The new report also highlights growing anxiety over AI-related cybercrime despite the majority still not using AI tools
The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024, supported by SAP and conducted in partnership with New Zealand’s National Cyber Security Centre (NCSC) and the Australian Cyber Collaboration Centre. Polling over 6,500 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, the research examines key cybersecurity behaviors, attitudes and trends ahead of Cybersecurity Awareness Month.
The survey reveals a growing concern about the intersection of AI and cybersecurity, with 65% of respondents expressing apprehension about AI-related cybercrime. This concern spans across generations, with the Silent Generation (73%) and Baby Boomers (70%) showing the highest levels of worry, while Gen X (61%) remains slightly less concerned. Moreover, the lack of adequate training on AI security and privacy risks is alarming, with 55% of AI tool users reporting they have received no training. These findings highlight a significant gap between rising concerns about AI threats and the actual preparedness of users, pointing to an urgent need for education and security measures as AI continues to evolve.
“The growing concern about AI-related cybercrime reflects a heightened awareness of the digital threats we face,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “However, with over half of participants (56%) not even using AI tools, and most (55%) of those using AI not being trained on the risks, it’s evident that more education and resources are needed. We must continue to offer clear, practical guidance to help individuals understand and manage the risks associated with AI, ensuring they can protect themselves and their families in an increasingly digital world.”
“AI has unleashed a host of new security concerns for CISOs, business leaders, and the general public,” said Oz Alashe MBE, CEO and Founder of CybSafe. “While the security community is well aware of AI-related threats, this awareness hasn’t yet translated into consistent security practices across the workforce. While AI presents unique and urgent challenges, the core risks remain the same. Many employees understand what’s required to safeguard their workplace against cyber threats, but the key to strengthening organizational resilience lies in transforming that knowledge into regular, safe behavior. People want to be part of the solution, but it’s ultimately the responsibility of organizations to provide the tools and support needed for success.”
Overview of key report insights:
Need for Clearer Cybersecurity Guidance Amidst Confusion
Self-reliance in online security is growing slowly but steadily with 54% of participants finding it easy to stay secure online, up 4% from last year. However, 40% still find online security information confusing and 37% feel overwhelmed by security advice, up 5% year-over-year. Despite these challenges, 44% continue to use the internet despite security concerns. Millennials report the highest ease with online security at 62%, while only 32% of the Silent Generation feel the same. The data underscores the need for clearer, more actionable cybersecurity guidance to help users navigate the complexities of online safety.
Rising Cybercrime Highlights Need for Enhanced Protections
Victimization from cybercrime has sharply increased, with 3,346 reported incidents, up by 1,299 from last year. 35% of participants reported being victims of cybercrime, an 8% rise from 2023. Phishing scams were the most common, representing 44% of incidents, though this is a slight decrease of 3% year-over-year. Cyberbullying also rose, affecting 18% of participants, up 3% from 2023. Younger generations are more affected, with 52% of Gen Z and 46% of Millennials reporting losses due to online scams. In contrast, Baby Boomers and the Silent Generation experienced lower rates of victimization. These trends emphasize the urgent need for stronger cybersecurity measures and increased awareness to combat the growing threat of online scams and bullying.
High Reporting Rates for Cybercrime Highlight Increased Awareness
Reporting rates for cybercrime have risen, with 91% of victims reporting incidents, up 3% from last year. Phishing scams were the most frequently reported at 89%, followed by online dating scams and identity theft at 92%. The USA has the highest reporting rate for identity theft at 96%. Although overall reporting is high, 12% of cyberbullying victims did not report the incident. Phishing scams are typically reported to banks (61%), online dating scams to workplaces (41%), and identity theft to banks (59%). These figures reflect growing awareness and response, but also highlight the need for continued improvements in reporting mechanisms and support.
Decline in Cyber Training Access Reveals Shortcomings and Opportunities
Access to cybersecurity training has declined, with 56% of participants lacking access, down 8% from last year. Despite this, 33% now have and use training, a 7% increase. Most training is received through one-off courses, and Gen Z (44%) and Millennials (47%) report the highest access rates. Training is predominantly accessed at work (66%), with 83% finding it useful. Mandatory training is high at 86%, with 45% of the USA completing it annually. Overall, training has improved key security behaviors, including phishing recognition (52%) and MFA adoption (45%).
Gaps in Password Management and MFA Adoption Persist
Despite growing awareness, significant hurdles remain in password management and multi-factor authentication (MFA) practices. Only 65% of participants consistently use unique passwords, with 60% citing difficulty remembering them as a key barrier. Password managers are underutilized, with 40% of users preferring browser-based solutions, while 46% have never used one. Although 81% are aware of MFA, only 66% use it regularly, and its adoption varies widely by region. Notably, 45% of those who use MFA do not enable it for work-related social media accounts. This data highlights a need for more effective strategies to improve password practices and increase MFA usage across all sectors.
To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2024,” please visit: https://staysafeonline.org/resources/oh-behave-the-annual-cybersecurity-attitudes-and-behaviors-report-2024/
For more information on Cybersecurity Awareness Month please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/
