Despite more than half of us being constantly connected online, belief in cyber security is starting to wane, according to the Annual Cyber Security Attitudes and Behaviours Report from CybSafe and The National Cyber Security Alliance, released last week.
The report, compiled from over 7000 respondents from 7 countries, explores how people approach security, interact with new technologies, and respond to cyber threats.
The findings lay out a concerning gap between perceived knowledge and actual security behaviours, alongside the rising influence of artificial intelligence (AI) in everyday online interactions.
The good news is that 81% of participants believe that staying secure online is a priority. However, that figure has dropped 3% in the last year. Just 60% of people believe that online safety is worth the effort, a fall of 9% compared to last year.
People are feeling more and more helpless in the modern online world, particularly younger generations. 30% of participants said there is no point in protecting themselves, as their information is already online. That’s up 8% from last year.
Cyber Security Awareness vs Cyber Security Action
One of the most striking findings in the report is the disconnect between people’s confidence in their cyber security knowledge and their actual behaviour.
The findings of the report suggest that Cyber Security Awareness Month isn’t enough to protect us from cyber threats. More than half of the participants (57%) claimed to have intermediate or advanced cyber security knowledge, so they’re already aware. But that awareness doesn’t translate into security. The four key aims of this year’s awareness month are to encourage people to:
40% of participants said they had created passwords using a single dictionary word or someone’s name. Over a third included personal information in their passwords.
- Turn On Multi-Factor Authentication (MFA)
While awareness of MFA has increased this year to 81% of participants, 24% of those people either don’t use it or have stopped, often because of inconvenience or a belief that a password is enough.
- Recognise and Report Phishing
Two-thirds of participants reported being confident in recognising phishing emails, with younger generations more likely to check for illegitimate email addresses, and older generations focusing on spelling and grammar. However, 29% of people are still reluctant to report phishing, because they doubt how effective reporting is at stopping cyber criminals.
- Update Software
While the majority know how to install updates (62%), a notable number either delay (16%) or avoid doing so (20%). Despite the convenience of automatic updates, only 45% have enabled them.
Perhaps this is a sign that the time for ‘raising awareness’ of cyber security issues is over, and it’s time to shift the focus to ‘Cyber Security Action Month’ instead, to encourage us all to actually put the advice we’re all aware of into practice.
Growing Reliance on AI – With Risks
AI has dominated so many cyber security conversations in the last year, but over half (56%) of respondents still don’t use any AI tools. Which might be a good thing, given how everyone else is putting them to use. More than half of employed participants and students had not received training on safe AI use.
What’s even worse is that 38% of people admitted to sharing sensitive work information with AI without their employer’s knowledge. In fact, 46% of Gen S respondents admitted to that.
While AI offers tremendous potential in enhancing productivity and efficiency, many users remain unaware of the associated cyber security risks.
For example, many AI-powered tools collect significant amounts of user data, raising concerns about how this data is stored and secured. The lack of proper oversight in using these tools increases the risk of data breaches, as malicious actors can exploit unpatched vulnerabilities in AI software.
As such, educating users on how to safely interact with AI-driven technologies is so important. Companies offering AI services must also implement rigorous security protocols to ensure data integrity and user privacy.
Media’s Role in Cyber Security Perceptions
The media’s influence on cyber security attitudes is another key takeaway from the report. With news outlets regularly covering high-profile cyberattacks and data breaches, there is growing awareness of cyber security threats, but it can often lead to a paradox. Most respondents indicated that media coverage made them more aware of cyber risks, but at the same time, it can be overwhelming.
44% of individuals noted that they felt scared about their online security as a result of media reports about cyber threats. 47% reported that coverage of online security makes it seem complicated, an increase from last year.
Making sure coverage prompts users to take action, without overwhelming them with information or risks is a difficult balance.
Importance of Cyber Security Awareness Training
Access to cyber security training has increased for the first time in four years. However, 56% of participants still lack access to security education.
The vast majority of those who had undergone training found it useful, particularly in terms of recognising and reporting phishing, and MFA.
Of the people with access to training, 86% of them had to complete mandatory training, but less than half had to complete training annually.
Organisations that prioritise regular training sessions for their employees have a much better chance of mitigating threats posed by human error, which remains one of the leading causes of security breaches globally.
Actionable Recommendations for Businesses
The report provides several key recommendations to help organisations strengthen their cyber security posture. These include:
- Implement Behavioural Change Initiatives: Businesses should focus on promoting positive security habits through targeted behavioural change campaigns. Rather than overwhelming employees with technical jargon, it’s more effective to simplify cyber security concepts and emphasise personal responsibility. Action is much better than awareness.
- Use AI with Caution: As AI becomes more integrated into business operations, it is important to establish strong security controls around AI systems early on. Regular vulnerability assessments, coupled with solid use protocols and training, can prevent AI from becoming a threat to your data.
- Customised Security Awareness Training: Tailor cyber security training to different demographics within your organisation. Younger employees may require more dynamic and video-oriented training programs, while older generations might benefit from traditional learning methods such as written materials and guided tutorials.
The findings from the Annual Cyber Security Attitudes and Behaviours Report highlight the growing challenges faced by individuals and organisations in maintaining robust cyber security practices. The rapid adoption of AI tools, generational differences in security attitudes, and the gap between perceived knowledge and actual behaviour all pose significant risks.
Get In Touch With OmniCyber Security
If you’re concerned about the state of your cyber security or want to make sure your organisation is following best practices, OmniCyber Security can help. We specialise in providing tailored cyber security solutions, from penetration testing to PCI DSS certification. Contact us today to find out how we can help with protecting your business against the latest cyber threats.
