Online security is shaped by the everyday choices individuals make regarding their devices and accounts. From how they create passwords to how often they reuse them, personal decisions play a significant role in protecting personal data. The National Cybersecurity Alliance, in collaboration with CybSafe, has released “Oh, Behave! The Cybersecurity Attitudes and Behaviors Report: 2021 2025,” which examines these trends over a five-year period, based on feedback from over 24,000 adults. This report highlights how attitudes and behaviors surrounding cybersecurity have evolved over time.
“Five years of data tell a very different story than a single year ever could,” stated Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “While people have a better understanding of cybersecurity risks than they did five years ago, maintaining behaviors that actually reduce risk is becoming increasingly challenging. As an industry, we need to better connect the risks that people are aware of to the specific actions that can protect them. This research illuminates the disconnect and how we can better encourage secure habits in everyday life.”
Growing Awareness of Personal Responsibility
Over the years, belief in the importance of personal cybersecurity has grown significantly. A greater number of individuals now agree that it is worth the effort to stay secure online. Many respondents perceive security as attainable and feel it is within their control. This shift reflects a population that considers digital protection a fundamental part of their daily responsibilities.
Furthermore, expectations of technology providers have risen. A growing number of respondents believe that apps and platforms should actively work to protect user information. Responsibility for cybersecurity is increasingly viewed as a shared commitment between individuals and service providers, highlighting the interconnected nature of digital systems where data moves across various services and devices.
Alongside this growing awareness, reports of confusion and feelings of being overwhelmed have also increased. Many respondents cite perceived costs as a significant barrier to effective cybersecurity. The survey noted a rise in "security fatalism," where individuals feel their efforts are futile because their data is already online. The findings illustrate a paradox: while confidence in the value of security is on the rise, so too are feelings of strain and uncertainty.
Password Practices Show Mixed Results
During the survey period, there has been a noticeable increase in the length of passwords used. Longer passwords are now more common than in previous years, while mid-length passwords remain widely utilized. However, shorter passwords still account for a portion of responses.
Password construction habits have also shown consistency. The use of personal information in passwords has risen, and many still rely on single dictionary words with character substitutions. This suggests that while password length and structure are evolving, they do so independently.
The consistency of using unique passwords for important accounts varies. More respondents now report using unique credentials consistently compared to earlier years, while some indicate they utilize unique passwords only half of the time. The survey also identifies a group of respondents who rarely or never make use of unique passwords.
Among those who seldom or never use unique passwords, the primary reason cited is the difficulty of remembering multiple credentials. Some individuals reserve unique passwords for accounts they deem higher risk. This suggests that memory demands and prioritization significantly influence how people manage their credentials across different accounts.
These trends indicate an awareness of recommended security practices, but actual implementation varies among individuals and account types.
Increasing Connectivity and Account Management
Internet usage has intensified during the survey period, with a larger number of respondents describing themselves as always connected. Online interactions are now an integral part of work, communication, commerce, and entertainment.
The distribution of online accounts has also shifted in recent years. The percentage of respondents reporting a very high number of online accounts has decreased, as has the share managing double-digit account counts. Most individuals now maintain a smaller cluster of active accounts.
These changes reflect ongoing adjustments in how people organize their digital lives. The survey captures these evolving patterns of connectivity and account volume without assigning specific causes, providing insight into how everyday usage is changing.
Cybercrime Victimization on the Rise
The broader context of these behaviors includes a worrying trend of increased exposure to cybercrime. By 2025, rates of cybercrime victimization reached 44%, marking the highest level recorded in the five-year dataset.
This statistic reflects respondents who reported experiencing some form of cybercrime during the study period. The rise in victimization coincides with increased confidence in the value of security, as well as growing feelings of confusion and overwhelm among individuals.
While the survey does not directly link victimization to specific behaviors, it documents the prevalence of cybercrime experiences alongside patterns in daily security practices. These insights offer a snapshot of the conditions under which individuals make their security decisions.
