With people and businesses increasingly relying on digital-first interactions, a new IBM Security study found that preferences for convenience often outweigh security and privacy concerns.
The global survey conducted by Morning Consult on behalf of IBM Security, identified some very interesting effects of the pandemic on consumer security behaviors.
As far as India is concerned, the study found that Indians created about 19 new online accounts during the pandemic across different categories of online services, and on average, created three new accounts for social media and entertainment.
Globally, the survey found that respondents created 15 new online accounts during the pandemic on average, equating to billions of new accounts created around the world. About 44% reported that they do not plan to delete or deactivate these new accounts, leading to an increased digital footprint for years to come, greatly expanding the attack surface for cyber criminals.
People in India also interacted more with all types of businesses or organizations through websites and mobile apps during Covid, especially banking (65%) and shopping or retail (54%). Respondents over 35 saw the largest increase in digital interactions during the Covid-19 pandemic.
However, the increase in their digital footprint also meant that overall security online took a backseat. As many as 47% of Indian respondents mostly or always re-use the same credentials they have used for other accounts and 17% have an even mix of re-used credentials and new credentials, the study found.
Half of the 35-49-year-old Indian respondents surveyed always or mostly re-use the same credentials that they have used for other accounts.
More than half of the Indian respondents (57%) across all demographics, said they would rather place and pay for an order digitally than go to a physical location or call to place an order even if they had concerns about the website/app’s safety or privacy.
Security and privacy were top reasons to avoid using an app, but most still choose to use either way. About four in ten Indian respondents would avoid using an online platform to shop or place an order over concerns over app or website privacy (40%) and concerns over an app or website security (38%) based on negative experiences logging in or signing up or completing the payment.
In spite of these concerns, the survey found that Indian respondents generally prefer biometrics to log in to existing accounts for banking or financial instructions but prefer single-sign-on/social media logins or email/username and password for accounts across other categories.
Part of the reason can be explained by the finding that over half of Indian respondents trust healthcare (51%) and banking and financial institutions (56%) a lot to protect their personal or sensitive information. Social media is ‘Most Distrusted’ with 22% saying they trust those businesses ‘not much’ or ‘not at all.’
Over seven in ten respondents in India have used a two-factor or multi-factor authentication to access an online account across all time periods.
“The big take away from this survey is that consumers have become accustomed to the convenience of digital interactions during the pandemic, and this trend is expected to continue even after society returns to pre-pandemic norms. Companies that are more reliant on digital engagement with consumers during the pandemic must consider the effects of these changes on their security risk profile,” said Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India/South Asia.
He added that companies must look to provide a frictionless user experience across digital platforms while creating a stronger security posture and limiting potential risk. “To assure the greatest levels of security, companies in India must adopt a ‘Zero-trust’ approach, develop and understand the context around every user, every device, and every interaction making it a mission-critical agenda,” he said.
The report concludes that with digital channels being more important than ever to our daily lives, digital trust is becoming an even more critical aspect of a company’s relationship with consumers. Ensuring the right policies and technologies are in place to protect consumer trust and privacy should be a crucial part of companies’ business strategies moving forward.
How Organizations Can Adapt to Shifting Consumer Security Landscape
Businesses that have become increasingly reliant on digital engagement with consumers as a result of the pandemic should consider the impact this has on their cybersecurity risk profiles. In light of shifting consumer behaviors and preferences around digital convenience, IBM Security suggests that organizations consider the following security recommendations:
- Zero Trust Approach: Given increasing risks, companies should consider evolving to a “zero trust” security approach, which operates under the assumption that an authenticated identity, or the network itself may already be compromised, and therefore continuously validates the conditions for connection between users, data, and resources to determine authorization and need. This approach requires companies to unify their security data and approach, with the goal of wrapping security context around every user, every device, and every interaction.
- Modernizing Consumer IAM: For companies that want to continue leveraging digital channels for consumer engagement, providing a seamless authentication process is important. Investing in a modernized Consumer Identity and Access Management (CIAM) strategy can help companies increase digital engagement – providing a frictionless user experience across digital platforms and using behavioral analytics to help decrease the risk of fraudulent account use.
- Data Protection & Privacy: Having more digital users means that companies will also have more sensitive consumer data to protect. With data breaches costing companies $3.86 million on average amongst those studied,  organizations must put strong data security controls in place to protect against unauthorized access – from monitoring data to detect suspicious activity, to encrypting sensitive data wherever it travels. Companies should also implement the right privacy policies on premise and in the cloud in order to help maintain consumer trust.
- Put Security to the Test: With usage and reliance on digital platforms changing rapidly, companies should consider dedicated testing to verify that the security strategies and technologies they’ve relied on previously still hold up in this new landscape. Re-evaluating the effectiveness of incident response plans, and testing applications for security vulnerabilities are both important components of this process.