What We Learned from the 2023 Annual Cybersecurity Attitudes and Behaviors Report

This third annual report is breaking new ground by expanding the scope and enhancing its research methods. With over 6,000 participants from six nations and a focus on diverse cybersecurity aspects, this report offers fresh insights. Refined questions, added qualitative inquiries, and strategically targeted employed participants, all to provide a comprehensive view of cybersecurity attitudes and behaviors.

The digital landscape continues to expand at an astonishing rate, with a remarkable 93% of the participants indicating daily online activity. 7% of individuals reported connecting to the Internet less than once a day. Our lives are increasingly intertwined with the online realm as we maintain numerous accounts spanning various websites and applications, some of which house our sensitive personal data.

The revelation is striking: nearly half of the participants, a substantial 47%, manage ten or more sensitive online accounts, including those tied to payments and primary email. Even more astonishing, 15% of respondents candidly confessed that they’ve lost track of the sheer number of such accounts in their digital portfolio.

While attitudes toward online security are generally positive, a significant portion of participants express frustration and doubt. Impressively, 84% view security as a priority, and 69% believe it’s attainable. However, not everyone sails smoothly on the sea of online security. A substantial 39% find themselves frustrated, while 37% admit feeling intimidated by the challenges of staying secure online.

For some, the abundance of cybersecurity information becomes overwhelming, leading 32% to scale back their online activities. Furthermore, security often comes at a cost, with nearly half of respondents (49%) acknowledging the financial implications of protective actions.

Interestingly, 69% consider the effort invested in online security worthwhile. Nevertheless, younger generations, such as Gen Z (21%) and Millennials (23%), express more skepticism about the return on investment compared to Baby Boomers (6%) and the Silent Generation (9%).

Media coverage plays a pivotal role, motivating 56% of participants to take protective security measures, while 51% find it valuable for staying informed. However, it’s not all positive, as 44% of respondents admit that media coverage can evoke fear, and 42% believe it overly complicates online security.

In the ever-evolving landscape of cybersecurity, training emerges as a vital cornerstone. However, the training terrain is uneven. Surprisingly, just over a quarter of participants (26%) reported having access to and utilizing cybersecurity training. Alarmingly, a staggering two-thirds (64%) of individuals noted a glaring absence of any training opportunities.

Who gets the privilege of training? Primarily, those in employment (47%) or engaged in studies (49%) tend to have better access. Nonetheless, a significant portion, 53%, of the employed still find themselves without training access.

Regarding learning preferences, online training courses take the lead, preferred by almost half (47%) of employed participants, surpassing in-person training (24%). Interestingly, there’s a growing affinity for nudges and alerts, with nearly a fifth (19%) expressing a preference for just-in-time alerts and notifications.

The importance of cybercrime reporting is on the rise, shedding light on the incidents and their impact. Participants bravely shared their experiences, disclosing 2,047 incidents resulting in financial losses or data breaches. These incidents encompassed phishing attacks, identity theft, and even online dating scams.

27% of respondents admitted falling victim to at least one form of cybercrime. While this marks a 7% decrease from the previous year, it is concerning that 50% of participants perceive themselves as potential targets for cybercriminals, indicating a 7% increase in such concerns.

Phishing emerges as the star of the cybercrime show, constituting 47% of total incidents. Surprisingly, online dating scams (27%) have surpassed identity theft (26%) compared to last year.

Millennials find themselves in the cybercrime spotlight, leading the pack with incidents, particularly online dating scams (44%), followed closely by phishing (36%) and identity theft (37%).

On a positive note, 88% of those affected by cybercrime reported their experiences to someone. Reporting rates remained favorable across all crime types, with only a small fraction of incidents leading to data or money loss going unreported: 14% for phishing, 16% for online dating scams, and 8% for identity theft.

The type of crime influenced reporting channels, with 59% of phishing victims reporting the incident to their bank or credit card company, 54% of identity theft victims, and 42% of online dating scam victims. These trends in reporting reflect a growing awareness of the importance of sharing cybercrime experiences.

We’ve delved deep into cybersecurity behavior, uncovering five key practices that make a difference (yet respondents are drastically overlooking):

• Over a third change passwords only when necessary.
• Almost half create passwords on their own.
• Younger generations often update passwords minimally.

• More than half have never used a password manager.
• Many prefer writing down passwords or relying on memory.

• Nearly one-third haven’t heard of MFA.
• Awareness varies across generations.

• Most keep devices updated, but some lag behind.

• While most check for phishing, some struggle to spot it.
• Reporting phishing varies among participants.