WASHINGTON – September 26, 2024 – The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024 supported by SAP and conducted in partnership with New Zealand’s National Cyber Security Centre (NCSC) and the Australian Cyber Collaboration Centre. Polling over 6,500 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, the research examines key cybersecurity behaviors, attitudes and trends ahead of Cybersecurity Awareness Month.
The survey reveals a growing concern about the intersection of AI and cybersecurity, with 65% of respondents expressing apprehension about AI-related cybercrime. This concern spans across generations, with the Silent Generation (73%) and Baby Boomers (70%) showing the highest levels of worry, while Gen X (61%) remains slightly less concerned. Moreover, the lack of adequate training on AI security and privacy risks is alarming, with 55% of AI tool users reporting they have received no training. These findings highlight a significant gap between rising concerns about AI threats and the actual preparedness of users, pointing to an urgent need for education and security measures as AI continues to evolve.
“The growing concern about AI-related cybercrime reflects a heightened awareness of the digital threats we face,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “However, with over half of participants (56%) not even using AI tools, and most (55%) of those using AI not being trained on the risks, it’s evident that more education and resources are needed. We must continue to offer clear, practical guidance to help individuals understand and manage the risks associated with AI, ensuring they can protect themselves and their families in an increasingly digital world.”
“AI has unleashed a host of new security concerns for CISOs, business leaders, and the general public,” said Oz Alashe MBE, CEO and Founder of CybSafe. “While the security community is well aware of AI-related threats, this awareness hasn’t yet translated into consistent security practices across the workforce. While AI presents unique and urgent challenges, the core risks remain the same. Many employees understand what’s required to safeguard their workplace against cyber threats, but the key to strengthening organizational resilience lies in transforming that knowledge into regular, safe behavior. People want to be part of the solution, but it’s ultimately the responsibility of organizations to provide the tools and support needed for success.”
Overview of key report insights:
Need for Clearer Cybersecurity Guidance Amidst Confusion
Self-reliance in online security is growing slowly but steadily with 54% of participants finding it easy to stay secure online, up 4% from last year. However, 40% still find online security information confusing and 37% feel overwhelmed by security advice, up 5% year-over-year. Despite these challenges, 44% continue to use the internet despite security concerns. Millennials report the highest ease with online security at 62%, while only 32% of the Silent Generation feel the same. The data underscores the need for clearer, more actionable cybersecurity guidance to help users navigate the complexities of online safety.
Rising Cybercrime Highlights Need for Enhanced Protections
Victimization from cybercrime has sharply increased, with 3,346 reported incidents, up by 1,299 from last year. 35% of participants reported being victims of cybercrime, an 8% rise from 2023. Phishing scams were the most common, representing 44% of incidents, though this is a slight decrease of 3% year-over-year. Cyberbullying also rose, affecting 18% of participants, up 3% from 2023. Younger generations are more affected, with 52% of Gen Z and 46% of Millennials reporting losses due to online scams. In contrast, Baby Boomers and the Silent Generation experienced lower rates of victimization. These trends emphasize the urgent need for stronger cybersecurity measures and increased awareness to combat the growing threat of online scams and bullying.
High Reporting Rates for Cybercrime Highlight Increased Awareness
Reporting rates for cybercrime have risen, with 91% of victims reporting incidents, up 3% from last year. Phishing scams were the most frequently reported at 89%, followed by online dating scams and identity theft at 92%. The USA has the highest reporting rate for identity theft at 96%. Although overall reporting is high, 12% of cyberbullying victims did not report the incident. Phishing scams are typically reported to banks (61%), online dating scams to workplaces (41%), and identity theft to banks (59%). These figures reflect growing awareness and response, but also highlight the need for continued improvements in reporting mechanisms and support.
Decline in Cyber Training Access Reveals Shortcomings and Opportunities
Access to cybersecurity training has declined, with 56% of participants lacking access, down 8% from last year. Despite this, 33% now have and use training, a 7% increase. Most training is received through one-off courses, and Gen Z (44%) and Millennials (47%) report the highest access rates. Training is predominantly accessed at work (66%), with 83% finding it useful. Mandatory training is high at 86%, with 45% of the USA completing it annually. Overall, training has improved key security behaviors, including phishing recognition (52%) and MFA adoption (45%).
Gaps in Password Management and MFA Adoption Persist
Despite growing awareness, significant hurdles remain in password management and multi-factor authentication (MFA) practices. Only 65% of participants consistently use unique passwords, with 60% citing difficulty remembering them as a key barrier. Password managers are underutilized, with 40% of users preferring browser-based solutions, while 46% have never used one. Although 81% are aware of MFA, only 66% use it regularly, and its adoption varies widely by region. Notably, 45% of those who use MFA do not enable it for work-related social media accounts. This data highlights a need for more effective strategies to improve password practices and increase MFA usage across all sectors.
To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2024,” please visit: https://staysafeonline.org/resources/oh-behave-the-annual-cybersecurity-attitudes-and-behaviors-report-2024/
For more information on Cybersecurity Awareness Month please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit https://staysafeonline.org/programs/cybersecurity-awareness-month/
About the National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Week (January); and CyberSecure My Business
, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.
About CybSafe
CybSafe is the human risk management platform designed to reduce human cyber risk in the modern, remote, and hybrid work environment, by measuring and influencing specific security behaviors.
CybSafe is powered by SebDB—The world’s security behaviors database—and built by the industry’s largest in-house team of psychologists, behavioral scientists, analysts, and security experts. An award-winning, fully scalable, and customizable solution, it’s the smart choice for any organization.
• 91% Reduction in high-risk phishing behavior
• 55% Improvement in security behaviors
• 4x More likely to engage in cybersecurity initiatives
Login
