A new research from Unisys Corporation finds that many Malaysian consumers will take action only after a data breach, including closing accounts, taking legal action and damaging a organisation’s reputation via exposing the issue on social and traditional media platformns.
The longest-running recurring snapshot of consumer security concerns conducted globally, the 2019 Unisys Security Index measures concerns of consumers on issues related to national, personal, financial and internet security.
The study polled 1,019 adults in Malaysia from 27 February to 22 March 2019. The 13 countries surveyed are Australia, Belgium, Brazil, Chile, Colombia, Germany, Malaysia, Mexico, Netherlands, New Zealand, Philippines, the U.K. and the U.S.
The 2019 Unisys Security Index of the Malaysian public is 211 out of 300, where 300 represents the highest level of concern. This is down from 215 in 2018 – making Malaysia one of only four countries to record a decrease in concern in the last year. Malaysia recorded the fifth-highest overall level of security concern of the 13 countries surveyed.
Data Security Top Concern for Malaysians
The top three concerns for Malaysians continue to relate to data security, with 88 percent of Malaysians concerned about bankcard fraud, 87 percent concerned about unauthorised access to their personal information and 78 percent concerned about internet hacking or viruses. The largest change in the last year was a decrease in concern about personal security from 70 percent to 62 percent.
Almost half (46 percent) of Malaysians said they had suffered a data breach in the last year, with the most common being social engineering scams that tricked them into providing information, with 19 percent of respondents reporting they had been a victim of this type of attack. In addition, 15 percent reported they had their social media profiles hacked, and 14 percent had their email hacked.
Dato’ Ts. Dr. Haji Amirudin Abdul Wahab, CEO of CyberSecurity Malaysia, the national cyber security specialist and technical agency, said: “As Malaysians become increasingly aware of data threats, attackers have had to apply more sophisticated approaches, often using social engineering techniques to gain their victims’ confidence and trick them into voluntarily sharing their information or making a fraudulent transaction. This is being applied to individuals to gain financial and identity information and to organisations to gain access to confidential data or systems.
“As Malaysia becomes an increasingly connected nation, it is essential we build a culture of security through awareness programs and best practices among children, teenagers, parents and organisations, as well as the Malaysia CyberSecurity Resilience Program (MyCSRP) to improve national cybersecurity. But cybersecurity is a global issue, and a coordinated international approach is required as reflected in all 10 ASEAN members agreeing last year to adopt in principle the United Nations’ norms for tacking cybersecurity.”
Malaysians Take Action after Data Breaches Ashwin Pal, Director of security services for Asia Pacific, Unisys, explains that the research shows organisations are at risk not just of losing data, but also of losing business.
“Consumers hold the business or government agency responsible for not protecting their data, and many Malaysians are taking action. Among Malaysians who report they have suffered a data breach in the last year, one in three say they have closed their account, one in four have exposed the issue on social media and one in seven stopped dealing with them online. This results in customer loss, reputation damage, legal disputes and inhibits take-up of online or digital services,” he says.
Action taken by Malaysians who report they suffered a data breach in the last year:
– 32 percent stopped dealing with the organisation such as closing my account
– 30 percent took legal action
– 25 percent publically exposed the issue on social media, e.g. Facebook
– 18 percent publically exposed the issue by taking it to the media
– 14 percent continued dealing with the organisation but not online
At Large Events, Malaysians More Concerned About Cyber Threats than Physical Attacks
In a clear example of Malaysians’ heightened awareness of cybersecurity threats, when asked about security concerns at large-scale events such as a sports match or music festival, more Malaysians are concerned about theft of credit card data (82 percent) or personal data (79 percent) from a mobile device when using public Wifi at the event, than a criminal attacking and harming event attendees (75 percent). Only 51 percent of Malaysians are concerned about police capturing and saving surveillance video of attendees at the event.
Support for Data Collection and Sharing Depends on Trust, Privacy and Security Malaysians are discerning about which situations they deem acceptable for an organisation to collect data from social media, online purchases, smartphones and wearable devices. Half of respondents (50 percent) support the government collecting this information to identify who is in the vicinity of a disaster, yet only 26 percent support the government monitoring an individual’s travel patterns to plan road and public infrastructure. Almost half support airport and airlines collecting the information to efficiently guide a passenger’s journey through an airport (47 percent), but only 16 percent support an employer doing the same to monitor an employee’s location during the work day.
Similarly, public support varies for organisations sharing an individual’s personal information with other organisations. The highest support is for police sharing information with other law enforcement agencies internationally (75 percent) or within Malaysia (74 percent) to solve a crime. There is also strong support (67 percent) for a government-administered proof-of-identity used to confirm a citizen’s identity to access commercial services such as a bank account. However, only 25 percent support banks sharing a customer’s financial data with another financial service provider to offer a single point of contact for multiple services. The most common reason given for not supporting this is concern that the other organisations involved will not protect personal data.