Fewer industries suffer from more blatant misinformation in their marketing campaigns than cybersecurity. The primary goal of cybersecurity companies is to keep people safe. However, many of these companies target unsophisticated consumers with misleading ads that misrepresent what their products actually do. In some instances, cybersecurity companies may even make people less safe.
Even those informed about cybersecurity practices often cannot fully articulate their methodology. For instance, many users on the internet know that the lock symbol in their preferred search browser means that the website they are visiting has a secure encrypted connection through TLS (Transport Layer Security). This built-in feature of the internet covers many of the features marketers purport VPNs (Virtual Private Networks) help consumers secure. While VPNs do offer certain utility to both consumers and businesses, it’s frequently not what the marketing messaging describes.
VPNs cannot guarantee one’s protection on the internet in the ways they are marketed. They do not protect accounts from being broken into, and they don’t protect against phishing attacks. You may know a person or two who has had their Instagram account hacked; VPNs wouldn’t have prevented this from happening. Also, VPNs do not prevent hackers from phishing your email and coaxing you into installing malware on your devices. Finally, VPNs do not prohibit websites from installing on your browser the cookies that disclose your previous browsing history to outsiders.
Major companies in the consumer cybersecurity industry also market identity theft insurance products in a way that is less than ethical. Companies sell these products as cybersecurity countermeasures, but identity theft insurance products existed long before platforms on the internet began to implement most modern security standards. Identity theft insurance products don’t solve the digital security problems of the average consumer because they provide coverage for something most consumers are protected from by their financial institutions.
Companies that sell identity theft coverage make software that monitors your credit and alerts you to potential fraud—a great feature. However, many of these companies market their coverage as cybersecurity protection. Signing up for ID theft coverage, which generally covers things your bank and credit cards are responsible for under federal law, isn’t a way to protect your devices and online accounts—it’s not even true cybersecurity. But that doesn’t stop marketers from convincing people that it’s a way to get more privacy or digital protection.
Both of these examples have led to marketing based on disinformation that leverages fearmongering to make unsuspecting consumers feel anxiety about problems they don’t have. As a society, we face real cybersecurity threats that, unlike ever before, target individuals in their private lives and use them as conduits to attack institutions and companies.
The cybersecurity industry has yet to adopt policies that clearly define products and services. There are so many buzzwords in this industry: VPNs, identity theft coverage, antivirus, firewall, and digital protection, to name but a few. While consumers might not understand the underlying technology—and honestly shouldn’t have to—they intuitively know that some of these products don’t solve their problems.
VPN companies have made a lot of money off of public fears. It’s completely valid that people are afraid of being hacked or tracked on the internet. However, VPNs are not a one-stop shop for users to stay secure on the internet. In fact, they’re a marginal form of protection that is anything but all-encompassing.
Marketers and the cybersecurity industry need to hold themselves to higher standards, or they’ll ruin the industry’s collective reputation. If they don’t change, it will make sense to have more stringent regulations to enforce advertising standards.