A survey released today by IT security firm ESET finds that Americans believe “criminal hacking into computer systems” is now a top risk to their health, safety and prosperity. Criminal hacking, the survey finds, outranks other significant hazards, including climate change, nuclear power, hazardous waste, and government surveillance. Risk perceptions were found to vary between different demographic groups but several cyber-related hazards were consistently rated as “moderate” to “high risk.”
The survey was conducted by ESET security researchers Stephen Cobb and Lysa Myers. It asked randomly selected adults to rate their risk perception of 15 different hazards. Six of the hazards were cyber-related while the rest were other forms of technology hazard. The data revealed that “criminal hacking” was rated the top risk, with “air pollution” coming in second. Another cyber-related risk, the theft or exposure of private data, was rated fourth, after hazardous waste disposal.
“To be honest, I was pretty shocked at the results, so much so that we ran the survey a second time…and lo and behold, we got the same result,” said ESET Senior Security Researcher Stephen Cobb who with ESET Security Researcher Lysa Myers, oversaw the survey. “For many years, social scientists have studied how the public perceives a range of technology risks, but as far as we know, this is the first time anyone has put ‘cyber-risks’ into the mix,” said Cobb.
ESET Security Researcher Lysa Myers noted, “New technology is dramatically accelerating the pace of change in our lives; this transformation can feel both exciting and frightening. The Internet has only recently become a part of our day to day activities, so it may feel both ubiquitous and yet alien to many people.”
The survey was carried out in late July, early August, after the WannaCry and Petya/NotPetya malware outbreaks but before the Equifax breach.
To conduct their research, Cobb and Myers adapted two survey instruments previously used in numerous academic studies of risk perception: the “Industrial Strength Risk Perception Measure” and the “Cultural Cognition Worldview Scales.” Both were derived from the work of Prof. Dan M. Kahan of the Cultural Cognition Project at Yale Law School, to whose pioneering work in this field the researchers are indebted.
According to Cobb, numerous past surveys have shown that the public is concerned about criminal hacking and other information technology hazards like government surveillance (see: Privacy and security post-Snowden: Pew Research parallels ESET findings).
“Our goal with this study was to place those cyber-related risks in the broader context of more established and more thoroughly documented risks; and the results strongly suggest that cyber-risks are now front and center in the American consciousness.”
Cobb and Myers will present their findings, including a demographic analysis of variations in risk perception and the implications for risk communication and reduction, at ISC2 Security Congress (September 25-27 in Austin, TX).