WASHINGTON – September 29, 2022 – The National Cybersecurity Alliance and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2022. Polling 3,000 individuals across the United States, UK and Canada, the research examined key cybersecurity behaviors, attitudes and trends ahead of Cybersecurity Awareness Month.
The report found that user connectivity to the Internet is at an all time high, with 45% of respondents citing that they are always online. Increased connectivity, coupled with a rise in cyberattacks has left users worried about cybercrime and fearing that they’ll be targeted by cybercriminals. These concerns aren’t without merit. Out of more than 1,700 incidents of cybercrime that were disclosed by participants, 36% of those were phishing attacks that led to a loss of money or data, while 24% reported falling victim to identity theft.
“Cybersecurity is no longer a field that can simply be delegated,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “In a world where individuals, businesses and organizations of all types are increasingly relying on digital devices to conduct everyday activities, everyone has a role to play in safeguarding data and information. That is why it is so important to consistently evaluate where individuals stand on all issues involved in the cybersecurity landscape so that we can work together and build a stronger cybersecurity community that can stand up to bad actors.”
“One of the biggest misconceptions is the belief that people are the weakest link in cybersecurity,” said Oz Alashe, CEO and Founder of CybSafe. “The combination of evolving threats coupled with more people accessing the Internet daily for work and recreation means people-related cybersecurity risk must be reassessed. It also makes education and implementation of fundamental cybersecurity practices more important than ever before”
Below is an overview of key report insights:
Nearly Two-Thirds of Tech Users Lack Access to Cybersecurity Knowledge
Per the study’s results, even though more than half (58%) of tech users that had access to cybersecurity training or education cited that they were better at recognizing phishing messages and related attacks, 34% still fell victim to at least one type of cybercrime. And while almost half of respondents state they are “always connected to the Internet”, two-thirds (62%) of users lack access to cybersecurity knowledge altogether and one-third rely on the help of friends and family.
“Although cybersecurity education is a crucial tool for helping people better protect their personal data, it’s only a single component of what should be an encompassing approach to safeguarding users’ devices and their personal information,” said Plaggemier. “Attackers are becoming more aggressive and simultaneously more successful in taking advantage of the average user, meaning that there must be a complete cultural shift to overhaul the way we integrate, approach and entrench better cybersecurity practices within people’s daily lives.”
Cybercrime Remains Prevalent but Drastically Underreported
Romance scams and cyberbullying continue to rise while remaining significantly underreported – particularly in the U.S.. Participants in the U.S. were consistently more likely to have been victims of cybercrime. Moreover, 20% of Millennials and 18% of Gen Z had their identity stolen at least once. In comparison, 27% of Millennials and 34% of Gen Z had lost money/data due to harmful cyber activity such as phishing. This differs significantly from Baby Boomers, where 92% reported never having their identity stolen, and 88% had never lost money/data due to cyberattacks.
This is compounded by the fact that among respondents, 26% of identity theft victims and 31% of phishing victims did not report their incidents directly to service providers or law enforcement. The reporting numbers around romance scams and cyberbullying are even worse, with 45% of romance scam victims and 48% of cyberbullying victims saying they did not report incidents when they occurred.
“The truth is, these figures should be much higher. It’s alarming so many cybercrimes go unreported to relevant channels and agencies that can help with remediation,”said Alashe. “What is most concerning is our research found the most common reasons for not reporting – like not knowing who to report the crime to, not understanding how to alert the right authorities and feeling that there was no point in reporting the crime at all – are all things that should have been addressed long ago. Reporting is fundamental to cybersecurity incident prevention, so we need to find ways to boost awareness about both the importance of reporting cybercrime and how exactly to do it.
Prioritizing Cybersecurity is Important but Frustrating to Users
The research also revealed that while cybercrime continues, individuals are not underestimating the threats that cybercrime presents. 57% of respondents expressed they were worried about cybercrime, and 43% felt they were likely cybercrime targets. Additionally, most respondents (78%) consider staying secure online a priority and two-thirds (66%) think it is ‘achievable.’
However, 46% of those polled felt frustrated while staying secure online, and 39% of users trying to keep safe felt information on how to stay secure online is confusing. There also remain significant problems in understanding how cybersecurity and devices work. Nearly a third (35%) presumed that their devices are automatically secure. And participants across all three countries mainly relied on others for backing up data and installing the latest software.
“We are nearing a point where everyone will be connected to the internet all the time, and unfortunately, that means everyone has the potential to be vulnerable to basic cyberattacks,” said Plaggemier. “Businesses, organizations, schools and even friends and family need to make the adoption of security behaviors a priority. Increasing adoption and eliminating setbacks during the overall process of remaining safe and secure needs to be an all hands on deck approach.”
Adoption of Key Cybersecurity Best Practices Continues to Lag
This year’s research also uncovered significant shortcomings among the general public in adopting many of the most effective cybersecurity best practices, such as using a password manager and multi-factor authentication (MFA), installing software updates, and general password upkeep. For example:
- 36% of individuals do not always create unique passwords or even a majority of the time, while only 18% of individuals have downloaded a password manager.
- 43% of respondents said they had never heard of MFA.
- 37% of individuals do not have automatic software updates enabled.
- Only 43% of individuals say they back up their data either “always” or “very often.”
“MFA, password managers and other ‘basic’ cybersecurity best practices have been shown to be incredibly effective in thwarting cyber criminals, yet adoption continues to be a big problem,” said Alashe. “We need to find a way to break through the age-old misperceptions that these steps are annoying or cumbersome and replace them with the facts: these tools can significantly lower the chances of becoming a cybercrime victim.”
To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2022,” please visit: https://staysafeonline.org/online-safety-privacy-basics/oh-behave/ . For more information on Cybersecurity Awareness Month please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
About National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure,
interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good.
Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (January 28); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.
About CybSafe
CybSafe is cloud-based software that reduces organisational risk by improving people’s security decisions and behaviours. It educates, nudges and provides real-time, tailored cyber assistance for users so that they can be secure in their daily digital lives. It’s the only human risk software solution that helps security professionals target specific security behaviours. It also provides security behaviour, culture and risk reporting metrics that allow you to pre-empt security problems.
CybSafe is underpinned by a data-led model of human behaviour and leverages SebDB, the world’s most comprehensive security behaviour database. It’s designed for a modern workforce and a hybrid working environment.
For more information, please visit www.cybsafe.com.