New Report Shows Significant Improvement in Consumer Cyber Hygiene

A report released Tuesday by the Aspen Digital Institute and the nonprofit member-based group Consumer Reports suggests the majority of consumers are taking appropriate actions to improve their cybersecurity, and want the government and companies to do their parts too.

The report did not address why consumers were doing more to improve their cybersecurity. It comes as the government continues to fund an organization called the National Cybersecurity Alliance—with more than half a million dollars annually in recent years—to promote awareness of cybersecurity in October. The NCA, whose board is made up of executives from major corporations, emphasizes the role of individuals in protecting the shared digital ecosystem from cyber threats. 

Consumer Reports conducted the survey in June using a nationally representative sample of 2,103 U.S. adults. The report compared the responses to a 2019 survey also asking respondents about their cybersecurity practices.

One question showed 88% of those surveyed in June were using strong passwords to access their home WiFi networks, compared to 74% in 2019. Another revealed 72% of consumers “set permissions for apps on your smartphone to block access to things like your camera, location or contacts if they aren’t needed for the app to function,” versus 60% in 2019. The biggest change over the last three years—up from 50% in 2019 to 77% in June—was in the number of people who said they had implemented multifactor authentication. 

“MFA is the single biggest step individuals can take to secure their devices and privacy, which is why the administration made it a priority, including requiring it for the federal government as part of the president’s executive order on improving the nation’s cybersecurity,” Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said in the report. “I’m thrilled by this progress, and to know that more Americans are secure today than even a few years ago.”

The new survey shows 75% of respondents were at least somewhat concerned about privacy of personal data collected online. Of those who showed little concern about the issue, 24% said it was because, “there’s nothing I can do about it anyway.” Another 18% of that group said, “I take all of the privacy precautions that I can, so I believe the security and privacy of my personal data is out of my hands.” 

According to the report, when asked “who should be most responsible for protecting the online privacy of Americans,” 32% said companies, 33% said the federal government, and 25% said it was consumers themselves.  

“This isn’t a surprise,” said Harvard Kennedy School fellow and lecturer Bruce Schneier. “Surveys consistently demonstrate that people are concerned about their privacy in the face of both governments and corporations. The reason people don’t often act on those concerns is that they feel powerless. There are often no easy ways people have to protect the privacy of their personal data, nor are there reasonable alternatives to the tech monopolies that make surveillance their business model.”

Marta Tellado, president and CEO of Consumer Reports, added: “Consumers are increasingly vulnerable to cyber threats, and current options to secure their data are often complicated. We must give people the cybersecurity tools to protect themselves and demand action and accountability from industry and government.”

Laurie Locascio, director of the National Institute of Standards and Technology said the survey results, “are a promising sign that government and private sector collaboration to improve security and security awareness is having positive impact.” 

“We will continue the fight to ensure that our nation does not fall victim to collective ambivalence in cyberspace,” Principal Deputy National Cyber Director Kemba Walden said.