A new global survey found that nearly half of respondents have fallen victim to a cyberattack or scam.
In a poll of 20,000 employed adults from around the world, 45% reported that their personal data, such as banking or email account information, has been compromised by a hacking attempt or scam.
In fact, almost half admitted that they’re reactive to cyber threats, rather than proactively protecting against them, in their personal lives (45%) and at work (44%).
And according to respondents, online scams and phishing attempts have become more sophisticated (72%) and successful (66%) due to artificial intelligence.
ð¡ << Broadcast-ready version of this research story >> ð¡
In time for Cybersecurity Awareness month in October, Yubico commissioned the global survey, with respondents from the United States, United Kingdom, Australia, India, Japan, Poland, Singapore, France, Germany and Sweden, to investigate the global impact of cyber insecurity, both personally and in the corporate realm.
Half of respondents (50%) disclosed that they’ve been exposed to a cyberattack at work in the last year. Of those, not even a quarter (23%) said the company they work for responded by requiring cybersecurity training going forward.
For those whose personal data has been hacked, 20% reported that a cyberattacker successfully hacked one or more of their personal accounts, including bank or email accounts.
Uncovering the layered side effects of successful hacks and scams, 22% lost money as a result and 30% said they have doubts that their personal information will ever be safe again.
And for the 50% of respondents whose personal passwords have been exposed by a hack or data leak, the most common compromised passwords were those securing social media accounts (44%).
So why are these hacking attempts so successful? The research found that 39% believe that simply using a username and password is the most secure way to protect accounts and information.
In fact, it is respondents’ most-used form of account protection.
“While passwords have been the go-to method for logging into accounts and securing information, they’re inherently insecure,” said Derek Hanson, vice president of standards and alliances at Yubico. “People tend to reuse passwords across multiple accounts and use weak passwords, which allows hackers to breach multiple accounts with a single login. Along with that, people are often tricked into sharing their passwords due to the sophistication of today’s phishing attacks. Using a username and password to protect accounts and information is the least secure form of data protection.”
Despite this, for those reporting cyberattacks at work, the most common avenue to “re-secure” information was simply implementing username and password resets for company accounts (30%).
And 20% disclosed that the company they work for only updates their technology and security policies on an “as-needed” basis.
Considering the lack of up-to-date cybersecurity protocols at work, alarmingly, respondents reported the measures in place to protect information at work are stronger than those protecting their personal information (70% vs 63%).
In light of this, it’s no surprise that for respondents around the world, getting hacked on their personal accounts (24%) is the top cybersecurity fear keeping them up at night.
“According to the findings, people feel that their data is safe. However, the results of the survey prove the opposite,” said Hanson “And even worse, many have been successfully hacked and scammed on various platforms. Nearly half of those hacked have had their social media accounts compromised. And while this is significant in itself, it’s especially worrisome considering that social media accounts often contain sensitive data, like credit card information and communication with friends and family. We encourage everyone, both companies and individuals, to reexamine their data protection and adopt more secure measures, like multi-factor authentication whenever possible.”
COMMON COMPROMISED PERSONAL PASSWORDS
ââSocial media account password – 44%A payment app password – 24%Online retailer account password – 21%A messaging app password – 17%Banking app password – 13%Video streaming service password – 12%Insurance account password – 7%Medical patient portal password – 6%
Survey methodology:
Talker Research surveyed 2,000 employed adults from each of the following countries: United States, United Kingdom, Australia, India, Japan, Poland, Singapore, France, Germany and Sweden; the survey was commissioned by Yubico and administered and conducted online by Talker Research between July 22 and Aug 12, 2024.
We are sourcing from a non-probability frame and the two main sources we use are:
Traditional online access panels — where respondents opt-in to take part in online market research for an incentiveProgrammatic — where respondents are online and are given the option to take part in a survey to receive a virtual incentive usually related to the online activity they are engaging in
Those who did not fit the specified sample were terminated from the survey. As the survey is fielded, dynamic online sampling is used, adjusting targeting to achieve the quotas specified as part of the sampling plan.
Regardless of which sources a respondent came from, they were directed to an Online Survey; a link to the questionnaire can be shared upon request. Respondents were awarded points for completing the survey. These points have a small cash-equivalent monetary value.
Cells are only reported on for analysis if they have a minimum of 80 respondents, and statistical significance is calculated at the 95% level. Data is not weighted, but quotas and other parameters are put in place to reach the desired sample.
Interviews are excluded from the final analysis if they failed quality-checking measures. This includes:
Speeders: Respondents who complete the survey in a time that is quicker than one-third of the median length of interview are disqualified as speedersOpen ends: All verbatim responses (full open-ended questions as well as other please specify options) are checked for inappropriate or irrelevant textBots: Captcha is enabled on surveys, which allows the research team to identify and disqualify botsDuplicates: Survey software has “deduping” based on digital fingerprinting, which ensures nobody is allowed to take the survey more than once
It is worth noting that this survey was only available to individuals with internet access, and the results may not be generalizable to those without internet access.