Sophos Home Survey: Consumer Cybersecurity Concerns Increase Amidst Pandemic, but Security Practices Fall Short

According to a new Sophos Home survey, “The State of Consumer Home Cybersecurity 2021,” consumers are increasingly concerned about their online security and imminent attacks. Forty-five percent of consumers say they’re more at risk of being hit by an attack now than they were before the pandemic, and 61% believe their household could be the target of an attack in the next year. Despite these concerns, the research findings show that security practices are falling short for many.

“Consumers are largely in the dark about cybersecurity,” said Chester Wisniewski, Sophos principal research scientist. “The findings show that many consumers are woefully uninformed about threats like ransomware, the likelihood and risk of these threats within their homes, and how to protect their families. The data also indicates that a number of consumers think they know more about cybersecurity than they actually do. All of this results in a false sense of security, and while it’s no excuse, it’s no doubt a reason why many consumers are failing to meet the security basics.”

The survey polled 2,500 consumers across all regions of the U.S. Key findings include:

• 91% of consumers are worried about online security threats affecting their household – specifically viruses and malware (60%), identity theft (55%), financial fraud (48%), and ransomware (45%); for parents, the top concern is inappropriate content (39%)
• 45% believe they’re more at risk of being hit by an attack now than they were 12 months ago, before the pandemic
• 18% report that someone in their household suffered from a ransomware attack, nearly half of which occurred in the last year; 29% of which paid the ransom
• 69% believe that working from home introduces new security risks
• 61% believe that they or someone in their household could be the target of an online attack in the next 12 months

“Ransomware has become a household term and an understandable concern for everyday consumers – especially in the wake of the Colonial Pipeline and Kaseya attacks – but the fact of the matter is that ransomware attackers are looking to make a profit and they’re targeting businesses first and foremost,” said Wisniewski. “Consumers aren’t off limits, however. While the risks to consumers are lower than those for well-funded organizations, they’re still very real risks and consumers need to take the necessary steps to protect themselves and their families. They simply can’t afford to overlook basic security practices like backing up data, protecting passwords, and updating and patching devices and applications.”

Online Security Bad Habits

The new research findings shine light on several areas where consumer security practices are lacking, including:

• 20% never backup data to the cloud
• 24% don’t have or use a password manager
• 36% don’t update or patch their operating system and applications when prompted, or check to do so at least weekly
• Just 35% of parents have set up separate user accounts on devices that their children use, and only 44% have user passwords set up at all on these devices
• Only half (50%) of parents have added parental controls on devices that their children use, and only 42% have set up safe browsing or a web content filter

The Silver Lining

The good news is that most households (83%) have a designated “IT boss” who manages security on all devices within their homes; only 10% don’t, according to the research. Additionally, nearly half of consumers say they’re also responsible for managing devices outside of their homes. This number is highest in the Northeast, where a majority (54%) own this responsibility for extended family and friends.

About the Survey

“The State of Consumer Home Cybersecurity 2021” report highlights findings of an independent survey conducted by Vanson Bourne among 2,500 consumers based in the U.S. The survey was conducted in February 2021.