Of the 1,300 U.S. consumers surveyed by TeleSign, nearly a third report the value of their online life at $100,000 to priceless.
The Consumer Account Security Report 2016 also found that more than half of the respondents surveyed (55 percent) place the onus on businesses as the party primarily responsible for providing for the security of their online and mobile accounts.
“When you consider what comprises an online life – email, banking and social media accounts, personal information, photos and more – these assets are extremely valuable, even ‘priceless’ as some reported,” said Aled Miles, TeleSign CEO. “With the majority of consumers looking to businesses to keep them safe online, companies need to prioritize providing strong account security or risk losing valuable users. In fact, our report shows 1 in 3 victims of account compromise stopped doing business with the impacted brand.”
Fifty-one percent of consumers experienced a security incident in the past year, whether it was having an account hacked, password stolen, or their personal information compromised. This is in part due to a key finding of the Report that shows consumers continue to reuse passwords at an alarming rate. On average, consumers use the same password for seven online accounts – meaning that 71 percent of online accounts are protected by passwords that are used across multiple sites. Additionally, 46 percent of consumers use passwords that are older than five years.
These statistics are significant when considering the magnitude of consumer credentials flooding the market in 2016, which has already recorded the highest number of data breaches on record according to the Identity Theft Resource Center. When credentials for one account are compromised, it creates a domino effect, essentially putting all other accounts protected with those same credentials at risk of cybercrime.
Within key demographics, the Report found that millennials (ages 18 to 35) have the poorest security habits putting them at the highest risk for fraud. Overall, 64 percent of the millennials surveyed have had an account compromised, hacked, or their password stolen while less than half (44 percent) of all other generations combined have experienced the same. Millennials were also found to use fewer unique passwords to guard their accounts, with 35 percent using only 1 to 4 passwords, versus 25 percent for all other generations.
On the upside, consumers are making strides in adopting additional security beyond passwords. Forty-six percent report ever enabling 2FA for any account, up from 39 percent in 2015, representing an 18 percent year-over-year increase. Further, of the 46 percent who have ever enabled 2FA, 77 percent turned it on for at least one new account in the past year. Interestingly, those that had at least one account compromised are almost twice as likely to enable 2FA as those who have not been victims of online fraud (60 percent vs. 32 percent).
Additional findings include:
- Eighty-two percent of consumers are concerned about online security with 88 percent concerned specifically about being hacked.
- Almost half (42%) of fraud victims say the security incidents resulted in losses.
- Only 12 percent of consumers are concerned about securing Internet of Things (“IoT”) devices, falling well behind concern for other accounts such as banking and finance accounts (87 percent) or email accounts (56 percent). This is notable in light of the recent attack targeting IoT devices, which according to experts, was the largest distributed denial of service (“DDoS”) attack on record.
- Nearly three in four (73 percent) consumers say forgetting their password is the most frustrating part of the account security process.
“With all the dangers we face today in our online lives, it’s encouraging to see that consumers are becoming increasingly aware of how to protect themselves beyond the password alone,” said Miles. “Seventy-three percent are urging companies to provide additional security such as 2FA. Turning it on is a step everyone can take today towards keeping their accounts secured and their online lives safe and private.”