Abstract: Consumer cyber protection as it relates to the threat of cyber insecurity is an increasingly critical issue with cyberattacks on major businesses such as Target and Sony. Over 100 million Americans to date have had their financial information compromised, and in the ten-year history of Verizon’s Payment Card Industry investigations no companies were compliant with Payment Card Industry standards at the time of the attack. In March 2015, the FCC fined AT&T $25 million for failing to adequately provide cybersecurity that resulted in almost 300,000 people having their personal and financial information compromised. It was the largest in FCC history of this type.
According to Fujitsu, consumer trust has reached a 10-year low, and only nine percent consumers say they believe a company will adequately secure their data. A report in April 2014 by Radius Global Market Research indicated that consumers are more concerned about online security, online privacy, identity theft, and fraud than other social issues such as unemployment, obesity, health insurance, and gun control. Consumers do not have a means to know how good the cybersecurity is of companies that they give their financial information to. As a result, an asymmetric information problem is taking place and the result is inefficiency in the market. The President announced in January 2015 that cybersecurity for consumers is important enough to warrant new legislation. The Federal Trade Commission has established a new office dedicated to researching and educating consumers about the risks of new technologies. These indicate a clear shift in policy by the government to cybersecurity and consumer protection.
The Consumer Financial Protection Bureau (CFPB) should take its mandate to educate and create a letter grade rating system to rate companies on their cybersecurity to support the Executive branch mission to help protect consumers as announced by the President. This report card on companies would educate and allow consumers to better decide which companies to trust with their financial future and information. This system can be based off the 12 factors in the already existing Payment Card Industry guidelines. With this information, consumers would be better able to decide what companies to use, and encourage companies through consumer choice to improve the cybersecurity of their customers’ information.