• Digital Kleptos
  • Posts
  • For The Public, What’s The Cyber Vibe Buzzing In The Background?

For The Public, What’s The Cyber Vibe Buzzing In The Background?

If you’re interested in real trends, not just snapshots in time, this 5-year report is for you.

Author

Anthony Collette
March 03, 2026 • Estimated Reading Time: 9 minutes

Happy Tuesday!

What’s going on in the minds of the public when they think about cybersecurity?

What insights would you get if you asked 25,000 online adults in the United States, the United Kingdom, Canada, Germany, Australia, India, Brazil, and Mexico?

Is awareness rising? Are behaviors keeping pace with awareness? And how would their thinking and attitudes change over the course of 5 years?

Today we’ll explore the results of a five-year research study examining how people’s cybersecurity attitudes, habits, and behaviors change over time. You could say we’re taking the public’s cyber temperature. What’s the cyber “vibe” in the public, and how is it trending?

— Anthony Collette
Founder, Loistava Information Security

It’s always valuable to know what people are thinking.

We now spend a huge portion of our lives online. The media warns the public about hacking, scams and other dangers lurking on the Internet. So what do typical members of the public think about securing their online lives?

What would you find if — for 5 years in a row — you surveyed 25,000 online adults in the United States, the United Kingdom, Canada, Germany, Australia, India, Brazil, and Mexico?

Is cyber awareness rising? Are behaviors keeping pace with awareness? How big is the gap between awareness and action? And how have the public’s thinking and attitudes changed over the course of 5 years?

Five years of data tell a very different story than a single year ever could. People understand cybersecurity risks better than they did five years ago, but the behaviors that actually reduce risk are becoming harder to sustain. As an industry, we need to do a better job connecting the risks people hear about to the specific actions that protect them. This research helps us see where that disconnect exists and how we can better support secure habits in real life.

Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance

So who’s asking?

The National Cybersecurity Alliance (NCA) and the cybersecurity software platform CybSafe joined forces to survey the public each year about their thinking, attitudes, behavior and motivation around staying safe online. From their latest report:

Five years. Five reports.

If there’s one thing we’ve learned from half a decade of tracking how people actually behave online, it’s this: snapshots are useful, but they only tell part of the story. Single-year surveys tell you what people think right now. But trends? Trends tell you where we’re actually heading, and how much nervous sweat it’s reasonable to be producing about the destination.

Now, we’re switching it up. We’ve gone back through five years of data, from 2021 to 2025, to see what’s really changed. Not just the headlines. Not just the percentage jumps. But the patterns that have been vibing in the background the whole time.

The long view reveals what snapshots miss

Here’s what we found when we stopped asking ‘What’s happening?’ and started asking ‘What’s been happening?’

Some things look good. MFA awareness increased. People are creating longer passwords. Cyberbullying reporting rates have increased. You look at those numbers and think, ‘Nice. Gold star for humanity’.

Then you turn the page.

MFA usage has collapsed. The share of people who ‘always’ install updates has dropped. The number of people who consistently check for phishing has decreased. And nearly half now feel so overwhelmed by security information that they’re doing less to protect themselves.

In other words, we’re getting better at knowing and worse at doing. And that gap is stretching like the elastic in a very old pair of sweatpants.

Trends don’t lie (but they do surprise)

The beauty of comparing data is that it shows you what’s sticking and what’s just a one-year wonder. A single year might show a spike in training attendance. Five years show you that access to training has barely budged, and the people who do attend report declining impact.

One year might suggest people trust MFA. Five years reveal they’re actively abandoning it, not because they don’t understand it, but because they’ve decided their passwords are ‘strong enough’.

Trends drag the awkward stuff into the light. Like the fact that time pressure as a barrier to reporting phishing is up, not because people are busier, but because security has slipped into the ‘nice if we have time’ column when the deadlines are looming. Or that security fatalism (believing efforts are pointless) has nearly doubled in three years.

We’re at a crossroads. The data shows people aren’t apathetic, they’re exhausted. They’re not ignorant, they’re overwhelmed. And they’re not careless, they’re making rational trade-offs in an environment that makes secure behavior feel like the hardest option.

So buckle up. This report is big, sprawling, and occasionally uncomfortable. You’ll see where we’ve made progress, where we’ve stalled, and where we’re quietly sliding backward on a wobbly office chair. You’ll see why awareness campaigns aren’t enough, why training keeps bouncing off busy brains, and why motivation, not knowledge, is now the biggest barrier to security action.” (emphasis added)

We here at Digital Kleptos™ have thought for quite a while that motivation was often missing from cybersecurity communications to the public. It’s helpful to remember that we’re dealing with masses of consumers who have been conditioned to respond by decades of marketing messages. In the background, they’re wondering: If I do this cybersecurity task, how will my life be better? Is this a waste of time? If I do this, how do I get to celebrate the accomplishment? Is it just another tedious chore? Considerations like these recognize that we’re dealing with humans, just as they are and not as we’d like them to be.

Key Findings

Awareness is rising, but behaviors have not kept up

  • Awareness of multi-factor authentication (MFA) rose from 52% in 2021 to 77% in 2025

  • Yet, regular MFA use fell to just 53% after peaking in 2022

Human constraints are the primary barrier

  • Worry about cybercrime has climbed from 57% of respondents in 2022 to 68% in 2025

  • 31% of participants now believe losing money online is unavoidable, up from 25% in 2022

Cybercrime is becoming normalized

  • In 2025, phishing accounted for 40% of reported incidents

  • Online dating scams rose from 22% of incidents in 2022 to 29% in 2025

  • Cyberbullying affected 23% of respondents in 2025, up from 13% in 2022

For the public, what’s the vibe constantly buzzing in the background?

Exhaustion. The authors of this report make clear that this pattern of exhaustion aligns with what they see in research on security fatigue and learned helplessness. When people take protective steps again and again without tangible results or feedback, their motivation fades, even if they started out skilled and committed.

The findings paint a sobering picture: the problem isn’t that people don’t understand cybersecurity’s importance, but that the complexity, cost, and cognitive burden of today’s security environment are driving them toward apathy despite positive intentions.

For organizations — effective solutions need to address these three components:

  • Building capability through accessible education and intuitive tools,

  • Creating opportunity by reducing time and resource barriers, and

  • Strengthening motivation by showing visible impact and rebuilding trust in security processes.

For individuals — there’s usually less outward signs of visible impact, since creating Modern Passwords, using a Password Manager or implementing Multi-factor Authentication (MFA) isn’t obvious to the people around you. External validation isn’t as likely, so it’s more effective to begin with a reward in mind. As you achieve each level of The Basics, find a way to reward yourself for a job well done. Each cybersecurity accomplishment is a real win.

There are no guarantees in life. But fortunately, you can massively stack the deck in your favor by intelligently adding cybersecurity basics to your online experience.

Then pop a cork! Celebrate what you’ve accomplished!

If you’re interested in trends, not just snapshots in time, and some possible solutions, visit this National Cybersecurity Alliance (NCA) Press Release and download their 5-year report.

Join us

Weekly resources to help keep you safer online — protecting you from hackers, online scammers, and other Digital Kleptomaniacs™.

No spam. No selling your email. Just factual, actionable information once a week, from people who truly care about online security.  You can unsubscribe any time — but we hope you’ll want to stay with us on this journey.

Cybersecurity is a modern form of wealth, and you deserve to keep what you've earned.

Looking forward to connecting again next week.

— Anthony Collette

Digital Kleptos™

Reply

or to participate.