Cybercrime rates are increasing every year, with the FBI's Internet Crime Complaint Center reporting almost 350,000 individual complaints of cybercrimes in 2018, up from approximately 270,000 in 2014. In fact, in a survey of American consumers, ValuePenguin found that about 43% of respondents have been subject to some form of cybercrime.
But despite the cost of hacking, cyber fraud or extortion events — of the cybercrime victims in our survey who incurred a financial loss, 64% lost $1,000 or more — Americans are more worried about personal data they have voluntarily given up. Our respondents are more concerned with the potential for companies to sell or use personal information against them than they are of a cybercrime specifically targeting them.
- Forty-three percent of Americans have been a victim of cybercrime, with the incidents categorized as either hacking, fraud, extortion/blackmail or cyberbullying.
- Sixty-four percent of respondents who suffered a financial hit from a cybercrime lost $1,000 or more as a result, with 37% losing between $1,000 and $5,000.
- But 51% of Americans list their top data concern as companies selling their personal information or using it against them, compared to 23% listing their top concern as a cybercrime.
- Approximately one-third of consumers are willing to share driving and health data to insurance companies if they can get a discount on their premiums.
- Consumers' relative calm about cyber crimes is reflected in the modest sums they are willing to pay for protection. Thirty-five percent of Americans wouldn't be willing to pay anything for a personal cyber insurance policy, and another 25% would only pay $25 per year or less.
More consumers (51%) see company misuse of personal information as a bigger concern than a personal cyber attack or extortion (23%)
Consumers are concerned about the security of their personal information, but their biggest source of anxiety stems from the companies that are already in possession of it.
When given the choice of which threats to their personal information they're concerned about, consumers chose the selling of their private information or the use of it against them by businesses.
When our respondents were asked how much they were bothered by the concept of companies selling their personal information to third parties, 47% said it bothered them a great deal, and 36% said it bothered them a little, indicating over 80% of consumers have some level of discomfort with the commodification of their data.
The type of data shared matters, especially for younger consumers
We asked respondents whether they would be willing to share personal data in a variety of consumer scenarios, ranging from insurance transactions to online shopping. Although 37% of those surveyed would be unwilling to share personal data in any scenario, respondents were more willing to share personal data when they can get savings in return.
In particular, the type of data sharing bargain consumers are most comfortable with is to exchange data for discounts in insurance products. Over 30% of consumers said they're comfortable sharing personal health or driving data with auto and health insurance providers if it garners them discounts.
Although over one-third of consumers are comfortable sharing personal health data with their insurer for a discount, they are still wary of their health privacy outside of their insurer: only 10% would share health data with an app.
Sharing of personal data on web browsing, voice conversations, payment information and purchase information is mostly off-limits for most consumers. Only 15% or less of them would be willing to share data related to these categories.
Comfort with sharing personal data: The millennial age gap
Younger age groups are more willing to share their personal data than their older cohorts. Of all surveyed age groups, those aged 23-38 (i.e. millennials) were most willing to share some form of personal data; even more willing than their 18-to 22-year-old peers.
Willingness to share personal data in at least one of our scenarios:
|18 - 22||68%|
|23 - 38||69%|
|39 - 53||60%|
|54 - 73||56%|
And like other age groups, they were most willing to share it to get savings. Getting discounts for car and health insurance were the most acceptable scenarios for sharing data for millennials.
Where millenials differentiated themselves is their willingness to share web browsing data for targeted ads. Seventeen percent of them found this practice acceptable, only exceeded by the 21% of those in the 18-to 22-year-old age group who were amenable to the practice.
Perhaps reflecting a lack of experience paying for insurance products, 18-to 22-year-olds were less likely to share driving or health data with insurers than any other age group. Only 17% of this age group would share driving data with their insurer for discounts and only 28% would share personal health data for savings.
But consumers are often unaware that sometimes insurers can collect outside data from them, including from social media.
When asked whether it's true or false that insurance companies can legally use social media to learn more about their behavior, 43% of respondents said it was false. But in some cases insurers have already begun to use social media data to monitor this data.
For instance, New York's Department of Financial Services offered guidance this year saying that it is appropriate for insurers to use external data sources such as social media, internet activity and geographic location tracking to inform rate setting.
An illustrative example of how this phenomenon could affect a consumer:
- Life insurance companies may charge higher rates for those who smoke cigarettes.
- But consumers who claim to be non-smoking could have pictures of themselves using cigarettes on social media.
- Life insurance companies could be within their rights to adjust rates accordingly given the higher rates of smokers.
Given the manual work involved in scouring policyholders' social media, and the wealth of data already available to insurers, social media data may not end up being a key factor in setting consumers' rates. But if an insurance company has reason to believe customers may be lying to or misleading them, social media is another tool for the providers to investigate the legitimacy of claims, and another way in which publicly available personal data may alter the relationship between consumers and businesses.
Consumers are willing to pay to protect themselves against cyber intrusions, but don't want to break the bank doing it
We see that a reasonable share of consumers are willing to volunteer personal data in certain scenarios — especially with their insurers — but how many are willing to pay for insurance to protect against cyber crime? According to our survey, relatively few: 50% of respondents either wouldn't pay anything, or would pay very little, for personal cyber insurance.
But although 61% of consumers have purchased or would consider purchasing personal cyber insurance, they're generally not willing to pay much for the protection. 35% of respondents wouldn't be willing to pay anything, and another 25% would only want to pay $25 or less per year. In other words, about half of consumers are unwilling to make a large outlay for personal cyber insurance.
Our data indicates consumers may underestimate the value of a personal cyber policy. Forty-three percent of Americans have been subject to some form of cyber crime, and many of these events are quite costly:
Home insurance policyholders make approximately six claims per 100 policies, a rate of 6%, according to the Insurance Information Institute. Cybercrimes remain a relatively low probability event, but given that 10% of respondents have lost notable sums, personal cyber insurance may provide an option for those concerned about its potential for financial damages.
ValuePenguin commissioned Qualtrics to conduct an online survey of 1,020 Americans, with the sample base proportioned to represent the overall population.