Pub. 11 2021-2022 Issue 3


What are Consumers’ Top Cybersecurity Concerns?

To understand how U.S. consumers view cybersecurity risks, CSI – a leading provider of fintech, regtech and cybersecurity solutions – worked with The Harris Poll to survey more than 2,000 U.S. adults aged 18 and above.

Respondents were asked to identify their primary financial institution, providing a look into the perceptions of bank customers, credit union members and those without a primary institution. The data from this online survey was then analyzed and used to create an executive report to help financial institutions understand consumers’ cybersecurity perceptions and expectations.

This executive report provides key insight into this year’s survey results and offers a comparison to data from a similar survey conducted on behalf of CSI by The Harris Poll in 2019, exploring how cybersecurity concerns have shifted among Americans.

How is Consumer Perception of Cybersecurity Issues Changing?

Although a substantial number of consumers (85%) reported cybersecurity concerns pertaining to their personal confidential data, 15% are not particularly worried – a surprising number considering the surge in pandemic-related cyberattacks.

By comparison, in 2019, 92% of consumers reported cybersecurity concerns pertaining to their personal confidential data, so this year’s decrease could signal that Americans are becoming desensitized to cybersecurity risks. It’s likely that the size, scope and frequency of cybersecurity events have made breaches appear somewhat abstract and distant to the average consumer. And the constant barrage of media coverage on this topic could be contributing to greater risk tolerance among consumers – potentially leading to adverse effects for banks and making effective cybersecurity education even more important.

Key Takeaways from the Consumer Cybersecurity Poll

To gauge shifting perceptions, consumers were asked their thoughts regarding password habits, payments security, data breaches and more. Here are a few takeaways for banks:

  • Top Cybersecurity Concerns: Identity theft and stolen credit or debit card information tied as the top cybersecurity concerns among consumers, at 60%. This is down significantly from 2019, when identity theft topped the list of concerns at 73%, followed closely by stolen card information (72%). These changing perceptions among Americans indicate that institutions should prioritize educating customers on these evolving risks.
  • Risks of a Data Breach: Nearly half of respondents (48%) would leave their institution if it suffered a data breach, and 51% of community bank customers agreed that a breach would cause them to leave. To mitigate the risk of customer attrition, institutions should have an incident response plan in place to direct their actions in the event of a breach.
  • Strong Authentication: 30% of Americans agree it is okay to use the same password for an online bank account that they use for other online accounts, representing an increase of six percentage points from 2019 (24%). To mitigate risks associated with lax security habits, banks should provide and promote multi-factor authentication and reinforce the importance of strong passwords.
  • What to do Post-Breach: Most Americans (69%) believe they know what to do if their personal confidential data is compromised. While this result is encouraging, a clear opportunity exists for banks to continue educating customers on the necessary steps to take after their information is potentially compromised. A financial institution that prioritizes cybersecurity education for its customers could become the go-to institution for advice, which could help expand market reach.
  • Perceptions of Secure Payments: Half of Americans (50%) believe a person’s payment information (i.e., account number) is more likely to be compromised when using a physical card versus a digital payment such as a contactless card or digital wallet. Banks should embrace the latest payments technology and provide customers with resources on best practices for using secure digital payments.
  • Importance of Building Trust: More than three in four consumers (76%) agree their financial institution can protect their personal and payment information from hackers. In fact, 78% of bank customers agree with this, indicating that institutions should continue building trust among consumers by explaining how to safeguard data and hosting cybersecurity awareness training.

Prioritizing Cybersecurity Awareness and Education

As Americans become increasingly desensitized to the risk of security breaches, it is critical for your bank to break through the noise and educate your customers on cybersecurity best practices. Providing valuable education and promoting good cyber hygiene will mitigate cybersecurity risk for both your institution and customers while increasing the potential for new business through knowledge sharing.

To really capitalize on this opportunity, your bank should be intentional and strategic in its planning:

  • Determine the Needs of Your Customers: Avoid a one-size-fits-all approach; different customers have varying needs and concerns.
  • Tailor Your Approach: Create campaigns to reach different groups, tailoring based on age, work schedules, etc.
  • Get Creative: Think creatively about how best to communicate with your customers and deliver a compelling message.
  • Go Digital: Leverage digital channels to reach a broader audience – don’t limit the size and scope of events to physical locations.
  • Deliver Actionable Tips: Inspire confidence in your bank and motivate customers through actionable tips, such as best practices for creating strong passwords, etc.

Gain Additional Insight from CSI’s Consumer Cybersecurity Poll

To strengthen defenses against evolving cyber threats, institutions should embrace a layered approach to cybersecurity, a key component of which includes providing customers with continued education.

Sean Martin serves as a product manager for CSI Managed Services and has extensive knowledge on implementing effective systems security and network management practices. He speaks and writes frequently on security-related topics affecting the financial services industry and holds Cisco CCNA and CCIE written certifications.