A new study from security software firm Malwarebytes, in conjunction with technology access non-profit Digitunity, indicates that racial and gender bias may extend even to the world of cybercrime. The study finds that disadvantaged groups are not only more frequent targets of these attacks, but also that they suffer disproportionate damage from them.
“Understanding the impact that cyber crime has on vulnerable people or populations, particularly women and minorities, across the world is critical as online access becomes essential to modern life,” said Marcin Kleczynski, CEO of Malwarebytes. “The disparity between populations feeling safe online and the emotional impact of threats on already vulnerable communities is unacceptable. The work Digitunity and Cybercrime Support Network are doing to educate and empower communities cannot be understated. As an industry, we need to work together to make safe internet access available to everyone, regardless of income or their ability to pay.”
Is cybercrime an unequal opportunity victimizer?
Premised on the idea that many aspects of daily life now must inevitably be conducted online, the survey polled about 5,000 adults across three countries (the United States, United Kingdom and Germany). The study focused on how outcomes differ between women and men, and also between White respondents and Black and Indigenous People of Color (BIPOC).
The first question of the survey paints a stark picture of the general state of the internet: 50% of all respondents feel they do not have adequate privacy online, and 31% do not feel safe, even as the pandemic conditions have rapidly pushed more and more of life’s daily functions onto computers and mobile devices.
While one can think of numerous examples that support these pessimistic attitudes toward privacy and safe internet access, survey respondents report concrete disparity in actual outcomes for disadvantaged groups when cybercrime hits them. BIPOC people have a 12% greater chance of experiencing some sort of financial damage as a result of a cybercrime incident, and are 6% more likely to have their identities stolen. Women are 6% more likely than men to have social media accounts targeted by phishing messages, 5% more likely to have an attacker send messages from a compromised account to their friends and family, and 9% more likely to eventually have an account hacked. They are also 3% more likely to experience any sort of suspicious online activity and to have experienced multiple suspicious incidents in the past three months.
Women also face a unique threat in the digital world: “revenge porn” distributed by former partners or people who have breached their personal accounts, something that is relatively rare for men to experience. They are almost three times as likely to be stalked than men, and 26% of those who were say that cyberstalking was an element of the threat. They are also not just more likely to be menaced by the public release of private digital materials, but also the creation of “deepfake” videos.
Unsurprisingly, women are much more likely to feel unsafe online than men (a 12% difference) and also are less likely to feel that their information is being kept private (a 6% difference). What types of cybercrime are disadvantaged groups most likely to experience? The most common by far is phishing with attack site links via text messages from unknown numbers, which 76% of respondents reported having received at some point. 43% said that they had clicked on a suspicious link of this sort at some point, 42% said they had experienced at least one hack of a personal social media account, and 29% have had a credit card number stolen. The responses do support the broader theory that ransomware is shifting away from broad attacks on random individuals to targeted attacks on businesses, however, as only 16% of respondents said they had experienced it.
Disadvantaged groups report disproportionate damage
BIPOC respondents also reported higher rates of risk and damage from cybercrime. They are 6% more likely to have their identity stolen, 5% more likely to experience financial scam attempts, and 5% more likely to have a social media account hacked. This led to reporting of feelings of being less safe and private online than White respondents.
BIPOC respondents also face their own unique stressor among disadvantaged groups: online harassment, with about 59% saying they have experienced it on the internet at some point (about 10 to 20 percentage points higher than other ethnicities). There is a similar percentage point difference in feelings of anxiety about experiencing one of these attacks online.
While this study focused on specific disadvantaged groups, it also revealed that age is a clear factor in online risk of cybercrime. A little more than half of respondents in the 18-24 age bracket report having a social media account hacked, a number that steadily decreases to only a bit more than a quarter of those aged 65 and up. While specific scams are known to target the elderly, these numbers indicate that social media account takeovers are a risk that is higher for the demographic that is most active on these platforms.
In terms of solutions to these cybercrime risks and disparities, the report finds a broad lack of awareness of online safety and security tools. 21% of respondents say they are not at all familiar with basic antivirus and antimalware tools. Only 42% are familiar with password managers, 32% with virtual private networks (VPNs), 24% with identity monitoring services and 8% with digital vaults.
Heather Paunet, Senior Vice President at Untangle, provide some insight as to why women are among the disadvantaged groups that are least likely to be using security tools online: “One possible reason fewer women are familiar with cybersecurity tools is lack of visibility. While businesses may keep up on cyberattacks, events and technology, it’s not an everyday topic for many people and messaging is unlikely to cut through advertising clutter … While some cybersecurity messaging may break through to women, the fact that it is not registering could be a byproduct of fewer women who pursued STEM education and careers, where technology is not on their radar. Frankly, the industry can learn a lot from this survey. Many security solutions seem targeted to large businesses, or IT professionals, and out of reach for the average user.”