Online trust: current state and how to improve it

Digitization is becoming very common in people’s life habits. The keys to understand this entrenchment is that society trusts technologies that make digitization possible, providing complete security reassurance. To what extent do the Spanish people trust these digital solutions? How can we increase this level of trust?

It’s now becoming more frequent to process operations online. We now purchase, sign documents, carry out banking transactions and many other activities enjoying the benefits and convenience of doing this from anywhere and anytime, saving valuable time.

Despite all these advantages, online formalities, since their origins, have been the subject of certain reluctance on the part of the general public, especially when sharing sensitive personal and financial data, as in the case of entering the credit card or the account number.

Moreover, the latest news about cybersecurity issues and fraud cases do not help the standardization of online processes for those people who do not yet place their full trust in the digital transformation of processes.

To measure the level of online trust of Spanish households, as well as their levels of cybersecurity, the Spanish Observatory for Telecommunications and the Information Society (ONTSI) which depends on, every semester carries out a research on Cybersecurity and trust in the Spanish households.

In order to carry out such report covering the period from January to March 2019, 3.619 online surveys were conducted, and a special software programme was used to review the studied teams

The aim of this study is to analyze both the current state of online cybersecurity and online trust, to delve further into this subject, as well as encouraging public powers to use policies and actions to facilitate the achievement of these objectives

Below we will review the key results of this survey related to data and digital security habits, as well as the perception of the Spanish people, which helps to shape our idea of people’s thoughts about the online world.

Usuario haciendo compras online con seguridad

Security incidents in Spanish homes

Regarding security incidents, 64.8% of participants have experienced some, compared to 35.2% who did not. Among those who have experienced some incidence, the most common ones are:

  • Unwanted emails (spam): 86.8%
  • Malware infection: 16%
  • Service interruptions due to cyberattacks: 13.3%
  • File loss: 12.6%
  • Identity fraud: 7.8%
  • Access to devices: 6.1%

Regarding the case of malware infection, 60% those who claimed to have their computer clean, it was then proved that indeed they had malware infection. The percentage was lower for users who use Android (18.4%).

The most common malware types are adwares which displays advertisements (54.9%), and trojan malware (49.6 %), which are now increasing. In Android, trojans are the most common forms of malware (14.9%), while adware represents 4.9%, a fall compared to the previous studio.

This results are shocking, as most of them are considered high-risk infections, namely 71.9% for computers and 76.5% for Android.

If we take a look at operating systems, Windows devices are the ones that suffer the most attacks (69.6% infected), while Android operating systems represent 19.5%.

Online fraud

Fraud via internet is one of the main goals set by cybercriminals. Indeed, this study shows that 68,2% of survey respondents claim that they have experienced a fraud situation. The most common ones are:

  • An invitation to visit a suspicious website (67%)
  • Receiving an email with unsolicited information (50.4%)
  • Receiving products from fake websites (47.5%)
  • Receiving an email requesting access keys (28.8%)
  • Suspicious job offers (24.4%)
  • Registering for unsubscribed services (22.6%)
  • Accessing fake bank websites, stores or Administrations (15.9%)

11.5% of these frauds have an economic impact on the victim, a figure that has kept rising in recent months. As for the financial impact, 65.1% reach up to 100 euros and 21% range from 100 to 400 euros.

How to act after a security incident?

Once we have suffered an online security breach, we must learn from it and acquire habits that prevent us from going through such an unpleasant situation again. The most common actions to take are:

  • Changing password: 46.8%
  • Updating your security tools : 23.5%
  • Backups : 20.8%
  • Quit downloading from less secure sources: 14.2%
  • Stop using unauthorized software: 11.8%
  • Change security tools: 11%
  • Stop using online services, such as banking and stores: 4.8%

Regarding the latter, once you are used to carry out online tasks it’s hard to go back to doing them offline again

In Banking and e-commerce, online fraud is very much present. This is why this survey places a strong emphasis on these two areas.

As for those who have suffered internet banking fraud, 68.4% hasn’t changed their habits, while 17.1% follow the security measures offered by their own bank.

In the case of e-commerce, 71.4% have not changed their habits and 12.4% have adopted some limitations.

Dos compañeros conversan en una cafetería

User habits for both better security and online confidence

Types of security measures and its uses

One of the main aspects which this report deals with is the use that the Spanish make of the available cybersecurity tools. To do this, first of all, certain measures must be defined. ONTSI classifies them according to 4 criteria:

  • Automated measures: The user does not have to do anything to make them run.
  • Non-automated measures: User interaction required.
  • Proactive measures: Focused on preventing future security incidents.
  • Reactive measures: These measures are taken once the cybersecurity incident has occured with the aim to eliminate and /or mitigate its effects.

We must bear in mind that there are cases in which a particular measure might belong to more than one group. For instance, file encryption is a proactive and automated measure at the same time, or an antivirus meets both proactive and reactive requirements.

Within automated measures, the most widely used are antivirus (68.6%), updates on the operating system (58.1%) and firewalls (36.6%).

For non-automated, we find passwords (58%), deletion of temporary files and cookies (43.9%), backups (36.5%), and the use of certificates for electronic signature (22.3%).

Security and WiFi Networks

Wireless networks are one of the most common types of malicious attacks against devices, therefore we must pay special attention to their security issues.

We can see that there’s a worrying number of respondents whose Wifi is unsecure or do not know the Network’s security status (45.7%).

In addition, there has been an increase in the use of safer security measures, such as WPA2 (39.2%) y el WPA (11%), as well as working less with protocols which are now becoming obsolete, as in the case of WEB (4.2%).

We can’t ignore other Wi-Fi usage habits, like using open Wi-Fi networks, which have weaker security. In recent months there’s been a decline in the number of public network users, namely 15.2%.

Within the group of public network users, there is a considerable percentage (34.2%) of those who access to Wifi networks anywhere whenever they need it.

The survey also reveals that a low number of users suspect that they have been victims of Network intrusion, namely 12.6%.

Direct download from the Internet

Downloads are also a common way to enter harmful software. Regarding Internet user behaviour towards these downloads, the study highlights the following activities:

  • Verifying downloaded files: 51.7%
  • Checking the device or file when the download is completed: 49.5%
  • Using programs requested by the website to run a download: 40.1%

Once the download is finished, the next step is to install the software. We must consider more security measures:

  • Paying attention to step-by-step installation process: 80.4%
  • Check in detail whether what you are installing is what you really want: 63.4%
  • Read the licence, terms and conditions: 34.6%

Why aren’t security measures implemented?

One of the main questions raised by researches is why users don’t adopt measures to strengthen digital security. The main arguments we have collected are related to the lack of knowledge, awareness or interest

If we check the certificates for digital signature, the reason why these aren’t used is due to:

  • Lack of awareness or interest: 43.5%
  • Do not know what it is: 22%
  • Do not consider them reliable or safe: 10%
  • Slows down the device: 6.3%
  • Does not provide enough protection: 3.7%

Conscious adoption of risky behaviors

41.6 % of users often adopt certain digital behaviours despite knowing about their dangers. Though this percentage is terrible, it has decreased with respect to previous surveys.

51.1 % of Internet users perform online activities knowing that they may have cybersecurity consequences.

Regarding the reasons for taking these risks, 45.2 % states that there are always risks associated with using the internet, 67.2% believe that security tools are very expensive and 80% think that all this is a very time-consuming task.

What is the level of online trust of the Spanish people?

So far we have provided statistical info on the level of cybersecurity of the Spanish through figures/percentages of both their incidents and their digital habits. In this section we will take a look at the their perception regarding online trust.

Generally speaking, 42% of participants show a high level of trust, 43% have an average trust and 14.3% show little or no trust at all. Furthermore, 46.4 % believe that the Internet is getting safer in Spain.

Regarding the level of trust on their mobile devices, 70.9% believe that they are correctly protected against digital threats.

When it comes to providing personal information, there’s a greater trust when sharing them with public services, either physically or digitally.

When carrying out banking operations we place a high level of trust in these transactions, where 45.4% of participants agree to this. In e-commerce, the level of trust of participants is 45.7%.

Regarding risks, the ones that worry the most are those associated with privacy and financial crime, both representing 85.2%

As you can see, online trust affects everything and all Internet users. Society is becoming more aware of this and is taking appropriate measures to strengthen its security. Despite progress in this area, there is still a long way to go. Training in ICT skills and the growing use of appropriate solutions can help to improve user online security.

Among these tools, those used for signature and authentication help to enhance the trust in online services. These tools can help us to uniquely verify the person’s identity, reducing fraud occurrences and including legal support in case of legal dispute.

We will keep developing products that offer the greatest possible customer trust, fully complying with the legal framework of the country in which we are operating, and we will keep you posted with any updates on online trust.