Updated Aug 20, 2018 - Technology

Comfortably numb: Americans are less worried about online security

Americans are actually less concerned about online security and privacy risks than they were in 2015, according to new Census Bureau data released today by the technology policy arm of the Commerce Department.

Why it matters: These findings are surprising in light of the constant news of security breaches and privacy scandals, and suggest that consumers are becoming numb to the growing threats to their personal data.

By the numbers: The proportion of online households reporting privacy and security concerns fell from 84% in 2015 to 73% in the fall of 2017, per the data released today.

And just 33% in 2017 said privacy concerns stopped them from doing certain online activities, like posting on social media or making purchases online — down from 45% in 2015.

Be smart: The drops in consumers' concerns shouldn't obscure the fact that consumers are, overall, still aware of the risks posed by participating in the digital universe.

  • Nearly three-quarters of households reported significant concerns about online privacy and security, and about 20% said they'd experienced an online security breach, identity theft or similar crime during the past year.
  • But those concerns aren't dissuading consumers from online activity — at least not as much — suggesting consumers have accepted those risks as a new fact of life, or are experiencing "breach fatigue" from the barrage of security incidents.

Details: The timing of the survey might play a role in consumers' attitudes, too. The survey was designed by the National Telecommunications and Information Administration, an arm of the Commerce Department, and was conducted by the U.S. Census Bureau as part of its regular Current Population Survey in November 2017.

  • That's two months after Equifax's huge data breach was reported, and four months before Facebook's Cambridge Analytica privacy scandal erupted. Security concerns may not have been front-and-center in respondents' minds at the time of the survey.
  • By contrast, the 2015 survey was conducted just two weeks after the U.S. Office of Personnel Management announced a breach that exposed the personal information of federal employees. At that time, 69% of households with federal employees reported identity theft concerns. (That number fell to 60% in 2017.)
  • Overall, fewer households cited identity theft as a major concern in the latest survey, even though concerns about credit card fraud, loss of control over personal data, and other concerns remained unchanged.

Victims of a recent security breach were much more likely to be worried about online security risks. In both 2015 and 2017, 70% of households affected by a breach listed identity theft as a concern. In contrast, by 2017, only 54% of households that were not identity theft victims listed it as a concern.

  • Across the board, the 2017 survey showed a decline in households that avoided online activities, such as online searches, due to privacy concerns — but households that had experienced a breach in the past year were twice as likely to avoid searching as those who hadn't (14% vs 7%).

Between the lines: The real impact of a data breach is largely hidden, so most victims do not see the real-world harm from hacks or data leaks, Diana Burley, a professor at George Washington University, said at a recent Axios Expert Voices event.

"We see this lag in security because, as consumers, we don't see the effect. As a security researcher, we don't want a catastrophic event that will harm all these consumers, but until we have that type of event — when harm is done to people en masse — it's going to be very hard to convince consumers that this is a serious issue."
— Diana Burley, George Washington University profesor

Go deeper: Read NTIA's analysis of the latest survey results

Correction: This story has been updated to reflect that it was Equifax, not Experian, that reported the 2015 data breach.

Go deeper