15% of Brits admit to NEVER changing their internet banking password, new research reveals

Business Insights
05/01/2023
Subscribe

  • More than 1 in 6 members of the public admit they never change their internet banking password – making themselves extremely vulnerable to cyber criminals

  • Social media accounts are the most neglected, with 84% of Brits not updating their passwords often enough

  • Almost three quarters of respondents (74%) claim to be cyber security aware – despite poor password habits

  • This Cyber Security Awareness Month, cyber security firm CSS Assure is urging the public to start protecting themselves and their families


More than 8 in 10 Brits (83%) are not changing their passwords enough – putting themselves and their families at risk of cyber attacks, research by CSS Assure has revealed.


Of those, more than 1 in 3 (34%); admitted to never changing their internet banking password or only doing so when prompted, while 20% said they use the same passwords across multiple accounts.


This Cyber Security Awareness Month, CSS Assure is urging the public to start protecting themselves and their families against cyber-attacks, which can lead to significant distress, identify theft, fraud and financial losses.


Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, said:

"Cyber criminality is here to stay and is an increasing plague on society – causing untold damage, while fuelling and funding international crime and global terrorism.

"Currently, there are millions of emails and passwords for sale on the dark web for miniscule amounts, waiting for cyber criminals to purchase.

"No one is immune from cyber attacks and it is vital people make themselves as hard to hack as possible. At a minimum, people should change their passwords at least once every three months as this will stop or prevent access to accounts if personal data has been breached.

"While this may seem like a faff, doing so is the single greatest defence a person can take towards protecting themselves against a cyber attack. Doing so will mitigate that gut-wrenching risk of discovering personal information or pictures have been stolen or your bank account or hard-earned savings have been cleared out.

"Using the same password across multiple accounts is also a major weak link. If one site is breached and someone's credentials are exposed, their risk is amplified exponentially if they use that same password elsewhere."


One in five respondents said they write their passwords down in a notebook or on a mobile application – rising to 24% of Baby Boomers – and almost a quarter of people (22%) admitted to choosing a password that relates back to them.


Almost three quarters (74%) of Gen Z do not ensure their passwords are complex by using a mix of uppercase and lowercase letters, numbers and special characters – while 15% said they let someone else know their passwords in case they forget.


Worryingly, despite infrequent password updates and reusing passwords across multiple sites, 74% of respondents claimed to be cyber security aware.


Mike said:

"Poor password management is a root cause for many data breaches. However, the habit is more than likely as a result of poor personal discipline.

"Typically, people are unaware they are putting themselves at risk, which can be shown by almost three quarters of those surveyed believing they are cyber security aware – even though they are making mistakes that can have dangerous consequences.

"Using strong passwords is a critical cyber resilience practice. Doing so means cyber criminals are unlikely to gain unauthorised access to your account, which could enable them to change your privacy settings or gather information for social engineering purposes.

"People should also avoid using obvious personal information. Making your password a mix of information about you that is easily discoverable – such as your birthday, place of birth or pets' names – only makes it easier to guess.

"As you shouldn't be using the same password across multiple accounts, making a note of each one is good idea. However, these should only be either kept in an encrypted file or a credible password keeper. The tiny caveat is that you will still have to memorise a single master password to unlock all your other passwords.

"Finally, turn on two-factor authentication. This will enable you to know whether someone is trying to access your account and take appropriate action.

"If you knew that the keys to your home had been stolen or duplicated, you would change your locks. The same is true of passwords."


About CSS Assure

CSS Assure is a business consultancy dedicated to simplifying cyber security, data protection and risk management to clearly understand concepts so that our clients can be resilient and survive in the digital economy.


Established in 2017 by co-founders Mike Wills and Charlotte Riley, CSS Assure educate, inform and explain in simple, non-techie language how you can protect your organisation and your customers.


Visit cssassure.com