Consumer views toward privacy and security.
A few charts and graphs would have helped. Also, the ROI on this seems to be connected to referrals to various data protection services? Kinda odd. It’s not clear why U.S. News would invest in this research.
Americans are increasingly aware of the dangers lurking online and worry about the risks of data breaches, cyber attacks, ransomware, and more. The fears are well-founded. Already in the first months of 2024, a rash of data breaches has exposed potentially sensitive information of millions of people. One report found more than 2,000 incidents in the first four months of the year affecting some 5 billion records. Meanwhile, phishing attacks are unrelenting and taking new forms after a 58% jump in 2023.
A recent U.S. News survey of 2,000 adults highlighted these worries. It found 82 percent were concerned about the overall security of their personal data online, although relatively few are taking steps to protect their information.
This report summarizes the survey findings to understand public attitudes and behaviors regarding American consumer digital privacy matters. This report also explores public awareness and practices related to online security measures.
Password Management Practices
We’re all looking for answers to improving online security, but one factor we can control is better password management, which makes it harder for cybercriminals to steal our credentials. Our survey found mixed results on this front, suggesting people can do more to protect their accounts.
Three in five respondents (42%) use multi-factor authentication, seen by experts as a good way to protect online accounts, and just over half (53%) use security questions to verify their identity. Only one in six (17%) said they use a password manager app or software that creates hard-to-break passwords, and 27% said they used biometric authentication such as facial recognition or fingerprint.
One in four said they accessed their accounts only from trusted devices, another method to help safety. And five percent said they used no security measures at all for their accounts.
Are people aware of what makes a good password? (Hint: experts say it should be difficult to guess and contain different kinds of characters). In our survey, 89% said they were confident in their ability to create secure passwords, while 11% said they did not feel confident.
Some respondents (22%) said they change their passwords regularly, at least every three months, and 40% said they made changes occasionally, or every six months to a year, as part of their security measures, while 5% said they never changed passwords, which could increase the risk of identity theft.
Social Media Privacy Practices & Concerns
Social media has become an important vector for cybercriminals because of the amount of personal information shared. Here too, our survey shows respondents are aware of the risks without always taking recommended precautions.
About 63% of respondents feel comfortable with the amount of personal information they share on social media, while 37% do not feel comfortable.
More than half of respondents – 55% – said they rarely or never create separate user names and credentials for new accounts, instead using the same ones across different platforms and giving malicious actors an easier way to track them. About one in three said they sometimes create new user names and passwords, and 10% said they always take this precaution with new accounts.
About 40% of respondents said they encountered scams or suspicious activity on social media accounts such as fake accounts or impersonation attempts; 36% said they had not, and 18% were unsure.
While platforms often allow users to adjust privacy settings, just 22% of respondents in our survey said they often did this, with 41% making adjustments “sometimes,” 26% “rarely,” and 11% doing nothing.
Still, nearly two-thirds of our respondents said they were comfortable with the amount of personal information shared on social media, with the remainder not comfortable about their data.
Nonetheless, users are strongly in favor of transparency: 92% said it was important for social platforms to be clear about how they use personal data, with just 8% saying this is unimportant.
Awareness of Phishing Attempts
Amid a surge in phishing attacks, internet users are aware of this type of malicious activity, which can trick people into giving up credentials or other sensitive information.
Nearly three-fourths – 72% – of respondents in our survey said they had received a suspicious email that appeared to be an attempt to trick them into revealing personal information.
Not all internet users are actively watching for phishing. Among our respondents, 39% said they rely on security software alerts to stay informed about risks. One in three relied on online news stories, and 28% said they depend on TV or radio news or social media to stay informed.
But 20% said they did not try to stay informed about phishing threats, which have been evolving beyond simple emails to SMS, link manipulation, cloning of content, and other techniques.
Data Breach Response
The rash of online data breaches has captured the attention of internet users, and a large majority are taking steps, or are willing to do so when they find out their personal data has been compromised, our survey found.
More than three in five respondents (62%) said they would change passwords for all their online accounts if they found out their personal information was affected by a data breach. A similar number (60%) would monitor credit reports in these circumstances. A smaller percentage (38%) would change passwords for some of their accounts if they learned of a breach. And one-third (34%) said they would contact the breached company. Just 4% said they would do nothing if they discovered their data was compromised in a breach.
Our respondents were roughly split on the question of paying for a service to monitor for data breaches and manage online security; about 48% said they would be willing to pay for such a service, while 52% would not.
Public Wi-Fi Usage
Public Wi-Fi networks, popular places to connect at airports, coffee shops and elsewhere, can be a security risk, although it depends on whether these networks use encryption to prevent snooping by malicious actors.
You can ensure better security by using your own virtual private network (VPN) that adds a layer of protection when using Wi-Fi systems, and some people take these precautions. Our survey found 37% of respondents used a VPN at least some of the time when connected to public Wi-Fi, while 63% said they did not.
Data Privacy Regulation
The U.S. has a patchwork of privacy laws that protect health data, children, financial transactions, and other things while lacking an overall regulation of data usage such as Europe’s GDPR. Some states have enacted privacy laws, but Americans feel the federal government should do more.
In our survey, 84% of respondents said the federal government should implement stricter data privacy laws, and just 16% said it should not. Congress has been deadlocked for years on this question, although a bipartisan effort appeared to be making some headway in 2024.
Survey Takeaways
Our survey found a disconnect between what Americans say about data protection and what they actually do, similar to our 2023 Digital Privacy Survey. For example:
- 89% said they felt confident in their ability to create strong passwords, but only 22% changed their passwords regularly.
- A majority (62%) said they would change all their passwords if they were affected by a data breach, an indication they are aware of risks.
- Yet more than half (55%) said they reuse credentials across social media platforms, suggesting many underestimate the potential for data compromises.
- Even though people are aware of scams on social media, and many are uncomfortable with how platforms use their data, few take steps to adjust their privacy settings. Just 41 percent said they manage these settings “sometimes” and 11 percent not at all.
- Our survey found a gap in knowledge about how to protect against phishing. Nearly three-fourths of respondents had received a phishing email, but just 39 percent used security software to be better informed.
- While a strong majority (82%) are concerned about online security, most don’t use a password manager or VPN.
- Our survey found nearly two-thirds (63%) don’t use VPNs when connecting to public Wi-Fi systems, potentially exposing their personal information.
- About half (48%) said they would be willing to pay for a service to monitor online security.
- At the same time, a wide majority see data security as a task for the federal government, with 84 percent saying they believe Congress should enact stricter privacy laws.
Bottom Line
Most Americans understand the risks faced online from hacking, data breaches, phishing and other malicious actions. However many fail to take actions that can limit those risks. Here are a few steps that can help improve your privacy and online security.
- Take responsibility for your data, recognizing that there's only so much the government and service providers can do. That means creating and maintaining strong passwords, exercising caution when clicking on links, and staying up to date on data breaches.
- Review your privacy settings on social media platforms. While everyone likes to share information, understand how much is revealed to the public or only to close friends.
- Consider paid services to help monitor for breaches, manage passwords and VPNs that add a layer of security, especially on public Wi-Fi networks.
Methodology
We surveyed 2,000 U.S. adults, aged 18 or older, in May 2024, using Pollfish, a third-party platform. The survey included 41% male-identifying respondents and 59% female-identifying individuals. We then weighted the results to reflect the current U.S. population characteristics using Census.gov data from July 2023. The margin of error for this survey is estimated at 3 percentage points at a 95% confidence level.