Fifty-nine percent of consumers fear that businesses operating with skeleton crews over the Christmas holidays will leave them vulnerable to the effects of cyber-attacks, cyber-security specialist Huntsman Security has warned.
In a TNS survey of 2,006 UK-based 16 to 64-year-olds, consumers expressed concerns about specific issues such as money being stolen from bank accounts or disruption to travel.
In particular, 22 percent feared that any issues such as these would take longer to identify and fix as most staff are on holiday. Any failure to identify an attack – and to warn victims in a timely manner – could have serious consequences for an organisation.
Only four percent of respondents would unconditionally stay with a business that failed to inform them of a cyber-attack, meaning businesses that lose customers' trust due to attacks over the holiday period may lose those customers soon afterwards.
“Just because businesses and security teams are operating at a reduced capacity, it doesn't mean that attackers will be. Indeed, with less than three percent of the UK workforce reported as working on Christmas Day in previous years, this is a prime time for organised attackers to take advantage,” said Piers Wilson, head of product management at Huntsman Security.
“Consumers fear situations such as attackers stealing bank details and finances; disrupting travel; or making brand-new connected gifts worthless. If already stretched security teams can't deal with issues promptly, even if only for a couple of days, there is likely to be a delay in identifying attacks and sending warnings to customers. Organisations across industries from retail to travel to banking must make sure that their security teams have the support they need to identify and act on threats over the seasonal period.”
In the research, consumers expressed concerns over a number of specific threats:
Consumers have also become less forgiving about companies failing to inform them of security breaches, as high-profile incidents such as Tesco Bank and Yahoo remain front-of-mind.
Thirty-three percent would only stay with a company that did not inform them of a major security breach if there was no evidence of negligence, 14 percent said it would be that company's final chance and 12 percent would only stay with such companies if they had no other alternative.
“As cyber-attacks become increasingly common, the ability to automatically and swiftly identify and respond to them will be critical for businesses,” continued Piers Wilson. “In competitive industries, organisations that prove they cannot quickly inform their customers of such attacks will quickly find themselves losing business to those consumers feel they can trust more. With some breaches remaining hidden for months or even years, it is clear that many organisations still have work to do to keep the public faith. Periods such as Christmas, where security teams will be reduced and attacks may well slip under the radar, will be critical times for businesses to prove they are remaining vigilant.”