A Global IBM Survey Conducted in 22 markets, including the Middle East: Pandemic Digital Habits Causing Security Risks for Businesses

• Individuals created 21 new online accounts in the Middle East during the pandemic, with 91% reusing passwords across accounts
• Half of millennials in the Middle East would rather place an order using a potentially insecure app or website vs. call or visit a location in person

Dubai, UAE, June 15, 2021 – IBM Security today announced the results of a global survey examining consumers’ digital behaviors during the pandemic, as well as their long-term impact on cybersecurity. With society becoming increasingly accustomed to digital-first interactions, the study found that preferences for convenience often outweighed security and privacy concerns amongst individuals – leading to poor choices around passwords and other cybersecurity behaviors.

Consumers’ lax approach to security, combined with rapid digital transformation by businesses during the pandemic, may provide attackers with further ammunition to propagate cyberattacks across industries – from ransomware to data theft. According to IBM Security X-Force, bad personal security habits also carry over to the workplace and can lead to costly security incidents for companies, with compromised user credentials representing one of the top root sources of cyberattacks in 2020.

The global survey of 22,000 individuals in 22 markets, including the Middle East across the UAE, Saudi Arabia, and Egypt, conducted by Morning Consult on behalf of IBM Security, identified the following effects of the pandemic on consumer security behaviors:

• Digital Boom will Outlast Pandemic Protocols: Middle East respondents created, on average, 21 new online accounts during the pandemic – exercise and wellness, shopping and retail, and social media were the most popular categories. With 26% not planning to delete or deactivate these new accounts, consumers will have an increased digital footprint for years to come, greatly expanding the attack surface for cybercriminals.
• Account Overload Leads to Password Fatigue: The surge in digital accounts has led to lax password behaviors, with 91% of the Middle East respondents admitting to reusing credentials at least some of the time. This means a majority of new accounts created during the pandemic likely relied on reused email and password combinations, which were already exposed via data breaches over the past decade.
• Convenience Outweighs Security & Privacy: Half of the Middle East millennials would rather place an order using a potentially insecure app or website vs. call or go to a physical location in person. With users more likely to overlook security concerns for the convenience of digital ordering, the burden of security will fall more heavily on companies providing these services to avoid fraud.
• Accelerating Telehealth & Digital ID: As consumers lean further into digital interactions, these behaviors also have the potential to spur adoption of emerging technologies in a variety of settings – from telehealth to digital identity.

“While the post-pandemic world brings new cyber risks; the continuing success of digitization initiatives among the countries of the Middle East, has also triggered a rising priority for cybersecurity at organizations of all sizes and across all industries,” says Hossam Seif El Din, General Manager IBM in the Middle East and Pakistan. “Thanks to IBM’s deep understanding of the region’s security environment and challenges, we are fully equipped to support governments and businesses with the solutions and skills to adapt to the shifting consumer security landscape and be prepared against potential threats.”

In light of shifting consumer behaviors and preferences around digital convenience, IBM Security offers the following guidance:

• Zero Trust Approach: Given increasing risks, companies should consider evolving to a “zero trust” security approach, which operates under the assumption that an authenticated identity, or the network itself may already be compromised, and therefore continuously validates the conditions for connection between users, data, and resources to determine authorization and need. This approach requires companies to unify their security data and approach, with the goal of wrapping security context around every user, every device, and every interaction.
• Modernizing Consumer IAM: For companies that want to continue leveraging digital channels for consumer engagement, providing a seamless authentication process is key. Investing in a modernized Consumer Identity and Access Management (CIAM) strategy can help companies increase digital engagement – providing a frictionless user experience across digital platforms and using behavioral analytics to decrease the risk of fraudulent account use.
• Data Protection & Privacy: Having more digital users means that companies will also have more sensitive consumer data to protect. With data breaches costing companies $3.86 million on average, organizations must ensure that strong data security controls are in place to prevent unauthorized access – from monitoring data to detect suspicious activity, to encrypting sensitive data wherever it travels. Companies should also implement the right privacy policies on premise and in the cloud in order to maintain consumer trust.
• Put Security to the Test: With usage and reliance on digital platforms changing rapidly, companies should consider dedicated testing to ensure the security strategies and technologies they’ve relied on previously still hold up in this new landscape. Re-evaluating the effectiveness of incident response plans, and testing applications for security vulnerabilities are both important components of this process.

To view the full report and multi-media assets, please visit this link.

About IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM Security X-Force® research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world's broadest security research, development and delivery organizations, monitors 150 billion+ security events per day in more than 130 countries, and has been granted more than 10,000 security patents worldwide. For more information, please check www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM Security Intelligence blog.