Q&A: Here’s why VPNs are likely to remain a valuable DIY security tool for consumers, SMBs

By Byron V. Acohido

It is astounding that billions of online accounts have been breached over the past 18 years and that US consumer accounts are by far the most compromised.

Related: VPNs vs ZTNA

Now comes hard metrics quantifying the scope of this phenomenon. It’s in findings of a deep dive data analytics study led by Surfshark, a supplier of VPN services aimed at the consumer and SMB markets.

Surfshark partnered with a number of independent cybersecurity researchers to quantify the scope and pattern of data breaches over the past couple of decades. For this study, a data breach was defined as an intruder copying or leaking user data such as names, surnames, email addresses, passwords, etc. Much of the hard evidence came from correlating breached databases sitting in the open Internet.

Data scientists sorted through 27,000 leaked databases and created 5 billion combinations of data. Researchers could then sort those combinations based on specific data points, such as countries, and perform a statistical analysis of their findings.

The data analytics show:

•A total 2.3 billion U.S. accounts have been breached so far. The scale is so massive that it makes up 15 percent of all breached users globally since 2004 (the year data breaches became widespread)

•More than two thirds of American accounts are leaked with the password, putting breached users in danger of account takeover.

•Statistically, every US internet user has lost 27 data points on average to online breaches, most of them emails, passwords and usernames.

Essential security tool

Post Covid 19, these patterns are likely to become even more engrained as digitally remote work, education, healthcare and entertainment activities predominate. VPNs factor into this shift, as the burden on individual consumers to preserve privacy and secure their sensitive data is greater than ever.

VPNs have emerged as a powerful tool that consumers and SMBs have at their disposal to try to stay safe and private online in today’s risky online environment. In the enterprise space, VPNs are showing signs of becoming obsolete – to be superseded by cloud-centric Zero Trust Network Access (ZTNA) systems. Yet in the consumer and SMB space, VPNs role as an essential privacy and security tool for individuals and small companies appears to be solidifying.

I had the chance to discuss this with from Justas Pukys, product owner at Surfshark and a lecturer at Vilnius Tech University. Here are excerpts of our dialogue, edited for clarity and length:

LW: Is it safe to assume demand for consumer VPNs has spiked, post Covid19?

Pukys: VPN and other digital products’ demand tends to rise as people are forced to spend more time indoors, especially during colder months of the year. The COVID-19 pandemic has prolonged our screen times and shifted remote work opportunities. Thus, paired with the rise of cybercrime during that time, the situation has made cybersecurity products a necessity in many cases.

LW: What strategic shifts have VPN vendors been making, Covid19?

Pukys: From a strategic side, VPN suppliers made more appealing deals that would encourage users to use their product. Another aspect is to ensure that users may access all the content securely.

At Surfshark, we put a lot of focus on humanizing digital security to make it accessible to all. Since internet security has become a concern of all people and is no longer designated to a niche audience only, it has been our main strategy right from the beginning.

LW: Who would you personally rank in the Top 5 suppliers of VPN services servicing individual consumers?

Pukys: Without Surfshark being in 1st place, it would be: Nord VPN; Express VPN; Private Internet Access (PIA; ) Proton VPN.

LW: What differentiates the Top 5 consumer VPN suppliers; what’s distinctive about each one?

Pukys: Nord puts a lot of effort, in terms of advertising, to the gaming/streaming community. They also have other distinctive products like NordPass, Nord Locker or Nord Layer that’s focused towards the B2B layer, which make Nord a big security suite that can be used by everyone.

Express VPN focuses on simplicity and quality of a service; Proton VPN – aims to be second secure “Google Suite” with its other products, such asProtonMail, Proton Calendar, etc.; PIA suggests lots of customization for more geeky users.

LW: Can you generally frame the competitive dynamics?

Pukys: During the last few years, with the rise of cyber security threats and more people working from home due to Covid, VPN popularity grew quite a lot. There are lots of new VPN competitors that enter the market, so the competition was already quite big and it keeps getting bigger.

LW: How much pricing elasticity is there?

Pukys: If you mean VPN pricing between suppliers, the range is quite wide – from free VPN services to $20 per month. Depending on the pricing plans, the prices could be even bigger. That’s for the B2C users. Business-focused VPNs cost even more, depending on the size of the organization and users’ count that would use the product.

So, the user really has the ability to choose what best fits his pocket. Of course, quality always comes with a price, especially considering server infrastructure costs around the world and other operational expenses.

LW: What’s customer retention and switching like?


Pukys: Customers always choose what fits their needs best. If you create a good product, people will love it and they will use it. If not, well, then they will go for whatever product that’s more appealing. That creates competition – ensuring that the user can get the best experience possible, which would bring the customer to you. We keep our retention rates optimal by ensuring that marketing promises and onboarding experience match to live up to customers’ expectations.

LW: Very generally, how should a consumer go about choosing which VPN to use?

Pukys: The user should know what he wants to use the VPN for. If he needs security and protection – he should research what protocols the VPN uses, how secure those protocols are, how the company treats the user’s data, etc. Or maybe the user needs to go into more deep technical stuff – then he should check if VPN has features like custom DNS or port forwarding features.

It all comes down to particular use cases, for which the user needs to do a little bit of research to find what fits his needs best.

LW: What role should we expect  VPNs to play, going forward, in the consumer space?

Pukys: According to various researches, with the rapid advancements of IT technologies there are more and more cyber security threats, for individuals and for companies as well. Our studies show this worrying trend in many technologically advanced countries, with the UK and Netherlands seeing around 40-50 percent YoY rise in cybercrime during 2021 alone.

For that reason, VPNs will get more and more important to keep peoples’ data and privacy secure.  Also, people are more aware of such threats than they were 3 or 5 years ago. And they care about that, they care about their data and their privacy. I think that in the future VPNs will be more or less a default feature for our computers or phones.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone