STUDY: Millennials and Gen Z Say They are Bigger Victims of Cybercrime

Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021 from National Cybersecurity Alliance and CybSafe for Cybersecurity Awareness Month uncovers key trends, behaviors and habits among US and UK tech users as cyber threat landscape heats up

WASHINGTON, Oct. 04, 2021 (GLOBE NEWSWIRE) -- The National Cybersecurity Alliance and CybSafe, a behavioral security and data analytics company that’s transforming the way organizations manage human cyber risk, today announced the release of its Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2021. Polling 2,000 individuals across the U.S. and UK, the report examined key cybersecurity trends, attitudes and behaviors ahead of Cybersecurity Awareness Month this month.

“The cybersecurity threat landscape is as complex and diverse as it has ever been,” said Lisa Plaggemier, Interim Executive Director, of the National Cybersecurity Alliance. “The daily headlines of data breaches and ransomware attacks is a testament to the problem getting worse, yet most people aren’t aware of the simple steps they can take to be a part of the solution. It’s critical to have a deeper understanding of both the challenges we face and the prevailing attitudes and behaviors among the public. This report will serve as a building block in helping the technology sector build a safer digital world by driving broader awareness and proactive measures.”

“Cybersecurity is about more than just tools, it’s about people,” said Oz Alashe, CEO and Founder of CybSafe. “Too often people are forgotten in cybersecurity conversations. This report shines a light on overlooked areas in the cybersecurity equation and has uncovered key insights about specific areas that require increased focus if we are going to achieve a more secure digital future.”

Below is an overview of key report insights:

Cybercrime Considered More Common Among Millennials and Gen Z

Per the study’s results, millennials (44%) and Gen Z (51%) are more likely to say they have experienced a cyber threat than baby boomers (21%). Additionally, 25% of millennials and 24% of Gen Zers said they had their identities stolen once as opposed to only 14% of baby boomers. In fact, 79% of baby boomers said they had never been a victim of cybercrime.

“Despite the myth that older individuals are more likely to be susceptible to cybercriminals and their tactics, our research has uncovered that younger generations are far more likely to recognize that they have been a victim of cybercrime,” said Plaggemier. “This is a stark reminder for the technology industry that we cannot take cybersecurity awareness for granted among any demographic and need to focus on the nuances of each different group. And, clearly we need to rethink perceptions that younger individuals are more tech-savvy and engage more frequently in cybersecurity best practices than older technology users.”

Public Not Embracing Safety Best Practices

According to the report, public response and implementation of commonly known best practices including strong passwords, multi-factor authentication (MFA) and others are tepid at best. Findings on best practices include:

  • Poor Password Hygiene: Less than half (46%) of respondents say they use a different password for important online accounts, with 20% saying that they “never” or “rarely” do so. Additionally, only 43% said they create a long and unique password either “always” or “very often.”
  • MFA Remains a Mystery: Nearly half (48%) of respondents say they have “never heard of MFA.”
  • Software Update Installation Lagging: Nearly a third (31%) of respondents say they either “sometimes,” “rarely,” or “never” install software updates.

“There is a clear disconnect between the technology industry and the public when it comes to driving the adoption of cybersecurity best practices,” said Alashe. “There is overwhelming proof that simple best practices such as strong passwords, MFA and regularly installing updates can work wonders for boosting overall cybersecurity. Ultimately, there is no one-size-fits-all approach when it comes to cybersecurity. In order to reverse this trend and engage people in secure online behaviors more meaningfully, we must take a more human-centric view and understand the behavioral implications that are driving this disconnect.”

Reporting Challenges Undermine Cybersecurity

According to the report, 34% of individuals have personally been a victim of a cyber breach. Of these individuals, 18% say they have been victims more than once and 19% of respondents said they have also been a victim of identity theft. Of those who were a victim of cybercrime, 61% said that they did not report the incident. Furthermore, only 22% of respondents said that they “always” reported a phishing attempt – one of the leading threat types deployed by cybercriminals. Interestingly, only 29% of individuals indicated they were not intimidated by cybersecurity.

“The technology industry relies on reporting as one of the key pillars in identifying and stopping bad actors, yet, even those impacted directly by cybercrime routinely fail to notify the appropriate parties that an incident has occurred,” said Alashe. “In day-to-day life, it is second nature for individuals to report a crime if they see one; however, this behavior isn’t being replicated with cybercrime It’s crucial that cybersecurity professionals get to the bottom of why this is the case, as raising reporting rates among people will be pivotal in freeing up time for cyber professionals, helping them to prioritize threats and adjust their strategies.”

Limited Access to Cybertraining

Per the report, 64% of respondents have no access to cybersecurity training, while more than a quarter (27%) of those who do have access choose not to use it.

“Despite an ongoing rise of incredibly sophisticated cybersecurity attacks, a vast majority of employers and technology manufacturers fail to equip people with the tools and knowledge they need to identify, avoid and report cyberthreats,” said Plaggemier. “Cybersecurity success is highly dependent on the actions of everyday people, and unless we are able to grow our training and education infrastructure dramatically, we will continue to be immensely vulnerable to bad actors.”

To download the full Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2021, please visit: For more information on Cybersecurity Awareness Month please visit:

About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit

About National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Day (January 28); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit

About CybSafe
CybSafe is a UK-based cyber security and data analytics software company focused on behavioral security, working to make it easy to manage human cyber risk. With a team made up of psychologists, behavioral scientists and security experts, CybSafe delivers a range of leading security research initiatives aimed at better understanding human decision making and security behavior. CybSafe is designed for the modern, hybrid workforce and is on a mission to revolutionize the way society addresses the human aspect of cyber security.

At the heart of CybSafe’s behavioral security platform is SebDB, the world’s most comprehensive security behavior database, offering insight into every security behavior capable of minimizing human cyber risk. Leveraging SebDB, CybSafe has developed a proprietary behavioral classification framework that combined with evolving data models, means the CybSafe platform allows security teams to pre-empt security problems before they occur.

For more information, please visit

Adam Brett