<img height="1" width="1" src="https://www.facebook.com/tr?id=156746741685952&amp;ev=PageView &amp;noscript=1">
SCHEDULE A CALL
Show all

2024 Cybersecurity Survey

2024 Cybersecurity Survey Offers New Insights into Internet User Behavior and Attitudes

Now in its fourth year, the survey of online behaviors and attitudes is conducted annually by the National Cybersecurity Alliance and CybSafe. The 2024 survey, conducted between March 6 and April 22, 2024, included 7,012 adult individuals in the United States, Canada, United Kingdom, Germany, Australia, New Zealand, and India. 2024 represents the largest sample size to date.

  • The National Cybersecurity Alliance is a U.S. non-profit dedicated to creating a more secure interconnected world by educating people in the safe use of technology and in effectively protecting themselves, their families, and their organizations from cybercrime.
  • CybSafe is a British company whose human risk management platform incorporates a global security behaviors database and is designed to reduce human cyber risk in modern, remote, and hybrid work environments by measuring and influencing specific security behaviors.

The results of their annual survey are published in the Cybersecurity Attitudes & Behaviors Report released each October in conjunction with Cybersecurity Awareness Month.

About the Survey Audience

In the 2024 cybersecurity survey, two thirds of respondents (67%) were employed by organizations, which makes the survey findings especially important for employers in providing actionable insights. The survey continues to evolve, and a notable change in 2024 was the addition of Australia and India to the survey, with France dropping off the list. It is also important to note that the 7,012 survey participants were evenly distributed across the seven participating countries—with roughly 1,000 individuals per country—in addition to being evenly split between male and female respondents.

Among generations, Millennials (currently ages 28 to 43) constituted 29% of the total and Gen X (ages 44 to 59) represented 28%. Baby Boomers (ages 60 to 78) constituted 25% of the total. At the other end of the spectrum, Gen Z (ages 18 to 27) comprised 16% of the total and the Silent Generation (ages 79 and over) comprised a negligible 1.5%. The 2024 survey report presents responses by country, and also charts many responses by generation as well. Following are a handful of results from the most recent survey, including comparisons to the previous year where of interest.

Constant Connection to the Internet

Across the board, more than half of users (53%) claim they are “always connected” to the Internet, meaning their devices are never turned off. Another 38% go online a few times a day. Only 9% connect less than once a day, an increase of 2% from 2023.

Not surprisingly, the two younger generations lead in online connectivity, with 65% of Gen Z and 64% of Millennials reporting being always connected. (Gen Z’s “always on” status decreased by 4% compared to last year.)  Chart - 2024 Frequency of Internet Use

By country, India leads the “always on” parade at 71%, followed distantly by the UK and New Zealand at 56% each, Australia at 55%, and the U.S. at 53%. Canada and Germany trail at 45% and 33% respectively although, depending on one’s perspective, perhaps Germany—with only one third of Internet users always connected—is actually ahead of the rest of us.

Extent of Engagement, as Measured by Online Accounts

The frequency of our online connectivity is related in part to the types of activities we perform online. Asked about the number of online accounts they have, one quarter of users (27%) have one to four accounts, down four points from 31% in 2023. Another 21% have five to nine accounts and one third of all users (33%) reported having ten or more accounts, both up a point from 2023. Finally, 19% admit they have lost track of how many online accounts they have, which is up notably from 15% in 2023.

Viewed generationally, younger users are more likely to have multiple online accounts, with 38% of Gen Z and 36% of Millennials having ten or more accounts, compared to 23% of older generations.

More Users Trust Device Security Than Last Year

The 2024 cybersecurity survey indicates that 43% of all Internet users believe their devices are automatically secure. This is a substantial increase from the 33% who held that belief in 2023—quite possibly influenced by results from India, which is new to the survey in 2024.

Chart - 2024 Belief that Devices are Automatically SecureA stunning 61% of users in India believe their devices are automatically secure, as compared to just 35% of users in Germany at the other end of the spectrum.

In researching devices and operating systems for further insight, research data indicates the vast majority of desktop and laptop users favor Windows, while a similar percentage favor Android for their mobile devices.

Specifically, among desktop and laptop device operating systems, Microsoft Windows dominates the landscape with a 71% usage share compared to Apple's macOS at 15%, according to Wikipedia. Among mobile devices, Android “maintained its position as the leading mobile operating system worldwide in the second quarter of 2024” with a market share of 72%, compared to Apple's iOS at 28%, according to data compiled by Statista. This suggests that Windows may be the most trusted computer operating system and Android the most trusted mobile operating system among users globally.

(In Germany, where the fewest users believe their devices are automatically secure, Android leads market share at 45%, with Windows at 27%, and iOS at 18%, according to StatCounter, while in India Android holds a 97% share of the mobile operating system market.

Cybersecurity Training Improves Security Behaviors

Across all seven countries, the 2024 cybersecurity survey indicates that nearly 75% of users are now required to participate in cybersecurity training every year or even more often. (50% must receive annual training and another 25% report that more frequent training is mandatory.) Nearly 18% receive training at regular intervals as well as after the occurrence of a security incident.

Three formats are most popular among trainees, with 46% of users preferring video training that is accessible on demand, while a distant 37% prefer online courses held periodically and 35% prefer written materials. Cybersecurity training professionals will also be reassured to learn that the vast majority of users (83%) who obtained cybersecurity training in their workplace or educational institution found it useful, especially in terms of improving their behaviors related to detecting phishing schemes and the use of MFA and passwords.

Specifically, four security behaviors reflected improvement from 2023 to 2024, including:

  • Across the board, 52% of users noted an improved ability to recognize phishing messages and report them, as compared to 50% in 2023.
  • In the most notable improvement, 45% began to use multifactor authentication (MFA) as a result of their cybersecurity training, an increase of 11% from 2023. Chart - 2024 Frequency of Required Cybersecurity Training
  • 41% began using strong passwords and separate passwords for different accounts, up 4% from 2023.
  • 37% began using a password management tool, up 5% from 2023.

Conversely, the number of users who began installing software updates on a regular basis dropped to 35% in 2024 (a 9% decline), and those who began backing up their data dropped to 26% in 2024, a 10% decline. Whether these trends are the result of more employers, including educational institutions, taking responsibility for software updates and data backups is currently unknown.

The facts remain that (1) cybersecurity training does produce more effective security behaviors among many users, and (2) regular cybersecurity training has become a best practice among many organizations throughout the U.S. and globally.

Two Thirds Now Use Multifactor Authentication

Over the past few years, an increasing number of employers and ecommerce websites have begun to require multifactor authentication by users. This requirement, and the promotion around it, have strongly influenced the widespread adoption of this cybersecurity tool. Across all seven surveyed countries, two thirds of Internet users (66%) know how to use MFA and use it regularly, ranging from a high of nearly three quarters in Australia (74%) to well over half in Germany (58%).

Chart - 2024 Use of Multifactor AuthenticationOf 13 different authentication methods presented in the survey, the use of passwords or passphrases was considered fundamental by 79% of users.

Supplementing passwords, the use of PINs was most common, at 60%. Codes from text messages (57%), codes from emails (50%), fingerprints (37%), and facial recognition (31%) were also popular options. The least common methods for MFA were security tokens (5%), smart cards (4%), and USB devices (3%).

As for which multifactor authentication methods were felt to be the most convenient, more than half of users preferred receiving a code via text message (54%). Receiving codes via email was considered convenient by 19% of users, while getting codes via phone call or authentication app was preferred by 8% in each case.

Users Concerned About Risks of Artificial Intelligence

The use of Artificial Intelligence (AI) is becoming more evident in certain online applications, such as chat apps, online Help, and AI-powered digital assistants for sales and customer support, as common examples. Delving into the AI topic for the first time, the 2024 cybersecurity survey revealed these insights, among others:

  • Overall, about one quarter of Internet users (27%) report using AI tools at work. Use of AI in the workplace was led by Gen Z at 49%, followed by Millennials at 39%, and Gen X workers at 24%. Only 6% of Baby Boomers use AI tools at work.
  • Among respondents using AI tools, ChatGPT is the most popular at 65%, distantly trailed by Google Gemini (formerly Bard) at 30% and Microsoft Copilot at 19%.
  • Among those using AI tools at work, 38% report having shared sensitive work information without their employer’s knowledge, with Gen Z and Millennial users leading at 46% and 43% respectively.
  • A stunning two thirds of AI users (66%) are concerned about the impact of AI applications on cybercrime. One specific concern is that AI-powered phishing messages may be more sophisticated than human-generated messaging, and therefore more difficult to detect and thwart.

Cybersecurity training has not yet caught up with the increasing use of AI-powered tools and applications. More than half of AI users (55%) report having received no training on the security and privacy risks associated with their use of Artificial Intelligence. With the passage of a year, it will be interesting to see if the needle moves, and in which direction, in the 2025 survey.

Summary

Many other survey responses and data charts are featured in the 2024 cybersecurity survey report. As future surveys are published, we look forward to witnessing the continuing evolution of user cybersecurity behaviors and attitudes toward online risks.

Cybersecurity training produces more effective security behaviors among many users, and regular cybersecurity training has become a best practice in organizations throughout the U.S. and globally. Training has improved adoption rates for multifactor authentication and the use of strong and unique passwords and has also elevated user ability to recognize phishing emails and texts and report them. Even without training, Internet users are concerned about the risks associated with the use of Artificial Intelligence in phishing schemes and other cybercrimes.

 Learn More About Cybersecurity Best Practices

 

Rema Deo
Rema Deo

As CEO and Managing Director of 24By7Security, Inc., Rema is a highly experienced and credentialed information security professional. Among her certifications are PCI Qualified Security Assessor (QSA) from PCI SSC, Health Care Information Security & Privacy Practitioner (HCISPP) from (ISC)2, Certified Information Security Manager (CISM), and Certified Information Security Auditor (CISA) from ISACA. She also holds a certificate in Cybersecurity: Technology, Application, and Policy from the Massachusetts Institute of Technology, and Certified Data Privacy Practitioner (CDPP) from Network Intelligence. She earned her MBA from Symbiosis Institute of Business Management in Pune, India, and her Bachelor of Commerce degree from the University of Bombay. Be sure to follow the 24By7Security Blog for valuable insights from Rema and her colleagues.

Related posts

October, 29 2024
August, 6 2024
January, 2 2024

Comments are closed.

HIPAA Security Rule Compliance Urged by OCR
Six Reasons for a New Security Risk Assessment
Subscribe to our Blog!