Light Dark
November 29, 2021 By Mike Elgan 4 min read
Data Protection
Fraud Protection
Incident Response
Risk Management
Security Services

If a store you visit often suffers a cyberattack, you might feel like someone went through your wallet. This kind of attack or data breach, and this kind of feeling, isn’t new. The growing frequency, cost and impact of cyberattacks are new — and consumers notice. Consumers are more aware of attacks than ever before. After all, they affect the public directly more often now, such as when attackers steal their personal information from a large company.

How do consumers perceive these attacks and the threat from future attacks? In what way does this new awareness change consumer behavior and expectations?

Enterprise Attacks Directly Affect Consumers

When attackers breach companies, consumers share the impact. The most measurable impact is in the price of goods and services.

Cyberattacks incur costs in the form of ransomware payouts, higher insurance prices, lawyer fees to remain compliant with regulations, operational disruption, the costs of getting back online and other expenses. These costs are borne by companies, but in the end, raise consumer prices.

And the costs of attacks are going up every year. The average cost of a ransomware attack, for example, was $1.85 million in 2020 — double the previous year, according to a survey from Sophos.

And the future looks grim on this count. Cybercrime costs worldwide are expected to grow by 15% per year over the next five years, reaching $10.5 trillion per year by 2025, according to a prediction by Cybersecurity Ventures. This is the increase in the cost of doing business, which will be reflected in consumer prices.

The other major impact of enterprise cyberattacks on consumers comes from when an attack breaches customer data. Many kinds of attacks leave customers open to identity theft and other kinds of fraud. When attackers sell customer data on the dark web and other criminals buy that data, they can turn an enterprise attack into hundreds of others. It can spin off into credit card fraud, identity theft and a world of social engineering scams. Cyberattacks may strike once, but identity- and personal data-related fraud is forever.

Attacks impact consumers. But what do consumers think about cyberattacks?

How Consumers Think About Cyberattacks

Public awareness about cyberattacks is high. More than three-quarters of consumers are concerned about the privacy of their data, according to a KPMG survey. This worry about the data that companies retain comes with concern about having that data stolen or compromised by a cyberattack.

Some 63% of consumers worry about their data being stolen, according to a survey by Norton. And more and more public reporting in the media on major cyberattacks and their impacts drives this concern.

The rise in cyberattacks on businesses has heightened consumer worries in the past year. Some 44% feel more at risk from cybercrime than they did before the COVID-19 pandemic began, according to the Norton survey.

That worry exists and is rising. But how does worry about cyberattacks manifest in the actions of consumers?

Changing Consumer Behavior and Attitudes

One major impact from concern over cyberattacks is that customers may mistrust brands that suffered an attack. And this mistrust drives consumers away.

A majority (59%) of consumers say they’ll avoid companies hit by a cyberattack in the past year, according to a survey by Arcserve. This means customers are likely to switch from the attacked company to its market rivals.

Consumers are seeing more and more that cyberattacks against the companies that hold their personal data put their own cybersecurity at risk. That data gives criminals the information they need to launch phishing attacks and other threats against them. This is especially acute in the financial services industry, and deeply concerning in health care.

And it’s not just business. Most American citizens are concerned about state-sponsored cyberattacks on U.S. financial institutions, national security and defense systems, energy systems, health care organizations, government agencies and their own personal information, according to a study from the Pearson Institute for the Study and Resolution of Global Conflicts at the University of Chicago and The Associated Press-NORC Center for Public Affairs Research.

What Does This Mean for the Future?

Two rising trends are coming together. First, look at the growing frequency, cost and impact of cyberattacks. Add to that the increasing awareness, concern and reaction of consumers. The one-two punch bodes ill for consumer-facing companies.

This means cybersecurity has major hidden costs they didn’t have in the past. Those are the cost of lost customers, the hesitancy of customers to give up personal and financial data and what could be major reputational damage from serious cyberattacks.

The cost of lost customers also magnifies the other costs by raising the incentive to make ransomware payments and spend more on cyber insurance, cybersecurity staff and tools, reputation management and PR and other costs. The consumer factor magnifies the impact of cyberattacks.

The good news is that there’s a flip side. Consumer concern presents an opportunity, too. You can address customers’ anxiety in advance in a few ways. First, establish very strong security and customer data protection. In addition, communicate to customers exactly why their data is safe.

It’s time to stop assuming that consumers don’t know or care about cybersecurity. They do, and they understand it. That’s why organizations need the right security posture. Combine that with clear and respectful messaging, and you get a way forward. You’ll need it in this new era of cyber threats and with growing public awareness and concern for the risks.

 |  |  |  |  | 
Mike Elgan

More from Data Protection
January 27, 2025

How secure are green data centers? Consider these 5 trends

4 min read - As organizations increasingly measure environmental impact towards their sustainability goals, many are focusing on their data centers.KPMG found that the majority of the top 100 companies measure and report on their sustainability efforts. Because data centers consume a large amount of energy, Gartner predicts that by 2027, three in four organizations will have implemented a data center sustainability program, which often includes implementing a green data center.“Responsibilities for sustainability are increasingly being passed down from CIOs to infrastructure and operations…

January 21, 2025

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

January 3, 2025

Router reality check: 86% of default passwords have never been changed

4 min read - Misconfigurations remain a popular compromise point — and routers are leading the way.According to recent survey data, 86% of respondents have never changed their router admin password, and 52% have never adjusted any factory settings. This puts attackers in the perfect position to compromise enterprise networks. Why put the time and effort into creating phishing emails and stealing staff data when supposedly secure devices can be accessed using "admin" and "password" as credentials?It's time for a router reality check.Rising router risksRouters…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature