The business of protecting individuals: realities of consumer-focused security, why we cannot expect that people will buy security tools, and what we need to do instead
The business of protecting individuals: realities of consumer-focused security, why we cannot expect that people will buy security tools, and what we need to do instead
Looking at the reality of consumer-focused security, why people don’t pay attention to security, which types of B2C security products have seen adoption and which didn’t, and what the future holds
Great writeup and a defintely a lot to unpack here. Was going to add this to your LI post but hit my word limit.
In your reference to existing risks and consumer awareness, regulators and industry had to step up to safeguard the consumer and insurance had to come in to help offset the immediate cost over time. The automobile industry was required to add further safety standards to operate on the roads and insurace became mandatory. Will we see an internet where you can only exist on it if you meet minimum security standards? Or maybe if you don't meet that security standard as a consumer and fall victim to a crime (accident) existing insurance cover is more difficult to leverage?
I do wonder if the data to shift this claim is out there "Most individuals haven't felt the pain of a security incident" given I'd be surprised if we all didn't know at least one person that has been personally caught by a cyber attack in the past few years. There is also the potential stigma associated with being a victim of cybercrime so its not spoken of widely. I know at least a few that are incredibly emberassed they clicked on something which is now to them so obvious and it had massive financial impact.
I love the fact that businesses like the bank you mentioned and others are doing things that help secure their customers. Hopefully this trend continues.
I'm curious if you see a stage where cyberattacks become so mainstream that regulators, industry, and insurers all come to the table, not neceissarly at the same time, to offer consumers products that will help them avoid or recover from a cyber incident. Personal cyber insurace baked in to homeowners policies or standalone, applications or cellular devices thats use is contingent on having security safeguards turned on similar to seatbelts in cars. I'm avoiding the big brother topic especially with celluar and personal devices here because while relevant I do think there is ways to have both. Cars have seatbelts, people choose to use them, but if they don't and have an accident there are consequences.
Some time ago we ran a campaign asking people how much they’d pay for an internet security suite for their homes. The results were interesting because out of around 1000 people, 1/3 of them said zero or close to zero, 1/3 said half of what a normal product would cost and the other 1/3 were all over the place with less than 10 % getting close to the prices of the time. Then, we gave the option to all of the respondents to buy the product at their requested price, and from those that open the offer, less than 25 % actually bought it. It was an interesting exercise that supports what you said about people not wanting to pay for security.
Great writeup and a defintely a lot to unpack here. Was going to add this to your LI post but hit my word limit.
In your reference to existing risks and consumer awareness, regulators and industry had to step up to safeguard the consumer and insurance had to come in to help offset the immediate cost over time. The automobile industry was required to add further safety standards to operate on the roads and insurace became mandatory. Will we see an internet where you can only exist on it if you meet minimum security standards? Or maybe if you don't meet that security standard as a consumer and fall victim to a crime (accident) existing insurance cover is more difficult to leverage?
I do wonder if the data to shift this claim is out there "Most individuals haven't felt the pain of a security incident" given I'd be surprised if we all didn't know at least one person that has been personally caught by a cyber attack in the past few years. There is also the potential stigma associated with being a victim of cybercrime so its not spoken of widely. I know at least a few that are incredibly emberassed they clicked on something which is now to them so obvious and it had massive financial impact.
I love the fact that businesses like the bank you mentioned and others are doing things that help secure their customers. Hopefully this trend continues.
I'm curious if you see a stage where cyberattacks become so mainstream that regulators, industry, and insurers all come to the table, not neceissarly at the same time, to offer consumers products that will help them avoid or recover from a cyber incident. Personal cyber insurace baked in to homeowners policies or standalone, applications or cellular devices thats use is contingent on having security safeguards turned on similar to seatbelts in cars. I'm avoiding the big brother topic especially with celluar and personal devices here because while relevant I do think there is ways to have both. Cars have seatbelts, people choose to use them, but if they don't and have an accident there are consequences.
Wow, this is the best read I had this week.
You identified clearly the frictions that hold people back with security tools.
I will share this. Thank you for your thoughts on this
Some time ago we ran a campaign asking people how much they’d pay for an internet security suite for their homes. The results were interesting because out of around 1000 people, 1/3 of them said zero or close to zero, 1/3 said half of what a normal product would cost and the other 1/3 were all over the place with less than 10 % getting close to the prices of the time. Then, we gave the option to all of the respondents to buy the product at their requested price, and from those that open the offer, less than 25 % actually bought it. It was an interesting exercise that supports what you said about people not wanting to pay for security.