With 90% of data breaches expected to include the human element in 2024, consumers are holding banks responsible for their Human Risk Management
Almost a quarter (23%) of US and UK consumers have said that a bank’s approach to cybersecurity is a factor when they consider opening an account, emphasizing the prominence of cybersecurity in consumer decision-making in an increasingly digital landscape. A further 36% stated that while cybersecurity isn’t a factor in selecting their bank, if they were aware of a major data breach, it may influence their selection.
The CybSafe study, which examined the impact of cybersecurity policy on consumer decision-making, found that 85% of consumers agreed that their bank prioritizes cybersecurity to protect their data. Despite this, the same customers place a high level of responsibility on banks.
Customers expect banks to provide them with resources to stay safe online
When asked about banks’ responsibilities regarding cyber issues, four in five respondents stated they expected banks to train staff on cyber risks and the prevention of data breaches. However, the expectations didn’t end there, with 84% of respondents stating that banks are responsible for providing customers with the resources to stay safe online and avoid scams.
With Forrester predicting that 90% of data breaches will include the human element in 2024, organizations are increasingly adapting their cybersecurity posture to match the enormity of the challenge in tackling human risk. Similarly, banks are already adapting to consumer demands, moving away from compliance-driven approaches like ‘security awareness and training’ and towards more risk-driven approaches to cybersecurity. This is perhaps unsurprising, given only 28% of customers stated that a bank has a responsibility to comply with legal requirements only, emphasizing the clear expectation from customers that banks move beyond compliance to curtail risk.
The importance and use of cyber training for customers
A vast majority (85%) of customers felt it was important that their bank offers training about staying safe online and avoiding scams to those who want it, with 42% of respondents stating that such measures are ‘very important’.
When asked if they would use cybersecurity training if their bank offered it, almost half (47%) stated they would. One in five respondents stated they wouldn’t, and a further third said they weren’t sure.
Reacting to the research, Jason Nurse, Director of Science and Research at CybSafe, said: “For customers, it’s no longer sufficient for banks to view cybersecurity through the narrow lens of compliance. The findings of our latest study underscore a pivotal shift in customer expectations, reflecting a growing demand for proactive, human-centric risk management strategies. Customers recognise the critical role that banks play not only in safeguarding their financial assets but also in empowering them to navigate the complexities of the digital age with confidence.
“It’s becoming increasingly clear that the future of cybersecurity lies in our ability to equip both employees and customers with the knowledge and tools necessary to defend against sophisticated cyber attacks. This is not just a matter of regulatory compliance—it’s a fundamental component of building trust and ensuring the resilience of our financial institutions in the face of emerging threats.”
To read the full report looking into how cybersecurity policy is impacting customer expectations and behaviors, visit: www.cybsafe.com/press/banking-on-trust-how-consumer-banking-behavior-is-swayed-by-security
