Skip to main content

Cyberattacks are getting worse, but most people aren’t taking basic security steps

cybersecurity steps not being followed
Image Credit: VIN JD from Pixabay

Join us in Atlanta on April 10th and explore the landscape of security workforce. We will explore the vision, benefits, and use cases of AI for security teams. Request an invite here.


Data breaches and ransomware attacks are worsening, but most people aren’t taking simple steps to protect themselves, according to a report released today that polled 2,000 individuals across the U.S. and U.K. on cybersecurity attitudes and behaviors.

The report was conducted by National Cybersecurity Alliance, a nonprofit security advocacy group, and CybSafe, a behavioral security and data analytics company.

The report documents a clear disconnect between IT professionals in the technology industry and the public when it comes to driving adoption of cybersecurity best practices. Public response and implementation of commonly known best practices — including strong passwords, multi-factor authentication (MFA), and others — are tepid at best, the report found. Findings on best practices include:

  • Poor password hygiene: Less than half (46%) of respondents say they use a different password for important online accounts, with 20% saying they “never” or “rarely” do so. Additionally, only 43% said they create a long and unique password either “always” or “very often.”
  • Multi-factor authentication remains a mystery: Nearly half (48%) of respondents say they have “never heard of MFA.”
  • Software update installation lagging: Nearly a third (31%) of respondents say they either “sometimes,” “rarely,” or “never” install software updates.

“There is overwhelming proof that simple best practices such as strong passwords, MFA, and regularly installing updates can work wonders for boosting overall cybersecurity,” said CybSafe CEO and founder Oz Alashe. In order to reverse the trend of people failing to take these steps, IT professionals need to take a more human-centric view when devising security solutions, the report concluded.

VB Event

The AI Impact Tour – Atlanta

Continuing our tour, we’re headed to Atlanta for the AI Impact Tour stop on April 10th. This exclusive, invite-only event, in partnership with Microsoft, will feature discussions on how generative AI is transforming the security workforce. Space is limited, so request an invite today.
Request an invite

Other findings of the report include the following:

  • 25% of millennials and 24% of Gen Zers said they had their identities stolen once, as opposed to only 14% of baby boomers
  • 34% of individuals have personally been a victim of a cyber breach
  • 64% of respondents have no access to cybersecurity training, while 27% of those who do have access choose not to use it

Cybercrime considered more common among millennials and Gen Z

Millennials (44%) and Gen Z (51%) are more likely to say they have experienced a cyber threat than baby boomers (21%), the report found. Additionally, 25% of millennials and 24% of Gen Zers said they’d had their identities stolen once, as opposed to only 14% of baby boomers. In fact, 79% of baby boomers said they had never been a victim of cybercrime, according to the report.

“Despite the myth that older individuals are more likely to be susceptible to cybercriminals and their tactics, our research has uncovered that younger generations are far more likely to recognize that they have been a victim of cybercrime,” said NCA interim executive director Lisa Plaggemier. “This is a stark reminder for the technology industry that we cannot take cybersecurity awareness for granted among any demographic and need to focus on the nuances of each different group. And clearly we need to rethink perceptions that younger individuals are more tech-savvy and engage more frequently in cybersecurity best practices than older technology users.”

Reporting challenges undermine cybersecurity

Of those who were a victim of cybercrime, 61% said they did not report the incident. Only 22% of respondents said they “always” reported a phishing attempt — one of the leading threat types deployed by cybercriminals.

“The technology industry relies on reporting as one of the key pillars in identifying and stopping bad actors, yet even those impacted directly by cybercrime routinely fail to notify the appropriate parties that an incident has occurred,” said CybSafe’s Alashe. “In day-to-day life, it is second nature for individuals to report a crime if they see one; however, this behavior isn’t being replicated with cybercrime. It’s crucial that cybersecurity professionals get to the bottom of why this is the case, as raising reporting rates among people will be pivotal in freeing up time for cyber professionals, helping them to prioritize threats and adjust their strategies.”

VB Daily - get the latest in your inbox

Thanks for subscribing. Check out more VB newsletters here.

An error occured.