The Annual Cybersecurity Attitudes and Behaviours Report 2021 from NCSA and CybSafe for Cybersecurity Awareness Month uncovers key trends, behaviours and habits among US and UK tech users as cyber threat landscape heats up.  

Polling 2,000 individuals across the U.S. and UK, the report examined key cybersecurity trends, attitudes, and behaviours ahead of Cybersecurity Awareness Month this month, and discovered that millennials (44%) and Gen Z (51%) are more likely to say they have experienced a cyber threat than baby boomers (21%).

Additionally, 25% of millennials and 24% of Gen Zers said they had their identities stolen once as opposed to only 14% of baby boomers. In fact, 79% of baby boomers said they had never been a victim of cybercrime. 

“Despite the myth that older individuals are more likely to be susceptible to cybercriminals and their tactics, our research has uncovered that younger generations are far more likely to recognise that they have been a victim of cybercrime,” said NCSA’s Interim Executive Director, Lisa Plaggemier.

“This is a stark reminder for the technology industry that we cannot take cybersecurity awareness for granted among any demographic and need to focus on the nuances of each different group. And, clearly we need to rethink perceptions that younger individuals are more tech-savvy and engage more frequently in cybersecurity best practices than older technology users.”  

Public Not Embracing Safety Best Practices 

According to the report, public response, and implementation of commonly known best practices including strong passwords, multi-factor authentication (MFA) and others are tepid at best:

  • Less than half (46%) of respondents say they use a different password for important online accounts, with 20% saying that they “never” or “rarely” do so. Additionally, only 43% said they create a long and unique password either “always” or “very often.” 
  • Nearly half (48%) of respondents say they have never heard of MFA

“There is a clear disconnect between the technology industry and the public when it comes to driving the adoption of cybersecurity best practices,” said CybSafe’s CEO, Oz Alashe.

“There is overwhelming proof that simple best practices such as strong passwords, MFA and regularly installing updates can work wonders for boosting overall cybersecurity. Ultimately, there is no one-size-fits-all approach when it comes to cybersecurity. In order to reverse this trend and engage people in secure online behaviours more meaningfully, we must take a more human-centric view and understand the behavioural implications that are driving this disconnect.”

Reporting Challenges Undermine Cybersecurity 

According to the report, 34% of individuals have personally been a victim of a cyber breach - of which only 18% say they have been victims more than once, and 19% stating they have been a victim of identity theft. Of those who were a victim of cybercrime, 61% said that they did not report the incident.

Furthermore, only 22% of respondents said that they “always” reported a phishing attempt – one of the leading threat types deployed by cybercriminals. Interestingly, only 29% of individuals indicated they were not intimidated by cybersecurity. 


Limited Access to Cybertraining 

Per the report, 64% of respondents have no access to cybersecurity training, while more than a quarter (27%) of those who do have access choose not to use it. 

“Despite an ongoing rise of incredibly sophisticated cybersecurity attacks, a vast majority of employers and technology manufacturers fail to equip people with the tools and knowledge they need to identify, avoid and report cyberthreats,” said Plaggemier. “Cybersecurity success is highly dependent on the actions of everyday people, and unless we are able to grow our training and education infrastructure dramatically, we will continue to be immensely vulnerable to bad actors.”