The Latest / Data Security News

How Well do Americans Understand Cybersecurity?

April 20, 2017

Americans’ cybersecurity knowledge and awareness has been put to the test by Pew Research. We talk about the need for organizations to up their cyber security game a lot, but the results would suggest the general public could do with more education on many cybersecurity topics as well.


Put to the test

The survey/quiz by Pew Research took responses from 1,055 American adult internet users covering a wide range of ages and levels of educational achievement. Head here and you can take an online version of the test for yourself. There were 13 multiple choice questions in the initial survey and on average, respondents from the survey correctly answered 5.5 of the questions. The online quiz omits 3 questions.

The respondents were best educated on the topic of passwords, with 75 percent correctly identifying the best and most secure password out of the options provided. The message is generally getting through about the need for strong passwords, although how many actually follow that advice might be a different matter.

Tellingly however, the alternative to passwords that is widely championed by the entire security industry, multi-factor authentication, was the most poorly answered question. Users were provided with four images and had to identify which was an example of multi-factor authentication. Whereas in all the other questions, the correct answer or ‘not sure’ was the most common response, for this question, 71 percent misidentified the example of multi-factor authentication.

Now this doesn’t mean 71 percent of people wouldn’t know how to use multi-factor authentication if presented with it – but it does show that the concept has not been communicated clearly to the general public.

Education and awareness needed

Respondents were knowledgeable that public Wi-Fi is not suitable for sensitive online activities, and they were fairly capable of identifying what a phishing attack was. Understandably, respondents struggled on some of the more technical questions, such as questions on VPNs, botnets and the significance of https.

Across the board, only 1 percent of respondents scored a perfect 13 out of 13 score. Those with a college degree or higher scored stronger than the overall mark, achieving an average of 7 out of 13. Younger people did slightly better on the quiz than older generations too.

It’s clear that much work is needed to be done to better inform the American public about cybersecurity issues. It’s on cyber security organizations like ourselves to do that, but any organization with an online presence and interaction with customers has a role to play as well. And, of course, the Government has a duty of care and responsibility to its citizens as well, its StaySafeOnline initiative is a good start on that front.

And while we can work hard to put systems and processes in place that improve organizational cybersecurity, training, and education; a gradual cultural change in attitude will be needed to improve the state of cybersecurity. Strong cyber security protection and awareness isn’t something for other people – it is something we all need to take seriously because until we do, we will all remain vulnerable to attack.