3.1 Safe surfing: A brief look on internet security
People
Many online activities require internet users to provide some type of personal information: credit card details are often needed when shopping online; contact details when filling in online forms or setting up accounts; location coordinates when looking for the nearest petrol station, etc.
4 out of 10 EU internet users provide payment details online
Among people in the EU who have used the internet in the year prior to the 2016 survey, 71 % had provided some kind of personal information online. The most common types were contact details (61 % of internet users), followed by personal details such as name, date of birth or identity card number (52 %) and payment details, such as credit/debit card or bank account number (40 %). Just over one fifth (22 %) had provided other personal information such as photos, their location, or information related to their health, employment or income.
The share of internet users who had provided some kind of personal information over the internet ranged from 31 % in Romania to 92 % in Luxembourg.
Younger generations seem to provide personal information online more readily: more than three quarters (78 %) of internet users aged 16 to 24 years had shared some kind of personal information online, compared with 57 % of users aged 65 to 74 years.
Almost 2 out of 10 EU internet users use anti-tracking software
A number of different actions can be undertaken by internet users, separately or together, to control access to personal information on the internet. Almost half of all internet users (46 %) in the EU did not allow the use of personal information for advertising purposes and 40 % limited the access to their profile or content on social networking sites.
Other actions undertaken were reading privacy policy statements before providing personal information (37 %), checking that the website was secure (37 %), restricting access to geographical location (31 %) and requesting websites to update or delete personal information stored online (10 %).
Among the EU Member States, the share of internet users who had undertaken at least one of the above mentioned actions was highest in Luxembourg (91 %), Finland (87 %) and Denmark (85 %).
Among internet users aged 16 to 24 years in the EU, 77 % had undertaken at least one of the above mentioned actions, compared with 56 % of users aged 65 to 74 years.
Other ways to limit the access to personal information online are for example to change the browser's settings to prevent or limit the amount of cookies on the computer/device or to use anti-tracking software. More than one third of internet users (35 %) in the EU had changed their browser settings to prevent or limit the amount of cookies stored on their computer, while 17 % used anti-tracking software.
Among the EU Member States, the share of internet users having changed their browser settings to prevent or limit the amount of cookies was highest in Luxembourg (54 %) and Germany (49 %), while the share of those having used using anti-tracking software was highest in Estonia (31 %).
These shares were higher for younger EU internet users aged 16 to 24 years than for older ones aged 65 to 74 years. Almost 40 % of younger internet users limited or prevented the amount of cookies and 19 % used anti-tracking software, compared with almost one quarter of older internet users who changed their browser's setting concerning cookies (24 %) and 14 % who used anti-tracking software.
Three quarters of EU internet users experience no security problems
Among people in the EU who have used the internet during the year prior to the 2015 survey, three quarters had not encountered any security related problem when being online. However, the most common problem that was encountered was catching viruses or similar computer infections resulting in a loss of information and time; this was experienced by 21 % of internet users in the EU.
Less common was the abuse of personal information and/or other privacy violations which 3 % of internet users had faced, and financial loss as a result of receiving fraudulent messages or getting redirected to fake websites (3 % of internet users).
Among the EU Member States, around 9 out of 10 internet users in Czechia (90 %) and the Netherlands (89 %) had not experienced any online security problems. However, 41 % of internet users in Croatia and 36 % in Hungary stated in 2015 that their computer had caught a virus or other infection.
The share of older internet users aged 65 to 74 years in the EU who had not experienced any security problems (80 %) was slightly higher than for younger internet users aged 16 to 24 years (72 %). Among both age groups, the most common security problem was catching a computer virus or other infection (24 % of younger and 16 % of older internet users).
Businesses
Having a formally defined ICT policy indicates that a business is aware of the risks to which their ICT systems are potentially exposed. Having such a policy implies a strategy to safeguard data and infrastructure.
3 in 10 SMEs in the EU have an ICT security policy
Nowadays, practically all businesses in the EU (98 %) use computers and among those, only 32 % have a formally defined ICT security policy. For large businesses, this share reached 72 %, while it was less than one third for SMEs (31 %).
Among the EU Member States, around half of all businesses using a computer in Sweden (51 %) and Portugal (49 %) had such a policy, while it was least common for businesses in Hungary (10 %) and Poland (13 %).
Risk most commonly addressed: destruction or corruption of data
Among others, a business' ICT security policy may address the following three types of risks: destruction or corruption of data due to an attack or some other unexpected incident; disclosure of confidential data due to intrusion, pharming or phishing attacks; and the unavailability of ICT services due to an external attack.
In 2015, the risk of destruction or corruption of data was the risk most commonly addressed by EU businesses with an ICT security policy (89 %). A smaller share of businesses addressed the risk of disclosure of confidential data (81 %) and the risk of unavailability of ICT services (71 %) in their ICT security policies.
As the share of large businesses having an ICT security policy was higher than for SMEs, they were also more likely to address the various risks. In 2015, 93 % of large businesses addressed the risks of destruction or corruption of data, compared with 89 % of SMEs; 85 % addressed the risks of disclosure of confidential data, compared with 81 % of SMEs; and 78 % addressed the risks of unavailability of ICT services, compared with 70 % of SMEs.
Among the EU Member States, the largest shares of businesses with an ICT security policy addressing the risk of destruction or corruption of data were found in Cyprus and Hungary (both 99 %) as well as in Romania (97 %). Malta (92 %), Ireland and the United Kingdom (91 %) registered the highest shares of businesses with an ICT security policy addressing the disclosure of confidential data and Hungary (87 %) and Ireland (85 %) the unavailability of ICT services.
