Most businesses don't see cybercrime as a threat
The Dutch business community appears to be dangerously relaxed about cybercrime: 90 per cent of businesses don't see it as a threat to their activities. That's the standout finding from the Trends in On-line Security & e-Identity survey of more than two thousand consumers and five hundred-plus businesses by SIDN and Connectis.
Nothing for firms to worry about?
Over two thirds of business respondents rated cybercrime merely a minor threat. Indeed, 17.6 per cent of them said it wasn't a threat at all. Willingness to invest in security is correspondingly low. The great majority (69.4 per cent) of businesses expect no change in spending on security in the year ahead.
Any problems that do occur are likely to be down to malware, respondents said. Nearly 60 per cent identified malware attacks as the biggest digital threat to their organisations. DDoS attacks and the theft of intellectual property and customer data were also seen as problematic by more than half of large organisations.
Consumers: knowingly insecure?
Consumer responses on the topic of log-ins appear contradictory. For example, 57.2 per cent of respondents say that they use social log-ins, such as Google and Facebook, on a daily basis. Yet only 14.4 per cent say that they think such behaviour is safe. Similarly, 54.4 per cent use a user name-password combination every day, although only 37.5 per cent see that as a secure way of logging in.
And consumers do little to protect their own e-Identities better. Just 22.7 per cent of respondents use a strong password. Even fewer opt for multi-factor authentication, which involves using a device (e.g. a mobile, to which an SMS is sent) in combination with something the user knows (e.g. a password).
"What consumers worry about most are identity fraud, hacking and personal data theft. However, they aren't taking the basic precautions needed to reduce those threats: using strong passwords and multi-factor authentication," says Esther Makaay, eID Specialist at Connectis. "The necessary awareness is still lacking."
More emphasis on security awareness
"Security awareness is important at home and in the workplace," Makaay continues. "It's about knowing what forms of cybercrime there are, what you can do to prevent them, and what you should do if the worst nevertheless happens. Unfortunately, however, very little is being invested in security-awareness. Only 16 per cent of the surveyed businesses arrange for training or instruction."
"Digitisation means that every business has something worth stealing, whether it's customer data or intellectual property. However, a lot of people in the business community appear to overlook that," says Roelof Meijer, CEO of SIDN, the company behind the .nl internet domain. "Even firms that don't sell goods or services over the internet are interesting to cybercrooks, and they're often easy prey. Business people need to be more aware of the risks. On-line security should be a priority for every business."
Research consultancy GfK carried out the survey of trends in on-line security and e-Identity on behalf of SIDN and Connectis. Data from a representative group of 2095 Dutch consumers and 512 businesses of various sizes was used. The survey took place in the period February to March 2019, and the findings were analysed by an expert panel.