“Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021”
National Cyber Security Alliance, October 5, 2021
Reports & Research
By Dr. Inka Karppinen, Behavioral Scientist, CybSafe; Ruya Ince, Survey Specialist, CybSafe
“The human aspect of cybersecurity is widely recognized as a critical component of cyber resilience and risk reduction. However, one of the least understood areas is that of security behaviors and attitudes. Specifically, the gap or disconnect between knowledge and action.
In honor of Cybersecurity Awareness Month 2021, the National Cyber Security Alliance and CybSafe have launched the world’s first Cybersecurity Attitudes & Behaviors Report. The research report is the first of its kind. It examines cybersecurity attitudes and behaviors of the general public, shedding light on one of the most important aspects of cyber risk – the human factor.
This research applies scientific rigor and robust data analysis to help academics, practitioners and policy makers around the world better understand people-related security issues as they relate to enhancing awareness, influencing security behavior and improving security culture.”
Welcome, dear readers, to the Annual Cybersecurity Behaviors and Attitudes Report 2021! You’re probably wondering what the significance of the title of this report is… If you guessed that it’s one of Austin Powers’ many catchphrases, you’re right! But it also nicely ties in to the theme of this report – understanding cybersecurity behaviors.
This inaugural issue published during Cybersecurity Awareness Month 2021 marks the launch of an annual research report series. We aim to better understand and share insights into people’s security attitudes and behaviors. This report is the first of its kind and sheds light on one of the most important aspects of cyber risk – the human factor.
People –yes, we pesky human beings– are widely recognized as one of the most critical components of cyber resilience and risk reduction. But, one of the least understood areas is that of security behaviors and attitudes. Specifically, the gap or disconnect between knowledge and action.
We often make assumptions when trying to understand how to reduce the cyber risk associated with people. Sometimes, these assumptions are wrong. Even when they’re right, we can miss the real reason behind the truth and therefore draw the wrong conclusions. It’s time for this to stop.
Current behavior patterns provide us some of the best predictors of future human behavior-related risk. And so, we’ve decided to build a body of research data that enables anyone to optimize their approach to how they influence security awareness attitudes and behaviors in the future.
Two thousand people from the US and the UK completed a specially designed survey to assess security attitudes and behavior across the general public.
In this first report, we’ve concentrated on a handful of core cybersecurity behaviors:
- Creating and managing passwords
- Applying Multi-Factor Authentication (MFA)
- Installing the latest updates
- Checking message legitimacy
- Recognizing and reporting phishing
- Backing up data
The work doesn’t stop here! Along with the above core behaviors, this research report looks to answer questions on the general public’s levels of security awareness and engagement. What motivates the application of security advice leading to good security behaviors? What are the main barriers to not applying security advice in practice? Why do people willingly hand over personal data to see which “Harry Potter” character they most relate to?!
Examining the trends in cybersecurity core behaviors helps us personalize and tailor our security awareness efforts. Instead of providing ‘one-size-fits-all’ advice, we can harness individual differences and trends in security awareness, attitudes, and behaviors. The world would be quite boring if we were all the same, no?
This is another big step in making society a more secure digital place. So settle down, grab yourself a cup of your favourite hot beverage, and take it all in. We’re delighted to be on this journey with you!
Oz Alashe MBE, CEO, CybSafe
Lisa Plaggemier, Executive Director, The National Cybersecurity Alliance
About the Authors:
Dr. Inka Karppinen, Behavioural Scientist @ CybSafe with passion for Cyber Psychology and Human Factors Research.
Ruya Ince, Survey Specialist, CybSafe. UX researcher | Mixed Methods Research | Balancing human and business interests through cross-cultural design research.
- CybSafe: “We are CybSafe. We’re a British cyber security and data analytics company. We build incredible software that makes it easy to manage human cyber risk. We’re on a mission to revolutionise the way society addresses the human aspect of cyber security. Our technology uses science and data to help people when they need it most. In the way that is most effective for them.”
- The National Cyber Security Alliance (NCSA) builds strong public/private partnerships to create and implement broad-reaching education and awareness efforts to empower users at home, work and school with the information they need to keep themselves, their organizations, their systems and their sensitive information safe and secure online and encourage a culture of cybersecurity.