- 38% of workers share sensitive work information with AI without their employer’s knowledge
- More than half of employed participants have yet to receive any training on safe AI use
- 35% of participants included personal information in their passwords
Boston and London – 26 September 2024 – CybSafe, the human risk management platform, and The National Cybersecurity Alliance (NCA), the leading nonprofit empowering a more secure and interconnected world, today announced the release of Oh, Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2024, supported by SAP and conducted in partnership with CERT-NZ and the Australian Cyber Collaboration Centre.
Polling over 7,000 individuals across the United States, UK, Canada, Germany, Australia, India and New Zealand, the research examines key cybersecurity behaviours, attitudes, and trends ahead of Cybersecurity Awareness Month.
Workers are taking advantage of AI benefits, whether their employer knows or not
While the study reveals some progress, it highlights the concerning workplace trends. 52% of employed participants have yet to receive any training on safe AI use, which, given the increasing reliance on AI in the workplace, emphasises a clear need to address this gap.
This is particularly true considering that 65% of participants expressed concern about AI-related cybercrime, indicating a growing recognition of the threats associated with the technology. For many, however, these threats aren’t sufficient to outweigh the convenience of using Generative AI. 38% of employees admitted to sharing sensitive information without the knowledge of their employer, risking inadvertently leaking confidential information, intellectual property, or customer data.
Traditional cyber threats persist, highlighting gaps in security practices
Despite the rising use of Generative AI in offices worldwide, traditional cybersecurity risks remain the biggest issues facing businesses, such as phishing and ransomware (although even these tactics are becoming increasingly difficult to spot as cybercriminals utilise GenAI).
Workers are more connected than ever, with 53% of participants stating they are always online, yet critical cybersecurity practices are still lagging. A significant 23% of employees skip security awareness training, believing they “already know enough,” while 46% find online safety measures frustrating.
This complacency and lack of engagement is evident in personal password habits, with 35% of participants including sensitive personal information in their passwords. While 81% have heard of Multi-Factor Authentication (MFA), only 66% of those know how to use it and actively implement it.
The rise in cybercrime further emphasises the urgency of this issue, with 35% of participants reporting being victims—a notable 8% increase from 2023. Phishing scams remain the most common type of cyber attack, accounting for 44% of incidents, though this figure has slightly decreased by 3% year-over-year. Younger generations are particularly vulnerable, with 52% of Gen Z and 46% of Millennials reporting losses due to online scams, highlighting a growing need for more robust digital security measures across all age groups.
Oz Alashe MBE, CEO and Founder of CybSafe reacted to the research, saying: “The introduction of AI has created a whole new category of security behaviours for CISOs and business leaders to be concerned with. While the security community is well aware of the threats posed by AI, it’s clear this awareness has not yet translated into consistent security behaviours within the workforce.
“While AI presents new and pressing challenges, the fundamental threats facing organisations remain the same. When it comes to cybersecurity within our workplaces, many of us know what should be done to protect our workplaces from cybercrime. The crucial next step for organisational resilience is turning that awareness into consistent, safe behaviour. People are eager to act responsibly, but it is ultimately up to business leaders to equip them with the necessary tools to succeed.”
To download the full “Oh, Behave! The annual Cybersecurity Attitudes and Behaviors Report 2024,” please visit: https://www.cybsafe.com/whitepapers/cybersecurity-attitudes-and-behaviors-report/
For more information on Cybersecurity Awareness Month, please visit: https://staysafeonline.org/programs/cybersecurity-awareness-month/
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
About CybSafe
CybSafe is the human risk management platform designed to reduce human cyber risk in the modern, remote, and hybrid work environment, by measuring and influencing specific security behaviors.
CybSafe is powered by SebDB—The world’s security behaviors database—and built by the industry’s largest in-house team of psychologists, behavioral scientists, analysts, and security experts. An award-winning, fully scalable, and customizable solution, it’s the smart choice for any organization.
- 91% Reduction in high-risk phishing behavior
- 55% Improvement in security behaviors
- 4x More likely to engage in cybersecurity initiatives
For more information, please visit www.cybsafe.com.
About the National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Week (January); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.