Cybersecurity Awareness Month occurs every October in the United States, promoted by the Cybersecurity and Infrastructure Security Agency (CISA), along with numerous partners in government and industry, to raise cybersecurity awareness among businesses and individual consumers.
2023 is a landmark year for two important and related reasons. One, it marks the 20th year of Cybersecurity Awareness Month, introduced by the U.S. Department of Homeland Security in concert with the National Cyber Security Alliance in 2003. Two, it marks the 30th anniversary of the introduction of the World Wide Web for general public use in 1993.
Cybersecurity was unknown before the world went online. However, security concerns began to emerge with the rapid adoption of the Internet and the steady development of websites for sales, marketing, and e-commerce purposes.
Today, roughly 93% of individuals in the United States access the internet, up from 75% just ten years ago, according to Statista and Pew Research Center. (Conversely, 7% of the population never goes online.)
The U.S. is one of the largest online markets in the world, with almost 300 million internet users throughout the country.
Nearly half (48%) go online several times a day, and almost one-third (31%) admit to being online almost constantly.
Although there are many reasons for Americans to log on, one of their predominant online activities is e-commerce—or the buying and selling of goods and services online.
The U.S. alone sustains almost 14 million e-commerce websites. Globally, the e-commerce market reached a record $14 trillion (USD) in 2022. Although the vast majority of e-commerce sites around the world have sales of under $1,000 annually, activity among a handful of massive retailers has made e-commerce a central element and driving force of internet use in the U.S.
As one example, in 2017 Amazon accounted for 44% of all e-commerce sales in the U.S., according to CNBC. E-commerce leaders such as eBay, Target, Walmart, Home Depot, and others are strong but distant competitors.
The following additional statistics illustrate the evolution of our online life due to the growth of e-commerce in recent years.
Total ecommerce sales in the U.S. reached $1.09 trillion in 2022, as reported by Forbes, representing a 10.6% growth rate from 2021.
According to Statista, more than 263 million American consumers shop online—about 80% of the population. The most popular online shopping categories in the U.S. are fashion, media, and electronics.
In 2022, U.S. shoppers in the 25 to 34 year age range numbered 41.8 million and constituted the largest group of online shoppers in the U.S., according to Insider Intelligence. The second largest group was 35 to 44 year-olds, at 36.5 million shoppers, followed closely by shoppers 65 and older, at 35.1 million.
A 2022 study of U.S. consumer behavior conducted by Raydiant reported that 56.6% of survey respondents prefer to shop online rather than in person, a jump of roughly 10% from 2020.
The #1 reason people shop online is because they’re able to do so at all hours of the day and night, according to an extensive study by KPMG. Although brick-and-mortar stores are still wildly popular, few if any are open 24/7.
Online shoppers using desktop computers spend more than buyers using tablets and mobile devices. The average order value (AOV) was $130 for desktop buyers in the U.S., as compared to $108 for mobile device shoppers and $82 for those using tablets, according to Dynamic Yield.
The average conversion rate for ecommerce websites around the world was 3.44% as of March 2023. The Americas recorded the strongest conversion rates at 3.65%, followed by EMEA at 2.72%, and Asia-Pacific at 1.7%.
The average ecommerce website bounce rate was 42% globally in 2022, with the highest bounce rate recorded in the U.S. at 47%.
Clearly, many U.S. consumers find the convenience of shopping and buying on ecommerce websites to be irresistible. We willingly surrender all kinds of personal information and financial data in order to make our purchases as fast and easy as possible.
Merchants who sell goods and services online and accept payment by credit, debit, prepaid, or other payment cards are required to protect personal payment data.
The Payment Card Industry Data Security Standard (PCI DSS) applies to all such transactions, including the storage, processing, and transmission of payment card data. Merchants and payment processors must meet the specific requirements of the DSS in order to do business. The leading card companies are responsible for enforcement among merchants and payment processors, and failure to comply can incur serious consequences, from financial penalties to the termination of merchant account agreements.
The Federal Trade Commission also plays a vital role in promoting cybersecurity awareness and implementation for U.S. consumers as well as U.S. businesses. Required safeguards protect the security and privacy of personally identifiable information that is collected, processed, and stored by organizations in virtually every area of commerce and e-commerce. Among the organizations governed by the FTC Act are those dealing in alcohol, tobacco, appliances, automobiles, clothing, textiles, jewelry, finance, franchises, real estate, mortgages, non-profits, and certain other commercial enterprises.
In addition to regulatory requirements, the FTC recommends best practices for U.S. businesses that include (1) building privacy and security into products and services from the beginning, (2) only collecting the data needed for business purposes and disposing of it once the transaction is complete, and (3) implementing reasonable security on all e-commerce sites to more effectively protect consumer data.
The FTC is empowered to impose civil monetary penalties upon violators and also to mandate remedial actions that strengthen cybersecurity and privacy safeguards for individually identifiable consumer information. Businesses that are subject to the FTC Act, whether brick-and-mortar stores or e-commerce businesses, should familiarize themselves with the FTC requirements to ensure they are adequately protecting customer data in all its forms.
As we have seen, businesses are required by law to protect the security of individual consumer data. However, consumers are also responsible for their data security. Cybersecurity Awareness Month serves as an active reminder of simple but proven ways to protect our data from online risks. This year four key behaviors are recommended that have an enormous impact on individual online security. They include:
These are just four simple actions every consumer should take immediately to achieve and maintain fundamental cybersecurity across their devices and online accounts. Taken together, these four actions safeguard against the most common cyber risks. If businesses and consumers both do their parts to implement robust cybersecurity, then e-commerce and other online activities will be much more secure, private, and enjoyable.
Cybersecurity was unknown before the world went online in 1993. However, security concerns began to emerge with the rapid adoption of the Internet and the steady development of websites for sales, marketing, and e-commerce purposes. Today, roughly 93% of individuals in the United States access the internet, and 85% of them are online at least once a day. More than 56% prefer to shop online rather than in person, and the primary reason is the freedom to shop 24 hours a day, every day.
Whether for business or pleasure, our online activities are still risky. Although businesses are required to comply with applicable federal and state regulations to protect the security of the data they collect, store, process, and transmit, the fact is that individual consumers also play a vital role in safeguarding their own data online. Cybersecurity Awareness Month offers excellent advice, proven best practices, and free resources to enable internet users to increase their cybersecurity awareness and become more secure online.