Over and over again, we are bombarded with news about data breaches, ransomware attacks, and social media scams. It’s easy to assume that online security is a top-of-mind concern for everyone. But do people actually care, or is it just something about which one pays lip service until a personal crisis hits?

The answer, as with most things, is “it depends.”

The Evidence for Caring:

On the surface, there is plenty of evidence to suggest people do care about their online safety:

• Password Managers are on the Rise: More and more individuals are adopting password managers, recognizing the danger of using the same weak password across multiple accounts Though even mega password storer LastPass has been hacked and breached.
• Increased Awareness of Phishing: While still prevalent, general awareness of phishing scams has grown. People are becoming more cautious about suspicious emails and links.
• Demand for Privacy Features: The popularity of privacy-focused browsers, VPNs, and encrypted messaging apps indicates a desire for greater control over personal data.
• Outrage After Data Breaches: When large-scale data breaches occur, they often spark public outcry and demands for better security measures from companies.
• Security Questions and Two-Factor Authentication: Many willingly set up security questions and enable two-factor authentication, even if it adds a slight layer of inconvenience.

The Evidence for Not Caring:

However, scratch beneath the surface, and a different picture emerges. People are inherently lazy, there may be outrage when a data breach occurs, but will people actually take action.

• Blindly believing that Bigger must be Better:  People will automatically trust Google, Apple, Bank of America, etc to keep their data safe.  However, all these systems have shown vulnerabilities. 
• Password Reuse is Still Rampant: Despite the warnings, a significant portion of the population still uses weak and reused passwords, making them easy targets for hackers.
• Clicking Without Thinking: How many times have you (or someone you know) clicked on a questionable link in an email or social media post without hesitation? Convenience often trumps caution.
• Ignoring Software Updates: Security updates are crucial for patching vulnerabilities, yet many people delay or completely ignore them, leaving their devices exposed.
• Oversharing on Social Media: The willingness to share vast amounts of personal information on social media platforms, often publicly, contradicts a deep concern for privacy.
• The “It Won’t Happen to Me” Mentality: There’s a pervasive belief that cyberattacks and data breaches are something that happens to other people, not themselves. This complacency can lead to risky online behavior.
• Prioritizing Convenience Over Security: Often, users will choose the easiest and fastest option online, even if it compromises their security. Think about using public Wi-Fi without a VPN or skipping complex password requirements.

The Underlying Reasons for the Disconnect:

So why the discrepancy between stated concern and actual behavior? Several factors contribute:

• Complexity: Online security can feel overwhelming and technical for the average user. Understanding encryption, malware, and different types of attacks can be daunting. And yes, it may take a few minutes to really understand how a company or software is or is not set-up for security.
• Inconvenience: Implementing strong security measures often adds friction to online activities. Strong passwords, multi-factor authentication, and regular updates can feel like a hassle.
• Lack of Immediate Consequences: The impact of poor online security is not always immediately apparent. It is easy to feel safe until a breach actually occurs. And when a breach occurs, what are the ultimate consequences to the company, that a user was utilizing, likely very little to none.
• Trust in Platforms: Many people place a significant amount of trust in the security measures of the websites and apps they use, sometimes mistakenly.
• The “Privacy Paradox”: People express concerns about privacy but then readily share personal information for perceived benefits or social engagement.