NEW YORK – Americans largely understand the risks of using the internet – identity theft, spam, phishing, loss of personal or financial information, and more. Yet a relatively small percentage are taking steps recommended by experts to protect their data, such as using password managers to set strong passwords or pursuing credit monitoring after a breach. That’s according to our latest consumer research on digital privacy matters in the U.S.

Our latest nationwide survey of Americans came at the close of another year highlighted by major data breaches and other cybersecurity incidents. In the first three quarters of 2023, at least 2,116 data compromises were reported affecting some 66 million people, according to the Identity Theft Resource Center.

The year saw major data breaches at T-Mobile and 23 and Me, a ransomware attack that caused a state of emergency in Oakland, and a Chinese cyberespionage campaign infiltrating the US government. Identity theft and other cyber fraud cases continued to grow, according to the Federal Trade Commission and security experts.

Most U.S. adults have had experiences with data breaches, and many have been notified multiple times about their data being compromised. Our December 2023 research also found Americans are quite aware of phishing, a key factor in identity schemes, and to some extent realize the importance of password security. Understandably, a majority of those surveyed are worried about the potential for a cyber attack on the country. But few say they have insurance against these risks.

 

Graphic A - Digital Privacy Survey

Given the news on cybersecurity – 2023 was another year highlighted by nation-state attacks, ransomware, supply-chain hacks, and major data breaches – it’s no surprise that Americans have concerns about such attacks.

Among our respondents, 65% said they worry about cyber attacks on the U.S. in 2024. About one in five (22%) said they hadn’t given this much thought, and the remaining 13% said they weren’t worried.

Just 6% in our survey said they had purchased personal cyber security insurance such as cyber liability or data breach coverage, which could help pay for IT services and other costs for those who are victimized.

More than one-third (38%) said they don’t have cybersecurity insurance and don’t think they need it. Another 27% had not bought this type of coverage but had considered it.

DIGITAL PRIVACY SURVEY GRAPHIC B

If you were notified about a data breach that may have compromised your data, you’re not alone.

  • More than three in five (61%) said they had at some point learned their personal data had been breached or compromised in at least one account.
  • Nearly half (44%) said they had received multiple notices.
  • 6% said they had been notified of a breach “too many times to count.”

In 2023, 63% of respondents said they had not received notification of a data breach on any of their accounts or did not recall. The remaining 37% said they had received notification that their personal data had been compromised in at least one account.
Unsurprisingly, nearly half (45%) said they believe being a data breach victim is inevitable. 55% said the opposite – they felt it’s possible to avoid being such a victim.

While many organizations provide free credit monitoring in response to a data breach – services that alert users if their data appears in new accounts or on dark web marketplaces – the offers were not always accepted. Among those who reported their personal data had been breached or compromised, 41% signed up for the free credit monitoring offered.

Phishing – which uses messages designed to get people to give up sensitive personal data – is believed to be a major factor in various cybercrimes, potentially gaining passwords for network access or enabling the installation of malicious software. It’s one of the ways cybercriminals can steal information and carry out identity theft, which can lead to long-lasting and calamitous effects.

Our 2023 survey of identity theft victims found many suffered losses and spent considerable time dealing with the impact. In some cases, it took victims more than a month or even more than a year to learn about their identities being stolen.

Our latest survey, however, indicates a large majority of Americans believe they could recognize these attempts – 80% said they felt confident they could recognize a phishing email, with 33% feeling very confident. 20% do not feel confident that they would be able to recognize a phishing email.

At the same time, more than a third of respondents (35%) said they had accidentally clicked on a link in a phishing email, while 42% said they don’t believe they ever have. The rest weren’t sure.

Digital Privacy Survey Graphic C

Most respondents understood the importance of password protection in digital security. However, few take steps recommended by experts to keep these secure.

  • Roughly one in four (27%) of respondents in our survey said they use a password manager to store credentials.
  • 17% said they use the notes app on their phone or a similar digital folder, something experts say is risky, especially if you lose your device.
  • 24% said they use similar passwords they can remember for different accounts, another questionable practice from a security standpoint.
  • A similar percentage (26%) said they keep passwords on paper, which can pose risks if this is not in a secure location.

Security experts say using password managers is a sound strategy to protect credentials. However, not all of the survey respondents agree.
Among our respondents, 48% said they felt confident that a subscription password manager can keep their data safe.

Using a password manager is just one of the steps you can take to protect yourself from identity theft. Other steps include:

  • Being cautious about sharing personal information, and watching for suspicious activity.
  • Monitoring the news for them and changing passwords when appropriate.
  • Using an identity theft protection service, which will check to see if your data is being bought or sold on the dark web and otherwise help prevent (and if needed, recover from) identity theft.
  • Using a virtual private network to keep yourself anonymous online and protect your personal data
  • Using antivirus software to detect malware and phishing attempts.

Report any suspected identity theft to the Federal Trade Commission and local authorities.

1,200 U.S. adults were polled in December 2023 using Pollfish, a third-party survey platform. Survey respondents were ages 18 and older (44% male-identifying respondents, 56% female-identifying respondents) at the time of the survey.

Responses were then weighted to reflect the current U.S. population by achieving equal distribution with known population characteristics. The margin of error for the survey is 3% at a 95% confidence level.