Cybersecurity Complacency

Nick Ridley

Sep 19, 2023

Over the past few years there have been several high-profile instances of data breaches, ransomware attacks and other types of cybercrime, demonstrating that good cybersecurity practices have become more important than ever.

With that in mind and as business insurance experts, we were interested to see how individuals across Canada, Australia and the United States of America were keeping safe, and how their habits could be putting them at risk.

Here is what we found out.

Older Australians would not pay a ransom to get their information back

Respondents across all three nations were asked whether they would want a company they use to pay a ransom to retrieve their data if it were to be compromised, and Australians were quite divided on the issue. In fact, it was almost an even split, with 50.5% declaring they would indeed want the company to pay the ransom, compared to 49.5% who indicated otherwise.

Interestingly, slightly more women (56.6% saying yes) reflected the same sentiment compared to their male counterparts (43.3%). When comparing the statistics based on age groups, we discovered that as many as 80.3% younger Australians (18 to 25 years old) expected a company to cover potential ransom costs, compared to just 35.1% of Baby Boomers.

Furthermore, there was a nationwide consensus on whether people would pay a ransom for a personal attack, with the majority saying no (80.5%). The generation which was the least likely to pay a ransom was people aged 58 and older (92.7%).Graph showing survey results on how likely Australians feel they are to be cyberhacked.

When asked whether they think they are immune to being hacked, the majority of Australians (65.5%) felt it was likely they could be security compromised. In fact, more than one in 10 admitted the likelihood of their personal information being accessed was ‘very likely’.

In contrast, as little as 4.9% of male respondents were confident that the chance of being hacked was highly unlikely. With that in mind, we were curious to understand what contributes to a person’s confidence in their online security. So, we asked what measures people had put into place to protect themselves from being hacked.

What are the most commonly used protection methods?

The most common answers were ensuring all passwords were unique (66.6%), using multi-factor authentication (62.2%), and using anti-virus/firewall software (57.8%). Other ways that Australians protect themselves digitally include changing passwords regularly (50.2%), using a password manager (27.8%) and regularly clearing their digital footprint (25.3%).Image showing how different generations in Australia protect themselves when it comes to online security.

Where do Australians keep their passwords?

More than two in five Australians (43.4%) don’t keep a record of their passwords. For those that do, the most popular places to save them includes in notebooks (27.7%), in their phone (15.0%), or in a secure app (9.4%).

When asked how often the passwords for sensitive accounts were changed, most claimed to have done so in the past month (49.8%). Alarmingly, around one in five (22.1%) don’t recall the last time they updated their sensitive passwords, and in some cases, they have never been updated.

Canadians want corporations to pay a ransom if they get hacked

Both male (66.3%) and female (75.9%) Canadian respondents would want a company to pay a ransom to protect their data. Conversely, however, the majority of respondents (66.5%) admitted that they wouldn’t pay a personal ransom. This is despite more than half (57.5%) of the nation feeling it is likely they could get hacked on a personal device.

Knowing that most Canadians are expecting to be hacked in their lifetime, we again asked what measures they have in place to prevent it from happening. The results were similar to that of Australia, with the most common approaches including ensuring all passwords are unique (68.2%), using multi-factor authentication (64.9%) and using anti-virus/firewall software (59.7%).

Other common protection measures include changing all passwords regularly (49.1%), wiping their digital footprint frequently (25.8%) and using a virtual private network/VPN (24.4%).

Graph showing how Canadians typically protect themselves and their information online.

How unique are Canadians’ passwords?

Around half of Canadians (50.2%) claim that all of their passwords are unique, with a further 42.3% believing that most are unique. Alarmingly, one in ten of Gen Z respondents (11.8%) admitted that all of their passwords are a variation of the same thing, showing that younger generations might be laxer when it comes to cybersecurity.

Where do Canadians keep records of their passwords?

The most common answer for men was in a notebook (39.4%), while the majority of women (38.5%) admitted to not keeping a record at all. Surprisingly, some of the more ‘secure’ items were less commonly used, such as the use of secure apps (10.6%) and encrypted programs or browsers (7.4%).

Interestingly, there was a tie for first place for respondents aged 18 to 25 years old on how they kept track of their passwords by not having a record (33.3%) and keeping them on their phone (33.3%). Meanwhile the majority of respondents aged 26 to 41 said they didn’t keep a record of their password (44.5%), while Generation X (37.2%) and Baby Boomers (51.1%) both keep their passwords in a notebook.

Finally, when asked when they last changed their passwords for sensitive accounts, as many as 15.4% said they don’t remember. This was followed by 4.9% who admitted it was years ago, and a further 25.1% that made the change sometime in the past 12 months. Luckily, an impressive 53.2% proudly claimed to have updated their passwords in the last month.

Americans feel mixed about whether they should pay a ransom

Both American men (69.3%) and women (78.5%) would want a company to pay a ransom if they were hacked and their data was compromised. However, this number dropped to just 40.8% when we asked whether people would pay a ransom if they were hacked personally, despite as many as 66.7% of respondents feeling they were likely to be hacked. Around 33% felt confident they wouldn’t be hacked on any personal devices or accounts.

When it comes to cyber safety measures that Americans have in place to protect themselves, the most common were ensuring all passwords were unique (62.4%), using anti-virus/firewall software (59.0%), and using multi-factor authentication (56.7%). Less common methods include changing passwords regularly (55.0%), using a password manager (30.3%) and regularly wiping their digital footprint (26.2%).

Across the generations, Gen Z was the age group least likely to change passwords frequently and use anti-virus software, whereas Baby Boomers were significantly more likely to rely on such software than any other age group.

Where do most Americans record their password?

When asked the last time they updated the passwords to sensitive accounts, most respondents (57.9%) said they had done so in the past month. Meanwhile, almost a quarter (22.5%) changed them in the past year, and 14.6% admitted they don’t remember the last time they refreshed their security measures.

Similarly, we asked if people use the same passwords across multiple accounts. A promising 90.6% claimed that most or all their passwords are unique, leaving just a small percentage of the population with questionable cybersecurity measures.

As for how passwords are kept, most store their passwords in a notebook (39.3%), with a further 28.6% not storing them anywhere at all. Interestingly, almost five times as many Gen Z respondents log passwords in their phone than those aged 58 and older.

How business insurance can help you stay safe

Compare the Market’s General Manager of General Insurance, Adrian Taylor, said there was a shocking trend between all three countries that most participants felt they were likely to be hacked.

He stressed the importance for businesses and individuals to be protected by changing their passwords regularly, having anti-virus software and having strong firewall programs.

Mr Taylor added that businesses could also purchase cyber liability insurance to make sure their data was protected.

“Cyber liability insurance can help you prepare for the worst,” Mr Taylor said.

“Policies may vary from provider to provider; however, it could help deal with issues such as data or network security breaches, and cyber extortion.

“As we have seen on the news, large organisations, governments, and other entities have been all affected by cybercrime, showing how anyone can be a victim.

“Having a policy which covers your business ensures you are prepared for the worst, and could save you thousands of dollars and effort.”

Make sure you read your Policy Disclosure Statement (PDS) for details on what will and won’t be covered before you buy a business insurance policy.

Compare the Market commissioned PureProfile to survey 1,000 Australian, 1,001 American and 1,001 Canadians adults in July 2023.