks to us, we act fast. When our prefrontal cortex does the talking, we do exactly as our ever-civilised selves would do. We tend to think about it some more, and weigh the pros and cons.
Something as seemingly simple as how we email exposes an ‘old brain-new brain’ dilemma. In just the same way we shy from change, the case could be made that the modern world has dulled our survival instincts.
The online world is currently our major blind spot. We face the contradiction of being apex predators with Gmail accounts and a tendency to over-think the increasingly obvious.
Knowing what we know, the question remains. When do we all start doing something about it?