The National Cybersecurity Alliance (NCA), the
nation's leading nonprofit empowering a more secure and interconnected world,
and CybSafe, the leading behavioral risk
platform, announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors
Report 2024 supported by SAP and conducted in partnership with New
Zealand's National Cyber Security Centre (NCSC) and the Australian Cyber
Collaboration Centre. Polling over 6,500 individuals across the
United States, UK, Canada, Germany, Australia, India and New Zealand, the
research examines key cybersecurity behaviors, attitudes and trends ahead of
Cybersecurity Awareness Month.
The survey reveals a growing concern about the intersection of AI
and cybersecurity, with 65% of respondents expressing apprehension about
AI-related cybercrime. This concern spans across generations, with the Silent
Generation (73%) and Baby Boomers (70%) showing the highest levels of worry,
while Gen X (61%) remains slightly less concerned. Moreover, the lack of
adequate training on AI security and privacy risks is alarming, with 55% of AI
tool users reporting they have received no training. These findings highlight a
significant gap between rising concerns about AI threats and the actual
preparedness of users, pointing to an urgent need for education and security
measures as AI continues to evolve.
"The growing concern about AI-related cybercrime reflects a
heightened awareness of the digital threats we face," said Lisa Plaggemier,
Executive Director of the National Cybersecurity Alliance. "However, with over
half of participants (56%) not even using AI tools, and most (55%) of those
using AI not being trained on the risks, it's evident that more education and
resources are needed. We must continue to offer clear, practical guidance to
help individuals understand and manage the risks associated with AI, ensuring
they can protect themselves and their families in an increasingly digital
world."
"AI has unleashed a host of new security concerns for CISOs,
business leaders, and the general public," said Oz Alashe MBE, CEO and Founder
of CybSafe. "While the security community is well aware of AI-related threats,
this awareness hasn't yet translated into consistent security practices across
the workforce. While AI presents unique and urgent challenges, the core risks
remain the same. Many employees understand what's required to safeguard their
workplace against cyber threats, but the key to strengthening organizational
resilience lies in transforming that knowledge into regular, safe behavior.
People want to be part of the solution, but it's ultimately the responsibility
of organizations to provide the tools and support needed for success."
Overview of key report insights:
Need for Clearer Cybersecurity Guidance Amidst Confusion
Self-reliance in online security is growing slowly but steadily
with 54% of participants finding it easy to stay secure online, up 4% from last
year. However, 40% still find online security information confusing and 37%
feel overwhelmed by security advice, up 5% year-over-year. Despite these
challenges, 44% continue to use the internet despite security concerns.
Millennials report the highest ease with online security at 62%, while only 32%
of the Silent Generation feel the same. The data underscores the need for
clearer, more actionable cybersecurity guidance to help users navigate the
complexities of online safety.
Rising Cybercrime Highlights Need for Enhanced Protections
Victimization from cybercrime has sharply increased, with 3,346
reported incidents, up by 1,299 from last year. 35% of participants reported
being victims of cybercrime, an 8% rise from 2023. Phishing scams were the most
common, representing 44% of incidents, though this is a slight decrease of 3%
year-over-year. Cyberbullying also rose, affecting 18% of participants, up 3%
from 2023. Younger generations are more affected, with 52% of Gen Z and 46% of
Millennials reporting losses due to online scams. In contrast, Baby Boomers and
the Silent Generation experienced lower rates of victimization. These trends
emphasize the urgent need for stronger cybersecurity measures and increased
awareness to combat the growing threat of online scams and bullying.
High Reporting Rates for Cybercrime Highlight
Increased Awareness
Reporting rates for cybercrime have risen, with
91% of victims reporting incidents, up 3% from last year. Phishing scams were
the most frequently reported at 89%, followed by online dating scams and
identity theft at 92%. The USA has the highest reporting rate for identity
theft at 96%. Although overall reporting is high, 12% of cyberbullying victims
did not report the incident. Phishing scams are typically reported to banks
(61%), online dating scams to workplaces (41%), and identity theft to banks (59%).
These figures reflect growing awareness and response, but also highlight the
need for continued improvements in reporting mechanisms and support.
Decline in Cyber Training Access Reveals Shortcomings and
Opportunities
Access to cybersecurity training has declined, with 56% of
participants lacking access, down 8% from last year. Despite this, 33% now have
and use training, a 7% increase. Most training is received through one-off
courses, and Gen Z (44%) and Millennials (47%) report the highest access rates.
Training is predominantly accessed at work (66%), with 83% finding it useful.
Mandatory training is high at 86%, with 45% of the USA completing it annually.
Overall, training has improved key security behaviors, including phishing
recognition (52%) and MFA adoption (45%).
Gaps in Password Management and MFA Adoption Persist
Despite growing awareness, significant hurdles remain in
password management and multi-factor authentication (MFA) practices. Only 65%
of participants consistently use unique passwords, with 60% citing difficulty
remembering them as a key barrier. Password managers are underutilized, with
40% of users preferring browser-based solutions, while 46% have never used one.
Although 81% are aware of MFA, only 66% use it regularly, and its adoption
varies widely by region. Notably, 45% of those who use MFA do not enable it for
work-related social media accounts. This data highlights a need for more
effective strategies to improve password practices and increase MFA usage
across all sectors.