It’s Time to Stop Believing that Consumers Are Apathetic About Digital Security (and Start Tapping i
Consumers care deeply about their digital security, yet industry leaders often make exasperated statements to the opposite effect, so why the disagreement? In this blog I’ll make three points: 1) Why industry leaders often state the belief that consumers don’t care about security 2) How we can know that consumers in fact do care about their security, and 3) What leaders need to start doing about this important disconnect now.
I often hear important people preface a discussion of a challenging consumer behavioral problem with their belief that consumers–or perhaps just millennials–just don’t care about digital security. The concern might be how to get people to stop using ‘password’ (or even P@$$word) as the key to their entire lifesavings. Or it could be how to get customers to try an important new safety feature. I’ve read many press releases from security-sector firms that use on-the-street interviews to catch people first stating that security is an important personal priority, and then get them to divulge vital PII in response to a miniscule reward. On a firsthand basis, we’ve all seen additional evidence of security carelessness, such as the friend who shares a full date of birth, pet’s name, or mother’s maiden name on a social media profile (all of which can be used to release one’s password), or place documents containing financial details in paper mail or a trash can. It’s not difficult to produce evidence that people are often careless with their personal security, but that doesn’t prove that they don’t truly care about their security.
People care passionately about their security, as proven by the 403 million responses–more than one for every person in the U.S.–that are returned when Googling ‘security recommendations’. A survey of 3,000 UK and US residents aged 16-35 cited in a Dark Reading article gets it right, using research data to show that even millennials place a high priority digital safety. Aligning with research from under my watch as (former) CEO of Javelin Strategy & Research, the study goes on to acknowledge two additional facts. First, millennials have important differences–often misunderstood as a lack of concern–regarding how they view and manage security. Second, people are often confused about exactly what they should do to protect themselves. Googling ‘how to create a good password’ yields 111 million responses, with most providing advice that is as valuable as it is futile because the recommended complexity fails to note that implementation is impossible without the use of a password manager or memorized cipher. With people awash in security advice that is often confusing, contradictory, outdated or impossible, is it any wonder that they appear to lack motivation to act?
My conclusion–bolstered by over 30 years in digital commerce and research–is that all consumers with assets care about digital security. Yet if people also often make bad choices or even fail to take any action at all in confusion, then the onus is on leaders to stop blaming consumers and start changing how they interact with them. It’s often very difficult to change behavior, especially so for Gen X or Baby Boomer leaders ‘just trying to get through!’ to Millennials. Yet the motivation is there, new technologies offer powerful security advantages, and a teamwork approach between leaders and individuals can have a powerful impact. Leaders should provide advice that is plainspoken, prioritized, and easily implemented by a person of average technological abilities. Security-related products and features should be prioritized by real-world research, and designed with customer experience at the center. People also need clear explanations, free of any compliance-speak or legalese, about the implications of a recommendation (and if it can’t be conveyed simply, it might be appropriate to go back to the drawing board). It’s time to stop writing off consumers as disinterested or apathetic and instead become more effective at finding and tapping into their strong motivation, creating messages, methods and products that are easier to understand and use. No one suggests this is easy, yet with interest in security being so high it can be done.
 Believe it or not, Millennials Do Care About Privacy and Security, Sara Peters, Dark Reading, http://www.darkreading.com/endpoint/believe-it-or-not-millennials-do-care-about-privacy-security/d/d-id/1322622