WASHINGTON – October 3, 2023 – The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023 supported by Iris® Powered by Generali and conducted in partnership with CERT-NZ. Polling over 6,000 individuals across the United States, UK, Canada, Germany, France and New Zealand, the research examined key cybersecurity behaviors, attitudes and trends ahead of Cybersecurity Awareness Month.
The survey findings highlight a shift in how Americans view cybersecurity as more and more people understand the importance of staying safe online. A significant majority (79%) now recognize Multi-Factor Authentication (MFA) and, encouragingly, 70% within this group are actively using it to enhance their online security on a regular basis. However, despite these positive trends, there are concerns about access to adequate training; based on the survey only 44% of participants in the United States reported having access to cybersecurity training programs.
“The rise of proactive cybersecurity measures in the U.S. is encouraging, showcasing improved threat awareness and readiness to respond,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “However, emphasizing the need for affordable, accessible, and comprehensive cybersecurity measures to safeguard individuals by both the private and public sector is going to be paramount in an increasingly digital world.”
“While the improving awareness over the past year suggests the public is moving in the right direction, the next step is turning that awareness into actions that provide real protection. As people become aware of the threats, we must encourage them to act and use the available tools to protect themselves online.” Said Oz Alashe, CEO and Founder of CybSafe, “Additionally, the perception of high costs associated with online protection from our findings highlights the importance of showcasing and delivering affordable cybersecurity solutions that are accessible for everyone.”
Overview of key report insights:
Awareness and Adoption of Cybersecurity Measures Continue to Grow
Within the U.S., there has been a substantial surge in cybersecurity awareness, with 79% of respondents demonstrating familiarity with MFA. Notably, a majority (70%) of those who have heard of the security measure know how to use MFA and regularly incorporate it into their online security measures, underscoring their growing dedication to safeguarding their digital accounts. Moreover, the adoption of password managers has made significant headway, with 38% of Americans utilizing these tools to bolster password security. These findings reflect a promising trend, indicating that Americans are increasingly well-informed and proactive in their cybersecurity endeavors.
Adoption of Proactive Cybersecurity Practices Show Promising Signs
American citizens are embracing proactive approaches to fortify their online protection. In the U.S., 61% of respondents demonstrate a strong commitment to staying informed about security updates by consistently updating their software and applications, with 33% doing it always and an additional 28% doing it very often. Additionally, a significant majority (69%) express confidence in their ability to identify phishing attempts, signifying improved awareness of digital threats. This newfound confidence translates into action, as 51% of Americans actively report cybercrimes, particularly instances of phishing.
While individuals are increasingly taking proactive steps to secure their digital lives, the survey found that 39% of participants expressed frustration and 37% felt intimidated by the process of staying secure online. These sentiments were felt globally and underscore the need for user-friendly cybersecurity solutions, or solutions that are secure by design and secure by default, meaning security is happening behind the scenes and doesn’t require action by the end-user. Bridging these gaps is critical to empowering users and encouraging the widespread adoption of effective cybersecurity practices, ultimately fortifying the digital security landscape.
Concerns and Victimization on the Rise
Cybersecurity concerns have intensified in the U.S., with 61% of participants expressing apprehension about becoming victims of cybercrime. This heightened level of awareness likely arises from a greater likelihood of attack. Americans were the most targeted of all the countries surveyed, with a substantial 36% of respondents acknowledging they have been victims of one or more cybercrimes. These fears of falling victim to cybercrime are felt worldwide as there was a 7% increase in the overall number of people who felt they may become victims of cybercrime compared to last year. The survey also found that half of the participants across the nations surveyed thought they were potential targets for cybercriminals, underscoring the necessity for continued efforts to bolster cybersecurity measures.
A Generational Divide Highlights Key Vulnerabilities
The data reveals a notable shortcoming among younger generations – despite their understanding of online risks and security measures, and even with the highest access to cyber training (56% of Gen Z and 50% of Millennials), this group still faces a disproportionately higher rate of cybercrime victimization.
Astonishingly, 43% of Gen Z and 36% of Millennials reported being victims of cybercrimes, significantly more than the Silent Generation (20%) and Baby Boomers (15%) who lack access to formal cybersecurity training. At the same time, these digital natives are twice as likely to disagree with the idea that security is worth the effort. This is reflected in their cyber habits, with half of Gen Z and 41% of Millennials admitting to using personal information like names of family members or pets, dates and places when creating passwords. These findings underscore the urgent need for targeted educational initiatives that empower older generations while incentivizing tech-savvy digital natives to adopt safer online behaviors and a more secure digital environment.
Despite Increased Cyber Awareness, Gaps in USA Education and Training Persist
Awareness of cybersecurity practices is on the rise, but gaps in education and training persist. While 70% of respondents in the USA indicated familiarity with MFA, 30% of those aware of the feature admitted to not using it regularly, pointing to the potential for expanded adoption. Concerns also linger around password security, as 38% of Americans incorporate personal information into their passwords, potentially jeopardizing the security of their accounts. Additionally, while data backup practices have shown improvement, further attention is needed, as only 48% of respondents consistently back up their data. Addressing these educational gaps will be pivotal in enhancing cybersecurity knowledge and practices.
Cost and Access Challenges Persist
Perceptions of high cybersecurity protection costs have escalated, with 49% of respondents across nations viewing it as an expensive endeavor. Furthermore, disparities in access to cybersecurity training persist, with only 44% of American participants reporting access to such programs. Notably, Americans exhibit a preference for online training courses (49%), emphasizing the need for flexible learning options to bridge the educational divide. Overcoming challenges related to cost and accessibility will be essential to ensure that cybersecurity remains attainable and affordable for all individuals in the US.
CybSafe’s active contribution greatly enhanced this collaborative cybersecurity study, providing advanced insights and behavioral analysis. Additionally, partnerships with Iris® Powered by Generali and CERT-NZ bolstered the study’s global perspective, offering invaluable insights into the cyber landscapes of New Zealand and Germany, thereby fostering a holistic analysis of cybersecurity attitudes and behaviors.
To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2023,” please visit: https://staysafeonline.org/online-safety-privacy-basics/oh-behave/.
For more information on Cybersecurity Awareness Month please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
About National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure,
interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (January 28); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.
About CybSafe
CybSafe is cloud-based software that reduces organizational risk by improving people’s security decisions and behaviors. It educates, nudges, and provides real-time, tailored cyber assistance for users so that they can be secure in their daily digital lives. It’s the only human risk software solution that helps security professionals target specific security behaviors. It also provides security behavior, culture and risk reporting metrics that allow you to pre-empt security problems.
CybSafe is underpinned by a data-led model of human behavior and leverages SebDB, the world’s most comprehensive security behavior database. It’s designed for a modern workforce and a hybrid working environment.