Security Experts:

Cybersecurity Has Become a Political Issue for Americans, Survey Shows

Americans have a pragmatic view towards cybersecurity. For example, while 86% believe that paying ransoms merely encourages more attacks, 70% accept that when organizations do pay, it is because they had no choice. But politicians should consider: 87% believe that cybersecurity should be a top priority for government, but only 51% believe it is currently doing a good job.

With the 2020 elections approaching, threat intelligence firm Anomali commissioned Harris to survey American attitudes towards cybersecurity and government. The survey of more than 2,000 citizens aged 18 or more focuses on the single issue that is most understood and most experienced: ransomware.

More than one-in-five Americans have experienced a ransomware attack. Young adults (aged 18-34) and men are more likely to have been attacked than women (27% vs 16%). No reason is suggested, but it could be that women are generally more cautious with attachments while young men are more adventurous on the internet. Of those with experience of ransomware, 18% was on a personal device while 5% was on a work device.

The American attitude towards paying ransoms is clear, but forgiving. Twenty-nine percent of those personally attacked paid the ransom, while 46% of their companies did so. Despite this, 66% believe that government agencies should never pay, and 64% believe that businesses should never pay. Seventy percent of Americans believe that those organizations that did pay had no choice but to pay.

The question then becomes, what does justify paying a ransom? Reflecting the growing attitude towards personal privacy in America, it is perhaps not surprising that top justifications for businesses focus on personal information: 58% citing protecting customers' information and 53% citing protecting employees' information. These are more important than even safety (49%) and national security (48%). It is worth noting business self-protection -- that is, to maintain the organization's own regular services -- scores a lowly 29%.

These figures are slightly reversed for government organizations. The primary justification for paying a ransom would be to protect national security (62%); but protecting personal information again scores highly, coming second with 56%. Once again, organizational self-protection comes last at just 28%.

The implication is that American citizens are saying very clearly to both government and business, your primary duty should be to protect our personal data. Politicians would do well to heed this, because there seems to be a growing understanding of and hardening attitude towards issues of cybersecurity. Seventy-nine percent of registered voters say they will "consider a candidate's stance on cybersecurity when voting in future local, state, or federal elections." Sixty-four percent say, "I would not vote for an election candidate that is in favor of making ransom payments to cyber criminals."

A further implication from this survey is that a laissez faire approach will not benefit political candidates in the 2020 elections. Eighty-seven percent of Americans believe that cybersecurity should be a top priority for the government. This is even higher, at 92%, in the peak voting age of 35+. But at the same time, only 51% believe the government is effectively addressing cybersecurity.

These concerns are strong enough for nearly two-thirds of Americans to say they would support a rise in federal taxes to fund government cybersecurity efforts against attacks targeting U.S. organizations and citizens. Once again, this is higher in the peak voting age of 35+, at 70%.

“It is encouraging," says Nicholas Hayden, global head of threat intelligence at Anomali, "to learn that average Americans are now more attuned to how important cybersecurity is and to find out that they are willing to make financial commitments to doing something about it.” It may be that candidates in the 2020 elections should also heed these figures.

Silicon Valley-based SAAS threat intelligence firm Anomali raised $40 million in a Series D funding round in January 2018, bringing the total raised by the company to $96.3 million.

Related: Georgia County Criticized Over $400K Ransomware Payment 

Related: Eurofins Scientific Paid Up in Response to Ransomware Attack: Report 

Related: Aluminum Giant Norsk Hydro Hit by Ransomware

Related: The Growing Threat of Targeted Ransomware 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.