Would You Rather Be Hacked? [Survey]
- 58% of full-time employees felt having their work account hacked would be the most impactful, significantly more impactful than having their social accounts (21.1%) or personal accounts (20.9%) hacked.
- One in four full-time employees reported they would be terminated by their employer if their work account got hacked.
- In a ransomware scenario with personal accounts, 51.5% of respondents would spend the most to recover their mobile banking account, more than all other personal accounts combined.
What Is Your Digital Privacy Worth?
The worldwide web has intimately connected and empowered people across the globe since its advent in 1989. Since then, an increasing amount of information – in many cases, highly sensitive personal data – has been stored digitally. Many online accounts currently hold compromising information that, if somehow were to fall into the wrong hands, would likely be highly destructive to someone’s livelihood.
According to a statement on the American Civil Liberties Union’s website, the pace of technological innovation has allowed governments and even corporations to track our “communications, whereabouts, online searches, purchases, and even our bodies.” Thus, it only makes sense that cybersecurity is becoming an increasingly relevant concern for anyone who surfs the web. In this seemingly endless sea of public data, then, what information do people typically prioritize?
In attempts to answer this question and many other related concerns, we surveyed 1,000 full-time employees across various industries to examine where people store their most important information, what sorts of information they store, and how important they deem different types of information. Read on to get a closer look at what we found.
Most Sensitive Accounts
The kind of information people store online can be subcategorized into personal, work, and social. Which are the most important?
According to the survey data, most people reported that the type of account which holds the most sensitive information (relative to “work” and “social” accounts) is their personal account. Specifically, 59.7% of respondents believed their personal accounts hold the most sensitive information, and 25.3% and 15% believed the same for their work and social accounts, respectively.
Sensitivity, impact, and embarrassment are keywords that can be used to describe how respondents perceive the information in their accounts. While social accounts getting hacked were most associated with embarrassment (44.8%), they were also most associated with being the easiest to recover (49.8%) and the least impactful (59.3%). On the flip-side, work accounts getting hacked were most associated with being the hardest to recover (56.3%) and the most impactful (58%), suggesting that their level of importance and need for security is relatively higher than personal and social accounts.
What Really Matters?
One way to find out what someone deems important is to learn what they find to be less important. In other words, evaluating data on what sorts of breaches or thefts people would rather experience offers insights into what information they prioritize.
Overall, we observed that the average full-time employee finds social media hacks to be the least troublesome data breach scenarios. The data also suggests that a majority of people’s most sensitive information is stored digitally. This conclusion can be discerned from the fact that most respondents (71%) believed their bank account being hacked is worse than their wallet being stolen and also that 72.6% believed their email being hacked would be worse than their mail being stolen.
Seeing as digital storage is more convenient and likely more secure than physical storage, it seems safe to assume that most people keep their highly sensitive information in their online accounts. Furthermore, respondents had a split opinion when deciding whether their phone being stolen or hacked was worse and whether their computer being stolen or hacked presented the larger dilemma.
Cybersecurity on the Clock
Work accounts, unlike personal and social accounts, hold full-time employees accountable not only for themselves but for their employer, as well. Did that impact respondents’ perceptions of their work accounts?
The three most important work accounts to respondents were their files or data (6.3), work email (5.9), and work contacts (4.9) accounts. In a ransomware scenario, respondents valued each of the aforementioned work accounts in the same respective order, with files and data being valued the highest (48.4%).
While 31.7% of full-time employees reported they would face no consequences if their work accounts were hacked, 30.5% reported suspension, 29.2% reported reprimands, and 25.2% reported termination as the various forms of punishment. The smallest and largest companies were more likely to report no punishment, while companies with 501 to 999 employees reported the highest levels of punishments (suspension, reprimands, and termination).
It’s Nothing Personal, or Is It?
Though it’s fairly clear what kind of information people deem important through drawing inferences, let us take a look at how much full-time employees value their personal information.
An overwhelming majority of respondents (84.2%) would feel a high level of urgency if their personal account was hacked. This reaffirms respondents’ beliefs that their personal accounts hold the most sensitive information. The three most important personal accounts to respondents were their mobile banking, email, and computer user accounts, as indicated by their average importance levels on a scale from one to ten, with ten being the most important. In order, respondents rated these accounts’ importance at 7.1, 6.3, and 6.1, respectively. How does importance relate to the negative impact of getting hacked for these accounts? The results are notably similar.
Contacting customer support (69.3%) was the leading course of action respondents would take to recover hacked personal accounts. With regards to which personal account respondents would spend the most to recover in a ransomware hack scenario, mobile banking accounts (51.5%) came out on top, more than all other personal accounts combined.
Social Accounts: Just How Important Are They?
Clearly, respondents’ mobile banking accounts are their most sensitive and important personal accounts, understandably so. But, what about their social accounts?
A majority of respondents (63.9.%) would feel a high level of urgency if their social account was hacked; however, it was much lower than for personal accounts. The three most important social accounts to respondents were their Facebook (4.8), Instagram (4.3), and Twitter (3.7) accounts, as represented by their average importance levels on a scale from one to ten (with ten being the most important). Importance and negative impact were directly related.
Surprisingly, respondents’ top two actions in response to their social accounts being hacked were virtually even, with 60.4% claiming they would contact customer support and a surprising 60.2% reporting they would recover the account themselves. Facebook was the clear-cut favorite (43.8%) with regards to the account respondents would spend the most to recover in a ransomware scenario.
It’s Not All That Bad
It’s well-documented that there are numerous reasons for all people on the web to be conscientious with how they maneuver their digital footprints. To what extent you’re protected is to some degree determined by whether your highest priority accounts are secure. The general consensus based on full-time employees is that personal accounts, specifically mobile banking, email, and computer user accounts, contain what respondents believe to be their most important, and perhaps sensitive, information.
Furthermore, while work accounts tend to not contain the most sensitive information, according to respondents, their importance rankings were not far below those of personal accounts. Social accounts were considered less important overall, considering the fact that full-time employees can suffer far more damaging losses from data breaches in virtually any other type of online account.
Keeping track of your passwords and doing your part to ensure you’re protected on and off the web can be a tedious and overwhelming endeavor. As the world’s most advanced passwordless identity platform, Beyond Identity provides companies and their employees with a more convenient and secure privacy solution to protect their work accounts and information.
Methodology and Limitations
For this study, we surveyed 1,000 full-time employees on Amazon MTurk. 43.6% identified as women, 56% identified as men, and 0.4% identified as nonbinary. The average age of these respondents was 37.7 years with a standard deviation of 10.3 years.
The main limitation of this portion of the study is the reliance on self-report, which is faced with several issues such as, but not limited to, attribution, exaggeration, recency bias, and telescoping.
Fair Use Statement
Though concerns of privacy on the web only seem to grow, you can take steps to educate yourself and those around you about cybersecurity. Evidently, there’s certainly more ground to be covered in this discussion. If you find our data useful, feel free to spread the knowledge. Just make sure you do so for non-commercial use and provide a link back to our site.