cyber fatigueCybersecurity should be a top concern of all businesses and organizations worldwide, but unfortunately, that isn’t always the case. We’ve seen evidence recently that nobody is untouchable, from political parties like the Democratic National Committee to major corporations like Sony and Target to the government itself. Newly leaked files point to strong evidence that the National Security Agency was infiltrated — and if the NSA can be breached, that means just about any organization can. At the 28th Annual Tulane Corporate Law Institute in March 2016, a panel discussing cyber risk indicated that more than 50% of the time, corporate leaders don’t learn about a data breach from within their own company, but instead through an outside source such as law enforcement, their financial institution or the media. The clear disconnect between the people running companies and their own security practices is disconcerting, but can be explained through a phenomenon known as cyber fatigue. What is cyber fatigue, and how could it be putting the people who entrust various organizations with their information in danger?

What is cyber fatigue?

Although we’ve written about the increasing consumer numbness to security breaches in the past, the specific term cyber fatigue was recently coined by security industry experts. This term is used to describe the feelings of overwhelm that business executives face when it comes to the high instance of data breaches that keep occurring. As a result of cyber fatigue, businesses (as well as government policymakers) approach security breaches in a reactive manner, rather than a proactive one. Essentially, not enough is invested in strengthening existing security systems, which could help prevent breaches in the first place, and instead companies wait until something happens to do anything about the gaping holes in their data security. Unfortunately, this mentality can have serious consequences.

Breaches are increasing, but security spending is not

According to the Cyber Consumer Loss Barometer report recently published by KPMG, an auditing firm in the Netherlands, more than 80% of top-level executives they surveyed admitted to a breach in the past two years. However, less than half of those who’d experienced a breach actually invested in any security product or service to try and enhance their security as a result. It will probably come as no surprise that the highest reported instances of data breaches were in the retail sector (89% of executives surveyed said yes to a recent breach), followed by the automotive industry (85%) and banking and technology (76%, respectively). The report showed the banking and technology industries in the lead when it comes to investing in new or enhanced security — 66% of banking respondents said they’d done so, and 62% of technology — while retail and automotive lag at 45% and 32%.

It’s important to note that while the data from this report showed the retail industry with the highest reported instances of breaches, the numbers can vary from source to source. For example, the Verizon 2016 Data Breach Investigations Report put the financial industry at the top with 36% of data breaches, and retail at just 6%. Regardless, what these numbers all boil down to is concerning evidence that cyber fatigue has a real hold on a large number of business employees around the world, and the disconnect between the ever-increasing number of security incidents and how much businesses are spending on security is all too clear.

It makes sense that banking is more proactive than other types of industries when it comes to cybersecurity spending — there’s a lot more at stake if a financial institution is successfully penetrated. However, the retail industry has been in a near-constant state of attack for the past three years, and it’s not seeming to slow down anytime soon, as the recently unveiled MICROS point-of-sale system breach has shown. The advent of the Internet of Things has made consumer products, such as vehicles with “smart” features, vulnerable to cyber intrusions in a way probably few people could have guessed five or 10 years ago. Healthcare has also been consistently targeted by cybercriminals, from large-scale breaches at major insurance companies to ransomware attacks holding hospitals hostage. The problem is only going to continue to get worse unless proactive actions are taken to repair what’s broken and continuously update and improve security to stay one step ahead. This takes money, yes, but few could argue against the notion that it’s better overall to spend a little more in the present for peace of mind in the future.

What lessons can the consumer take from all of this?

If the companies we entrust with our data are experiencing cyber fatigue, you can bet that everyday people are as well. It’s easy to become complacent and assume there’s nothing you can do to protect yourself, so you might as well not bother. However, that isn’t the case. As risk consulting firm Kroll points out in its 2015-2016 Global Fraud Report, “cybersecurity is a difficult, time-consuming and ongoing process.” This is true for businesses as well as individuals. Each step you take to protect yourself makes you a more difficult target, and while it isn’t 100% possible to prevent becoming a victim of identity theft or having your information exposed in a data breach, doing something is far better than doing nothing.

Unfortunately, the reality of constant data breaches over the years is that some of your information is probably already out there. Understanding what happens to your data after a breach and how cybercriminals use it is a critical first step. It’s also wise to take matters into your own hands and make proactive choices, such as freezing your credit reports, storing paperwork with your essential data on it in a locked safe, checking your credit reports on a regular basis and utilizing services like identity theft protection and Internet security software to help keep tabs on what’s happening with your information online.

Security breaches are unlikely to stop being a problem, especially as various industries struggle to update their systems and employ the necessary resources to prevent and deal with them. In the meantime, you as a consumer can follow our identity theft protection blog to learn about ways to keep your identity safe as well as get the facts on the latest breaches and security news you should know about.