The State of Cybersecurity Awareness in 2023 and What to Do About It

Post Date: 10/31/2023
feature image

With the developments in our digital landscape today, the majority of people and companies now rely on online accounts and platforms to do transactions, share files, communicate, and operate their businesses.

According to the National Cybersecurity Alliance’s (NCA) Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023, an overwhelming 93% are now connected to the internet daily, a 5-point increase from last year. This also explains why people now have numerous accounts online. Picture this: 15% of people have at least 20 online accounts, and 15% have already lost track of the number.

However, more online presence can also mean more opportunities for cybercriminals to launch cybersecurity attacks. In line with Cybersecurity Awareness Month, we’ll delve into current online security trends and practices so you can better adapt to the evolving digital landscape and prepare against cybersecurity threats.

How Secure Are People’s Online Practices Today?

The NCA’s cybersecurity report revealed that 69% think staying secure online is worth the effort.

Ironically, respondents fail to meet the standards for one of the most basic online security practices: creating strong passwords.

For example, 34% of respondents use a single dictionary word or someone’s name for their passwords, only adding a few numbers or symbols. How do people remember their passwords? Nearly a third (31%) still write passwords in a notebook, while 24% remember their passwords without recording them anywhere. And then there’s the 3% who reset their password each time they log in.

People also lack knowledge of multi-factor authentication (MFA).

MFA provides an added layer of protection for people’s online accounts, but 32% of large enterprises and 62% of small and medium-sized businesses still do not use it.

In addition, 33% presume that devices are automatically safe. Because of that, not all make the necessary efforts to secure their devices.

For example, when it comes to installing software updates, 60% would either do it “very often” or “always,” but 36% would only do it “rarely” or “sometimes.” The remaining 4% “never” update their software.

Image source: Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023

Effects of the Current State of Cybersecurity Awareness

Cybercrime remains rampant, and 27% have fallen victim to at least one cybercrime. Of those victimized by cybercrime incidents, 47% experienced phishing attacks. Some 27% were through online dating scams, and 26% through identity theft attacks.

The good thing is that over 80% of cybercrime victims report the incident to authorities. This is a significant improvement from 2022, when less than 50% reported cybercrime incidents.

Image source: Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023

People’s inability to identify signs of cybersecurity threats contributes to these cybercrime incidents. For example, 18% don’t know how to identify phishing scams, and 8% don’t know what phishing scams are.

Skipping software updates is another factor. Forty-four percent of respondents do not do it because they don’t know how to take action, while 43% do not have enough confidence in their ability to update devices.

Finally, nearly a quarter (25%) of respondents lack knowledge in backing up data, with some asking, “What do you mean by ‘backups’?”.

Cybersecurity Training, Anyone?

Unsound practices among respondents of the cybersecurity report point to the obvious: lack of cybersecurity training. The report revealed that 64% had no access to cybersecurity training. And among the working class, 53% do not have access.

Image source: Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023

Of those who have mandatory training, 55% completed it once a year, a 13% improvement from 2022. Only around 26% take training more than once a year. And alarmingly, 19% of respondents only undergo training when something goes wrong.

Despite that, not everyone thinks they need cybersecurity training. Some people had access to cybersecurity training but opted not to take it. Why? Twenty-nine percent said they lacked the time, while 11% said cybersecurity is not important to them.

Image source: Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023

Conversely, those who took cybersecurity training learned about the most important cybersecurity practices, such as identifying phishing messages, using MFA and strong passwords, and installing software updates.

Image source: Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2023

Take Action Towards Cybersecurity Awareness

In conclusion, the NCA’s cybersecurity report sheds light on the state of cybersecurity awareness and practices among the general population.

While the majority of respondents believe that staying secure online is worth the effort, many fail to meet basic standards for creating strong passwords and lack knowledge of multi-factor authentication. This, coupled with people’s inability to identify signs of cybersecurity threats, contributes to the high incidence of cybercrime, with phishing attacks being the most common. The report highlights the urgent need for cybersecurity training, as more than half of the respondents do not have access to it.

While progress has been made in terms of reporting cybercrime incidents to authorities, there is still much work to be done to improve cybersecurity practices and reduce the risk of falling victim to cybercrime.

Be proactive against cybersecurity attacks today. Check out our infographic to get started.


Phoebe Magdirila is a Senior Content Marketing Specialist at AvePoint, covering SaaS management, backup, and governance. With a decade of technology journalism experience, Phoebe creates content to help businesses accelerate and manage their SaaS journey.

View all post by Phoebe Jennelyn Magdirila

Subscribe to our blog