In a TNS survey of 2,006 U.K.-based 16 to 64-year-olds, consumers expressed concerns about specific issues such as money being stolen from bank accounts or disruption to travel. In particular, 22 percent feared that any issues such as these would take longer to identify and fix as most staff are on holiday. Any failure to identify an attack—and to warn victims in a timely manner—could have serious consequences for an organization.
Only four percent of respondents would unconditionally stay with a business that failed to inform them of a cyber-attack, meaning businesses that lose customers' trust due to attacks over the holiday period may lose those customers soon afterwards. “Just because businesses and security teams are operating at a reduced capacity, it doesn't mean that attackers will be. Indeed, with less than three percent of the UK workforce reported as working on Christmas Day in previous years, this is a prime time for organized attackers to take advantage,” said Piers Wilson, head of product management at Huntsman Security.
“Consumers fear situations such as attackers stealing bank details and finances; disrupting travel; or making brand-new connected gifts worthless. If already stretched security teams can't deal with issues promptly, even if only for a couple of days, there is likely to be a delay in identifying attacks and sending warnings to customers. Organizations across industries from retail to travel to banking must make sure that their security teams have the support they need to identify and act on threats over the seasonal period.”
In the research, consumers expressed concerns over a number of specific threats:
• 36 percent were worried about finding out that money had been stolen from their bank account.
• 17 percent were worried about being unable to do last-minute shopping or return items due to retailers' systems failing.
• 16 percent were concerned about travel services such as airports and trains failing, causing long delays or cancelled trips.
• 16 percent were worried about being unable to use, connect or log-in with new electronic gifts, such as games consoles, phones or tablets.
Consumers have also become less forgiving about companies failing to inform them of security breaches, as high-profile incidents such as Tesco Bank and Yahoo remain front-of-mind. Thirty-three percent would only stay with a company that did not inform them of a major security breach if there was no evidence of negligence, 14 percent said it would be that company's final chance and 12 percent would only stay with such companies if they had no other alternative.
“As cyberattacks become increasingly common, the ability to automatically and swiftly identify and respond to them will be critical for businesses,” continued Piers Wilson. “In competitive industries, organizations that prove they cannot quickly inform their customers of such attacks will quickly find themselves losing business to those consumers feel they can trust more. With some breaches remaining hidden for months or even years, it is clear that many organizations still have work to do to keep the public faith. Periods such as Christmas, where security teams will be reduced and attacks may well slip under the radar, will be critical times for businesses to prove they are remaining vigilant.”