In cybersecurity there are certain topics everyone will talk about until the cows come home (looking at you, GenAI)… and then there are those elephants in the room. Those big, pervasive issues that *somehow* go under-discussed, if they come up at all.
It’s time to talk about one such elephant: Security frustration.
Our latest eye-opening Oh, Behave! report shone a light on a worrying trend. People feel increasingly worn out by the constant pressure to stay secure. Of being bombarded with endless password changes, relentless software updates, and a never-ending stream of security alerts.
Indulge us in a quick sidebar for a sec so we can get you up to speed. Oh, Behave! is an annual report produced by CybSafe and the National Cybersecurity Alliance (NCA). It offers a global snapshot of cybersecurity attitudes and behaviors. It’s now in its fourth year, and just keeps getting more impressive, like a fine wine. Or Beyoncé.
Indulge us in a quick sidebar for a sec so we can get you up to speed. Oh, Behave! is an annual report produced by CybSafe and the National Cybersecurity Alliance (NCA). It offers a global snapshot of cybersecurity attitudes and behaviors. It’s now in its fourth year, and just keeps getting more impressive, like a fine wine. Or Beyoncé.
Anyway, as we were saying, security frustration is widespread, and it’s fundamentally shaping how people engage with cybersecurity. Lucky for you, this blog explores security frustration’s effects and potential solutions you can take to your organization.
Confidence in online security is falling, especially among younger users
Despite the security sector’s best efforts to raise awareness and bolster security practices, an unsettling trend is emerging.
While many still value online safety, the percentage of people who believe staying secure is worth the effort is dropping fast. Latest data from the Oh, Behave! report paints a stark picture: only 60% of participants now think it’s worth the hassle to stay safe online, down 9% from last year.
60%
of participants now think it’s worth the hassle to stay safe online
53%
believe it’s possible to stay secure online
Even more concerning is the drop in those who believe it’s possible to stay secure at all—just 53%, a 5% drop. This drop is particularly pronounced among younger generations (i.e., “The workforce”), who are quickly becoming the most disillusioned.
No matter the situation, when you start to feel like your efforts are pointless, you disengage entirely. It’s a natural, human response. In security, that looks like ignoring critical updates, skipping over the fine print, taking more risks, and clicking on the suspicious link to make the notification go away.
People expect organizations to handle security, not individuals
The data make it clear there’s increasing pushback against the idea of security being “everyone’s responsibility”. While people recognize they need to behave safely online, they reject the idea they need to shoulder the burden of creating secure environments, or navigating complex (complex to them, not you) security protocols on their own.
People are, it seems, increasingly looking to organizations and tech providers to take the wheel…and really, who can blame them? Much like the climate crisis, the scale and complexity of today’s cybersecurity landscape demands more than just individual effort.
This is probably why the concept of security as a service has been gathering speed of late. This is especially true in the workplace, where people are leaning heavily on IT departments to safeguard their data and devices.
It’s not that they don’t care about security. They just feel it’s too complicated for them to handle on their own. 72% of people say they find cybersecurity advice confusing, yet 70% of people feel that being safe online is still achievable.
Security frustration leads to careless online behavior
Here’s where things go from concerning to downright risky. When people are frustrated with cybersecurity, they’re more likely to take shortcuts. And those cut corners can lead to big problems. Skipping updates, reusing passwords, or even ignoring security alerts altogether—this is how frustration takes its toll.
What do the numbers say about frustration? Well, 46% of people said they find it frustrating to stay secure online, and 44% find it intimidating. Both of these numbers are up 7% from last year, indicating the problem is getting worse. And when frustration turns into apathy, it’s not just individuals who suffer—organizations are left more vulnerable to attacks.
Sticking with the numbers for a little longer, a healthy 81% of participants consider online safety a priority—but that’s 3% down from last year. Similarly, we’ve seen a 9% drop in those who believe it’s worth the effort, now at just 60%. Meanwhile, only 53% think staying safe online is possible, down 5% from 2023.
81%
of participants consider online safety a priority
60%
believe it’s worth the effort
53%
think staying safe online is possible
There’s no denying people are incredible. They can do hard things, and frustrating things. People run ultramarathons. People raise quadruplets. People complete PhDs. But imagine trying to do something you didn’t think was a priority, didn’t think was worth the effort, or thought was downright impossible, as well as something you regarded as frustrating and intimidating?
Yep, exactly.
Alright, how do we fix it?
The 7,000+ people we surveyed for Oh, Behave! are real people, and many are part of a workforce. The data suggest many companies across the world are failing to engage people with online safety in a way that makes a positive difference.
This is a huge wake-up call, not least because a sense of disillusionment and apathy is hard to reverse once it sets in. And, dear reader, this call is for you. It’s for our community.
It’s clear the traditional approach isn’t cutting it anymore. There’s no getting off the starting blocks without acknowledging that reality.
People-centric security. The term is thrown around a lot by vendors and practitioners alike. But any strategy that leaves frustration unchecked is not truly people-centric security.
Simplifying security processes, focusing on the intuitive, providing clear guidance, making it personal. That’s where it’s at. The answer isn’t more security (funnier security, better security, more engaging security, etc. etc. yada yada yada). It’s making people feel supported by security, rather than burdened.
Security frustration and fatigue is growing…and it’s fixable
But we won’t fix it by not talking about it. So, it’s a good thing it’s no longer the elephant in the room, it’s a real—and vital—conversation.
So, let’s talk about it. Acknowledge it. Tackle it head-on. Let’s show people how security is something to be engaged with, not endured.
Keep the conversation going. Download full Oh, Behave! Report now to dig deeper into how you can create a safer, more engaged workforce, as well as discover a world of insights into cybersecurity behaviors and attitudes.
