Pew released a study exploring how Americans view cybersecurity. The organization focused on a few key factors: How many people have been affected by data breaches, how do they attempt to defend themselves, and how much does the typical American worry about encryption and other protections?
One Nation, Under Attack
The study found that 64% of Americans have been affected by some kind of data breach. Roughly 41% have seen fraudulent charges on their credit cards; 35% were notified that sensitive information has been compromised; 16% have lost control of their email accounts; and 13% have had their social media accounts taken. Others have been told their Social Security numbers were compromised or that someone tried to steal their identities.
These figures show that many attacks or breaches aren't just hypothetical problems. There are real people who pay the price when a new batch of stolen credit cards, leaked passwords, or Social Security numbers are published online. Besides the obvious concerns about their private data and financial health, this truth has also eroded many people's trust in the organizations that hold this information, whether that's the government or tech companies.
Indefensible
There are many ways for people to defend themselves if they don't trust others to do it for them. They could use secure communications tools, learn how to anonymize their web browsing, and limit what they share with tech companies. This isn't always easy--better protection often results in less convenience--but it shouldn't be nearly as daunting as it was a few years ago. So if people know they're at risk, they'll beef up their security, right?
Wrong. Pew found that roughly half of Americans don't take basic precautions. Some 54% of respondents use insecure Wi-Fi networks; 41% share their passwords with other people; 28% don't use screen locks to protect their smartphones; and 10% never update their operating system or mobile apps. People also use passwords across multiple sites and rely on simple, easily remembered passwords instead of more complicated (and secure) ones.
But all is not lost. Pew said that "majorities indicate that they do in fact take recommended steps such as utilizing different passwords from site to site or placing a security feature on their smartphones," and that 52% of respondents use two-factor authentication on at least some of their accounts. This led the research organization to describe the "way that users treat and manage their online passwords and their overall digital security" as "mixed at best."
With Disinterest And Split Opinions From All
That split isn't restricted to how people defend themselves. They also can't agree on the encryption debate: 46% told Pew they want the government to be able to access "secure" communications while investigating crimes, and 44% said tech companies should be able to use encryption tools that even law enforcement can't access. (The remainder is comprised of people who don't know how they feel about the issue or think it depends on other factors.)
Pew said Americans are also split on how much they're actually concerned about cybersecurity. That applies both to personal security--69% of adults said they don't care about the security of their passwords--and to matters of national security. People expect attacks on U.S. infrastructure (70%) or financial systems (66%) but also think the government can handle attacks on its agencies (69%) or critical infrastructure (62%) if they're attacked.
Another 61% think businesses could defend themselves. So even though many people don't think tech companies can protect their personal data, they think that businesses can keep their systems safe. At least they did--Pew said it's "worth noting that this survey was fielded prior to the revelations of some more recent, high-profile data breaches, including the hacking of the DNC email system and the breach of email accounts of Yahoo customers."
All this adds up to a jumbled mess. People know cybersecurity is a problem, because enough of them have been affected by hacks or cyber crimes, yet they don't take basic precautions. They don't think organizations can defend their personal data but also think they'd be able to handle attacks on critical infrastructure. And the encryption debate remains a virtual tie even as secure tools become more popular and easy to use. America, it seems, is divided.