• No results found

Trust in the Internet Survey

N/A
N/A
Protected

Academic year: 2021

Share "Trust in the Internet Survey"

Copied!
20
0
0

Loading.... (view fulltext now)

Full text

(1)
(2)

Introduction

Online retail has established itself as a colossal industry in a relatively short space of time.

The first online transaction was made 20 years ago and involved the sale of an album by Sting costing $12.48 (€8.25) plus shipping costs.

To put the growth into some sort of perspective, IMRG,

the UK’s industry association for online retail found

that UK shoppers spent

£

21.6bn online over the festive

period – 13% growth on the same period last year. That’s

a 25% increase compared with 2013. Meanwhile in the US,

Cyber Monday spend hit $2.68bn last year, up 16% on the

previous year. This is big business.

But at the same time, we’ve seen an industry grow in tandem. Cyber crime.

This is big business too. It’s difficult to put a definitive price on it but some estimates put the cost to the global economy at $445bn (£290.3bn). And retail businesses have found themselves in the firing line. Big breaches at the likes of Target, Home Depot and Staples have put the industry firmly in the spotlight.

Consumers are spending online. And hackers are targeting consumers. But when will data breaches and credit card fraud start to affect what consumers do online?

This discussion paper explores the consumer attitudes of shopping and banking online. It details and examines a poll we carried out in collaboration with IDG Research Services into consumers’ online behaviours and their perceptions around online security.

http://internetretailing.net/issue/internetretailing-magazine-september-2014-volume-8-issue-6/online-shopping-turns-20/ http://www.imrg.org/index.php?catalog=1628

http://www.adobe.com/news-room/pressreleases/201412/120114AdobeDataShowsCyberMondaySalesUp.html http://www.mcafee.com/us/resources/reports/rp-economic-impact-cybercrime2.pdf

(3)

RESPONDENT PROFILE

33% 67% 37% 23% 23% 17% South West Midwest Northeast 9% 11% 16% 9% 10% 9% 10% 27% 18-24 25-29 30-34 35-39 40-44 45-49 50-54 55 years or older 49% 51% Total respondents Gender

10,000

3

RESPONDENT PROFILE

US 5,000 UK 5,000 Age US regions US annual household (HH) income $100,000 or more 20% $50,000 – $99,999 33% Less than $49,000 37% Mean $67,815 £75,000 or more 10% £40,000 – £74,999 25% Less than £39,999 54% Mean £39,619 UK annual HH income Parent to child Yes No Male Female Millennials = 36% Generation X = 27% Baby Boomers = 37%

Employment status 61% 15% 5% Employed Student Not Employed Retired Industry of those employed

RESPONDENT PROFILE

12% 11% 11% 10% 8% 7% 6%

Retail, Wholesale and Distribution Education Healthcare (providers and pharmaceuticals) Manufacturing (including automotive, aerospace & defense, construction, engineering, chemical, metals & mining) Services (legal, consulting, real estate) Financial Services (banking, insurance, brokerage) Government (State or Local)

Methodology

This survey was fielded by IDG Research Services from October 8 2014

to October 13 2014.

The results were collected through an online questionnaire. A total of

10,000 people were surveyed – 5,000 from the US and 5,000 from the UK.

(4)

Consumer Internet usage

and customer confidence

Key highlights

• 84% of consumers shop online, but only 21% feel very safe on retail sites • Banking websites evoke the highest degree of confidence, while few consumers

feel very safe on social media sites

• Biggest concern around online retail is regarding identity hacks and theft

• Consumers are most confident in finding legitimate websites through bookmarked URLs • Positive past experience and brand familiarity play key roles in instilling confidence in website

s

Our research found that while 84% of consumers shop online, just 21% feel very safe when using online retail sites. This immediately paints a very bleak picture of consumer confidence. People are shopping online, but they’re not comfortable doing so. This should set alarm bells ringing for any companies that have a significant online presence. Customers simply don’t feel very safe on the average website. It’s up to these websites to do more to increase this perceived feeling of safety and provide better assurances for visitors.

The picture gets more interesting when we look at what types of sites instil confidence.

Fewer than 50% of consumers feel very secure on most websites today; Banks/

financial management websites evoke the highest degree of confidence while

very few consumers feel very secure on social media sites.

43% 21% 30% 22% 20% 23% 18% 8% 46% 62% 46% 49% 46% 42% 43% 32% 7% 12% 12% 13% 13% 17% 21% 34% 3% 2% 5% 4% 4% 5% 8% 21% 2% 2% 8% 12% 17% 13% 10% 6%

Banks/financial management (your bank account, retirement fund, etc.) Online shopping Government sites Medical websites (your personal patientgateway, etc.) Education sites News and information

Search engines Social media % Very/ Somewhat Secure 39% 61% 88% 75% 66% 65% 83% 72%

Feeling of safety by website types

Very secure Somewhat secure Not very secure Not at all secure I don’t think about security when using these websites

Q3: How safe and secure do you feel when using each of the following types of websites (i.e. your personal/financial information is secure, sites are free from viruses or malicious software, and/ or you are interacting with the legitimate organization that you intended)?

(5)

It’s clear that banking websites evoke the highest degree of confidence, while very few consumers feel very safe on social media sites. This is somewhat understandable. Financial websites are usually closed systems which demand users to take several security steps before they can be accessed, such as two-factor authentication. Social media is more open – with anyone in the world able to (attempt to) interact with any user.

Further to the results in the graph below, we also found that

‘baby boomers’ (those born in 1964 or earlier) generally feel

less safe than the younger generations when it comes to online security.

Millennials (those born between 1980 and 1996) have grown up with the

idea of transacting online. Older users have had to adapt and exhibit more

caution than their younger counterparts.

The results also differ depending on whether we look at the UK or US.

90% 86% 80% 67% 65% 66% 62% 40%

Feeling of safety by website types

Consumers that are either very or somewhat secure

87% 80% 71% 76% 68% 64% 61% 39% Banks/financial management

(your bank account, retirement fund, etc.) Online shopping Government sites Medical websites (your personal patient gateway, etc.) Education sites News and information Search engines Social media

13

Q3: How safe and secure do you feel when using each of the following types of websites (i.e. your personal/financial information is secure, sites are free from viruses or malicious software, and/ or you are interacting with the legitimate organization that you intended)?

Bases: 5,000 US respondents, 5,000 UK respondents * Significantly higher than comparison group at the 95% confidence level

US and UK consumers find safety and security in different types of websites,

however both groups report search engines and social media as the least

secure.

United States United Kingdom

Those in the US are more likely to put trust in medical websites, whereas UK consumers feel safer on government websites. The high-profile breach affecting Healthcare.Gov last year – and numerous disruptions from hacktivists - may have had an effect on US consumer confidence in the government’s online presence.

(6)

The majority of consumers may feel relatively comfortable while on online retail sites, but our research has drilled down further into why a substantial number of people don’t.

The biggest concern is around identity theft and hacks. Clearly security issues are starting to have an impact on the mindset of a large number of consumers. The headlines following the breaches at Target, Home Depot and Staples to name just a few will no doubt have contributed to this – particularly in the US.

40% 47% 40% 45%

31% 39% 35% 30% 33%

46% 41% 47%

21% 20% 19% 21%

11% 6% 9% 6%

News and information Search engines Education sites Government sites

14

Reason for feeling insecure by website types

Out of those that feel not very or not at all safe/secure

Of those that feel unsafe on certain websites, most attribute it to concerns

about companies having access to personal information and fears about

identity thefts/hacks.

Q3b: You rated the following types of websites as not very or not at all safe and secure. Why do you feel that way? (Select all that apply)

Bases: Feel not very/not at all safe: 5472 social media, 986 banks/financial management, 1678 medical websites, 1478 online shopping, 2212 news/information, 2835 search engines, 1673 education, 1624 Government sites

57% 38% 47% 38% 37% 39% 32% 43% 52% 55% 43% 52% 17% 15% 17% 15% 4% 3% 6% 3%

Social media Banks/ financial management (your bank account, retirement fund, etc.)

Medical websites (your personal patient

gateway, etc.)

Online shopping

I’m uncomfortable sharing my personal information (e.g., name, address, email, date of birth, etc.) online because I don’t want other companies to have access to it

I’m uncomfortable sharing my financial information online because I don’t want other companies to have access to it I’m uncomfortable sharing my personal and/or financial info online because I fear identity thefts/hacks

I am not too clear on the risks but am worried about things I’m hearing in the news None of these

(7)

Getting to the right website is crucial for transaction oriented activity. With so much phishing activity and so many bogus sites around, making sure you’re in the place you intend to be is essential. Consumers we surveyed were most confident they’d get to a legitimate site if they visited it through their own bookmark.

28% 23% 8% 6% 6% 5% 5% 4% 38% 39% 32% 20% 20% 20% 10% 11% 26% 30% 47% 43% 48% 53% 36% 39% 5% 5% 10% 23% 20% 18% 33% 32% 2% 2% 3% 9% 7% 5% 17% 15%

A link I have bookmarked A URL I typed directly into a web browser A link resulting from a search from a recognized brand or company name A link from an email or newsletter One of the links resulting from a search on the first page above the fold (links that are visible without scrolling) One of the links resulting from a search anywhere on the first page Paid-for advertisements on search

A link from another website (like social media, shopping sites, etc.)

Extremely confident Very confident Somewhat confident Not very confident Not at all

25% 66% 62% 26% 40%

Confidence that method results in legitimate website

Q11: When using the following methods to arrive at websites, how confident are you that you will end up on the legitimate intended site versus a fake or malicious site? Bases: 10,000 qualified respondents

15% 25%

14%

% Extremely/ Very Confident

(8)

Paid-for advertisements on search engines and links from other websites cause the most worry, likely due to what is a perceived lack of control. Most consumers do trust in their ability to spell correctly, as typing URLs directly into the browser is their second favourite method. Any typos could lead to trouble though, with typosquatting still a major problem across the web - a recent study found that 95% of the Alexa 500 (a list of the 500 most visited sites on the web) are actively targeted by typosquatters.

Understandably positive past experience and brand familiarity play

the most important role. Interestingly domain extensions were

crucial to 50% of consumers – but the ongoing addition of hundreds

of new domains will no doubt have some impact on consumer

confidence. Companies need to decide on a strategy for these new

domain names sooner rather than later.

Factors that increase confidence in safety/security of websites

65% 60% 50% 29% 27% 18% 17% 11% I have had a positive past experience with the website

Website is associated with a brand or company that is known/familiar to me Website has a familiar domain extension (like .com, .gov, .edu, .org) Website is recommended by friends/family Website has a large number of comments/ recommendations/ reviews on site Listing/link to the website appears on first page of search results Website has a large number of social media followers (i.e., Facebook, Twitter) None of the above

18

Q4: What factors increase your confidence in the safety/security of the websites you visit? (Please check all that apply) Bases: 10,000 qualified respondents

Positive past experience, brand familiarity, and familiarity with domain

extensions are key contributors to building consumer confidence in safety/

security of websites.

Having a familiar domain extension increases confidence in website security for millennials,

women, and parents.

Indicates respondents from this country are significantly more likely than peers in other countries to engage in this behavior online.

https://

(9)

Consumer concerns around

Internet security

Key highlights

• 56% of consumers not comfortable with the information they have to share to complete online transactions • Two third of respondents more worried than ever about online dangers

• 23% doing less online due to online safety concerns

• 64% of consumers are concerned that their credit card/financial information will be compromised within the next year, and a third within the next month

• Almost 40% believe Internet security policies for consumer protection should be set by a government agency • Consumers call for the government to mandate companies do more to protect information online

Consumers are clearly willing to share information online to complete transactions. That’s why e-retail is such a booming industry. But the majority (56%) are not comfortable doing so. We’re unlikely to see a industry-wide shift in the amount of information required to process transactions. But companies should take note and understand the anxiety felt by many consumers, and focus on being transparent and empathic during financial transactions.

20

While consumers’ online behavior demonstrates a willingness to

share information online to complete desired transactions, the majority

of consumers note they are not comfortable doing so.

9% 8% 6% 4% 33% 33% 25% 13% 27% 22% 23% 26% 19% 21% 27% 25% 13% 16% 20% 31% I share more information online

than I often feel comfortable or intend to share. I’m comfortable sharing my financial details and completing financial transactions online. I’m comfortable sharing my personal details (name, address, phone, DOB, mother’s maiden name) online. My information is already in the public domain therefore I don’t

care either way. 17%

42%

31% 41%

Attitudes about sharing information online

Strongly agree Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree

15% 41% 26% 13% 5%

To complete online transactions I often must share information I would normally not feel comfortable sharing online.

% Strongly/ Somewhat Agree

(10)

How comfortable consumers feel about sharing information does differ

markedly between the UK and US. Our US respondents were significantly

more likely than those in the UK to express discomfort

.

58% To complete online transactions I often

must share information I would normally not feel comfortable sharing online.

43% 45% 33% 17% 54% 41% 37% 28% 18% I share more information online than I

often feel comfortable or intend to share.

I’m comfortable sharing my financial details and completing financial transactions online. I’m comfortable sharing my personal details (name, address, phone, DOB, mother’s maiden name) online.

My information is already in the public domain therefore I don’t care either way.

21

Q5: Please rate your level of agreement with the following statements about sharing information online.

Bases: 5,000 US respondents, 5,000 UK respondents * Significantly higher than comparison group at the 95% confidence level

US respondents are significantly more like than those in the UK to express

discomfort sharing information online. UK respondents are more often

comfortable sharing financial details and personal information to complete

online transactions, but even among those in the UK it is a minority opinion.

United States United Kingdom

Attitudes about sharing information online

(11)

22

Roughly two-thirds of respondents are more worried now than ever about

protecting their personal/financial information online, with the same number

expecting security breaches to get worse over the next year.

24% 25% 24% 16% 41% 38% 37% 27% 23% 26% 33% 39% 10% 9% 5% 13% 3% 2% 2% 5%

I’m worried about getting my credit card/financial information stolen online. I am more concerned about security online now than I have ever been. Security breaches will get worse in the next year. My credit card and personal information is less secure now than it was 1 year ago.

% Strongly/ Somewhat Agree

65%

60% 62%

Internet security: concerns

Strongly agree Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree

Q6: Please rate your level of agreement with the following statements about internet security. Bases: 10,000 qualified respondents

43% This worry around transacting online has reached a peak. Roughly two-thirds of respondents are more worried now than ever before about protecting their personal and financial information online, with the same number expecting security breaches to get worse over the next year. Whether this is born out of media hype, or first-hand experience, it’s a clear message to online businesses. Security is moving up the consumer agenda.

(12)

23

The tendency to conduct transactional activities online is mostly unchanged

despite security concerns, however there is a high level of awareness

regarding the need to do more to protect their data and widespread

understanding of the steps required to protect themselves online.

22% 17% 7% 42% 45% 16% 27% 24% 29% 7% 12% 33% 2% 2% 15% To be fully secure online I know

I need to do more to protect myself.

I know what steps I should take to protect myself more online.

I am doing less online (e.g. banking, shopping) now than I used to because of my concerns with online security.

Strongly agree Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree

Q6: Please rate your level of agreement with the following statements about internet security. Bases: 10,000 qualified respondents

% Strongly/ Somewhat Agree

65%

62%

23%

Internet security: concerns

But interestingly, this isn’t stopping consumers from transacting online. However, consumers are well aware that they need to do more to protect their personal data. They also believe they know the steps they need to take to achieve this.

Worryingly (for the e-retailers) almost a quarter claim they are transacting less online due to concerns with online security. This is evidence that security is affecting behaviour.

(13)

The pictures does differ slightly when the US and UK are split up – with more consumers in the US reporting security concerns, as well as being quicker to realise the need to do more to protect themselves.

58% 64% 18% 61% 55% 51% 32% 68% 70% 69% 54% I’m worried about getting my

credit card/ financial information stolen online. I am more concerned about security

online now than I have ever been. Security breaches will get worse in the next year. My credit card and personal information is less secure now than it was one year ago.

71% 61% 28%

To be fully secure online I know I need to do more to protect myself. I know what steps I should take

to protect myself more online. I am doing less online (e.g. banking,

my concerns with online security.

Q6: Please rate your level of agreement with the following statements about internet security.

Bases: 5,000 US respondents, 5,000 UK respondents * Significantly higher than comparison group at the 95% confidence level

US consumers are significantly more likely than those in the UK to

report online security concerns and are also more likely than UK consumers

to know they need to do more to protect themselves online.

United States United Kingdom

Internet security: concerns

Top 2 Box: Strongly/Somewhat Agree

(14)

But the results regarding data breaches make for grim reading.

A massive 64% of consumers are concerned that their financial

information will be compromised within the next 12 months

because of the recent spate of online data breaches.

Amazingly, a third think it will happen within the next month.

I am concerned that my credit card/financial information will be compromised because of online data breaches

29% 4% 13% 18% 11% 10% 15% Any minute Next month Within the next six months Within the next twelve months Within the next three years Within the next five years Never

25

Q7: I am concerned that my credit card/financial information will be compromised because of online data breaches:

Bases: 10,000 qualified respondents, 5,000 US respondents, 5,000 UK respondents * Significantly higher than comparison group at the 95% confidence level

Six out of ten consumers are concerned that their credit card/financial

information will be compromised within the next 12 months because of online

data breaches; a third think it will happen in the next month.

33%

31%

21%

15%

Immediate Short-term Long-term Never 38%* 32% 17% 13% US 28% 31% 24%* 17%* UK

Many argue that businesses have an ‘it won’t happen to me’ attitude when it comes to data breaches. But, consumers are growing more concerned about the safety of their information.

(15)

Policies for Internet security for consumer protection

should be set by

38% 34% 24% 3% Government agency Independent overseeing body Individual companies None should exist/no one 27

Q8: Policies for Internet security for consumer protection should be set by: Bases: 10,000 qualified respondents

Consumers hold companies accountable for data security

and look to government agencies or an independent overseeing

body to do more to protect consumers.

Those that think their online security will be compromised immediately, are more likely to think a government agency should set policies.

Those that know little or nothing about the change in domain extension are more

likely to think an independent overseeing body should set policies while those that know a lot think individual companies

should set policies.

Indicates respondents from this country are significantly more likely than peers in other countries to engage in this behavior online.

Currently the responsibility for a safe online experience hasn’t been grasped by anyone in particular. There are parts that consumers can handle – such as strong passwords – while certain elements can only be addressed by businesses, such as their internal security processes.

Our study found something new: consumers want a government agency to ensure businessses are accountable.

Interestingly, those that think their online security will be compromised

any day are more likely to think a government agency should set policies.

Clearly they don’t believe the current system is up to scratch.

(16)

39% 42% 16% 3% 37% 27% 32% 3% Government agency

Independent overseeing body

Individual companies

None should exist/no one

UK consumers most strongly believe an independent overseeing

body should set policies for internet security while US consumers

put more emphasis on individual companies.

United States United Kingdom

Policies for Internet security for consumer protection should be set by

Q8: Policies for Internet security for consumer protection should be set by:

Bases: 5,000 US respondents, 5,000 UK respondents * Significantly higher than comparison group at the 95% confidence level

NEW

The picture switches somewhat when we look individually at the US and UK. UK consumers strongly believe an independent overseeing body should set policies for Internet security, while US consumers put more emphasis on individual companies. Although there have been a number of high-profile data breaches in the US in recent years, they do have a more stringent disclosure policy – and companies often offer credit monitoring when their customers are affected.

(17)

29

Regardless of who sets the policies, 4 out of 10 consumers feel the

government is not adequately regulating the use of consumer data online.

Consumers admit feeling overwhelmed with security options and call for the

government to mandate companies do more to protect information online.

67% 56% 38% 12% 5% 21% 29% 36% 32% 16% 11% 13% 19% 37% 39% 1% 2% 4% 15% 27% 1% 1% 3% 5% 12%

Companies that use personal and financial information online should compensate consumers financially if they lose that information because of

data breaches.

The government should mandate that companies do more to protect all information companies’ use or

store online.

I feel overwhelmed with the security options & messages online regarding security. The government is adequately regulating the online

security of companies that use personal and financial information online.

Regulation of online transactions and Internet security

Q9: Please rate your level of agreement with the following statements.

Bases: 10,000 qualified respondents

% Strongly/ Somewhat Agree 22% 88% 84% 44% 75%

Strongly agree Somewhat agree Neither agree nor disagree Somewhat disagree Strongly disagree Companies should be legally obligated

to disclose security breaches.

But regardless of who sets the policies, 40% of consumers feel the

government is not adequately regulating the use of consumer data

online. Consumers admitted to feeling overwhelmed with security

options and call for the government to mandate companies do more

to protect information online.

(18)

Conclusion

This study has shone a light on how

consumers are reacting to the growing

online security threat.

We see headlines every week of

customer data being stolen from

companies big and small. And we know

that consumers are doing more and more

online – from spending on retail to sorting

out their health insurance.

Up to now it didn’t seem that one affected

the other. But we’ve shown that customer

confidence has been seriously damaged.

For those businesses that hold data

online it’s a clear indication that security

needs to be prioritised. Consumers will

return to the brands that they trust to

keep their data safe.

(19)

About NCC Group

NCC Group is a global information assurance firm, passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.

Through an unrivalled and unique range of services, the company provides organisations across the world with freedom from doubt that their most important assets are protected and operational at all times. Listed on the London Stock Exchange, NCC Group is a trusted advisor to more than 15,000 clients worldwide, including over 90% of the FTSE 100. NCC Group has the largest security testing team in the world.

Headquartered in Manchester, UK, NCC Group has 20 offices across the world and employs over 1,000 people.

NCC Group delivers security testing, software escrow and verification, website performance, software testing and domain services.

www.nccgroup.trust

About .trust

.trust is a unique generic top-level domain (gTLD) from NCC Group that will provide a safer and more trustworthy Internet. The .trust gTLD signals that a site is a safe website to interact and do business with. Organisations using .trust domains will be required to comply with rigorous security policies in order to prevent the use of .trust domains for malicious activity. A continual process of security review and improvement will help ensure those sites stay in compliance with .trust requirements.

(20)

References

Related documents

Read more tips on safe shopping when making a purchase online... After

In addition, Postsecondary Enrollment Option (PSEO) is a type of dual enroll- ment program that allows high school students to earn both secondary and postsecondary credit for

You'll find that a lot of buses go to the Central Station, which is convenient, as the venue is very close to the station (follow the 'Jaarbeursplein' signs from inside the

The main objective of our Builder Program is to help you offer your customers the very best in security and home entertainment solutions while enabling you

Advanced Asset Management – Maintenance Planning Life Cycle and

The length-group level expression of the constraint specifies for each shift length group (e.g. all 8 hour shifts, or whatever length groups the user is interested in constraining)

Omvårdnad som sjuksköterskan kan ge syskonen är att göra dem delaktiga i vården av det sjuka barnet och fråga hur de mår och samtala om deras upplevelser och känslor och hjälpa

12.1.5 Where all price offers among the eligible, qualified Proposals exceed RRFB Nova Scotia’s budget for the Software Development Services, and RRFB Nova Scotia is unwilling