Study: Security fears daunt online shoppers

Americans are cutting back on buying online in the face of increased threats of identity theft and other attacks, RSA survey finds.

Dawn Kawamoto
Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
2 min read
One-fourth of online shoppers have reduced their purchases in the past year as concerns over identity theft have risen, according to a survey released Monday.

That increased reluctance to shop online comes as Americans become more aware of the possible risks, the consumer study by RSA Security indicated. Some 61 percent of respondents said they feel more informed about identity theft issues, and 23 percent noted they feel more vulnerable than they did a year ago.

"Clearly, there's a lot of work to be done if businesses want to build more online trust with consumers," John Worrall, vice president of worldwide marketing at RSA Security, said in a statement. "While awareness of threats remains high, consumer confidence in dealing with those threats is low."

The third annual study asked more than 1,000 U.S. consumers about how their attitudes to identity theft, computer attacks and other security issues had changed over the past two years. The results were released to coincide with the annual RSA security conference, which gets under way in San Francisco this week.

Financial institutions, which hope to move more customers to online banking as a means to cut their operational costs, continue to face resistance. Twenty-one percent of consumers refuse to use online banking, the survey found.

Banks have been particular targets of the rapid rise in phishing attacks, as attackers find that money can be made by luring victims into handing over sensitive information such as social security numbers and bank account details.

The survey found that more than half of respondents felt traditional user IDs and passwords do not provide adequate security. Despite this, people also said they have not changed their approach to password use. Two out of three Web users said they use fewer than five passwords for all access to electronic information. Of the total, 15 percent said they use a single password. Those results have not changed from last year, RSA said.

The majority of consumers, nearly 70 percent, felt the online merchants they do business with are falling short on protecting their personal information.

Another report, released jointly by the Business Software Alliance and the Information Systems Security Association on Monday, found that companies are increasingly sending the responsibility of overseeing security to the executive suite.

Forty-four percent of businesses surveyed last year said their senior management is responsible for security, up from 39 percent in 2003.

But the number of security professionals who believe a major cyberattack will occur in the next 12 months has declined over the past year, the report said. The figure has dropped to 59 percent last year, from 65 percent in 2003.

"This survey demonstrates that awareness and action are replacing fear," Robert Holleyman, BSA's chief executive, said in a statement.