Complacency remains the default in protecting against cyber breaches, and lax behaviour is most acute among younger users.

(An earlier version of this story, about US attitudes towards security, appeared in Family Wealth Report, sister news service to this one. The issues raised here are global, so we want to share this with readers in other regions. Feedback is welcome: email tom.burroughes@wealthbriefing.com or jackie.bennion@clearviewpublishing.com )

Despite the recurring headlines and untold misery that cybercriminals can inflict, US users remain underprepared for even the most common cyber exposures, and the younger generation is particularly laissez faire.

In its third Annual Cyber Report conducted in May on how prepared individuals and companies are for such attacks, risk services group Chubb found low uptake for even the most basic preventative steps. It found that less than half (41 per cent) of respondents use cybersecurity software and less than a third (31 per cent) regularly change their passwords - numbers virtually unchanged from 2018. Among younger users, vigilance over some basic practices is going into reverse.

Polling a broad section of the US population, Chubb uncovered a concerning lack of education in how users value individual pieces of their personal data. “The little things are actually the big things,” it said.

Less than 20 per cent of respondents were concerned about their email addresses being compromised, even though an email address can be a goldmine for hackers, it said. Only a quarter were concerned about their medical records being breached, even though more than half of all the commercial healthcare claims submitted to Chubb were the result of an external breach, a figure up significantly from all previous years, the firm said. It warned that a compromised medical record often gives enough information to completely steal an identity.

Cybercrime has become a costly and reputational global scourge, from individual scams up to corporate attacks made on an industrial scale. Figures published in the FBI’s Internet Crime Complaint Center annual report last year showed that cybercrimes overall, including direct breaches and digital fraud, hit a six-year high. In 2018, over 300,000 individuals in the US were victims of cybercrime, Comparitech’s analysis of the data showed, with losses exceeding $1.2 billion. The losses felt by corporations are far greater. In a report earlier this year on current trends, Accenture put the cost of cybersecurity to the global economy at $5.2 trillion over the next five years.

“When it comes to your cybersecurity, there’s no such thing as being over prepared,” said Fran O'Brien, division president of Chubb North America Personal Risk Services. While she acknowledged that a vast majority of the 1,200+ people polled expressed concern about being breached, “concern itself isn’t enough," she said. "Individuals often say their lack of cybersecurity action is because it seems too time consuming in the moment. But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur."

Chubb found older respondents were generally better practised than their younger compatriots. Three quarters of those over 55 regularly delete suspicious emails, but this precaution dropped to half among those aged 35 to 54, and down to a third among those aged 18 to 34. The survey found similar patterns among the age groups when looking at those enrolled in cybersecurity monitoring services.

It also found that the younger generation was becoming more lax not less. Around half (47 per cent) of those aged 18 to 34 said they deleted suspicious emails in 2017; in 2018, this number dropped to 40 per cent.

The S&P 500 security provider that operates across 54 countries, also looked at business behaviour and found that they too “aren’t immune to the lack of progress.”

While most individuals polled thought that their companies had either “excellent” or “good” cybersecurity practices in place from 2018 and 2019, the majority of businesses are still failing to implement the most basic safeguards, the report found.

From 2018 to 2019, there was virtually no change in the proportion of companies holding yearly employee cyber training (a third); putting online content filters in place, and using social media blocks (with around 40 per cent putting these basic software filters in place).

Just 10 per cent of respondents reported having a cyber insurance policy, Chubb said. It added that "such a policy includes more than just a financial loss mitigation tool; it can help individuals address the very preventative measures they’re currently failing to implement."