The Australian Cyber Collaboration Centre (Aus3C) has released the annual cybersecurity attitudes and behaviours report Oh Behave! 2024. The research reveals a pressing need to address growing concerns about attitudes towards online safety, with worrying trends particularly evident among younger Australians.
Over 6,500 individuals across Australia, New Zealand, the USA, the UK, Canada, Germany, France and India were polled to coincide with the report’s release ahead of Cybersecurity Awareness Month in October. Cybersecurity Awareness Month serves as a reminder of the importance of online safety and the need for collective action. Oh Behave! was conducted by CybSafe and is supported in the USA by Aus3C’s American counterpart, the National Cybersecurity Alliance (NCA), a non-profit organisation with a mission to create a more secure, interconnected world.
The findings show that Australians are increasingly frustrated by online security measures. In Australia, 52% of respondents reported that online security is frustrating, with 44% admitting they feel intimidated by the complexities of staying safe online. Even more concerning is the significant decline in the perceived value of online security, with only 60% of Australians believing it is worth the effort – a drop of 9% since last year.
Generational disparities in attitudes to cybersecurity
The report underscores the urgent need to address the generational disparities regarding attitudes to cybersecurity. Gen Z and Millennials, in particular, are becoming increasingly pessimistic about their ability to stay safe online. Most younger respondents no longer believe that the effort to remain secure is worthwhile, with many reducing their online activities due to these concerns. A staggering 43% of all participants assumed their devices were automatically secure, indicating widespread complacency, especially among younger generations.
“Complacency and frustration are dangerous combinations in the fight against cybercrime in Australia,” said Australian Cyber Collaboration Centre CEO Matthew Salier. “Vulnerability to cyber-attacks is of particular concern across younger generations because they’re not taking adequate precautions, relying too heavily on others or assuming their devices are secure.”
The report highlights an over-reliance on others for protection, with 39% of Gen Z and Millennial respondents relying on family members to ensure online security. In addition, 90% of participants across all age groups believe that apps and platforms should be responsible for protecting their personal information.
Poor cybersecurity behaviours
According to the report, cybersecurity hygiene is still a significant concern, with poor password practices persist despite the issue being widely publicised. The use of personal information like pet names in passwords has increased across all generations, with Gen Z having the highest percentage at 52%. Additionally, 66% of the Silent Generation (born between 1928 and 1946) and 60% of Baby Boomers have never used a password manager. While numerous younger participants have used a password manager before, many have since stopped.
Inconsistent adoption of MFA and ignoring software updates
Although 81% of participants are aware of multi-factor authentication (MFA), adoption is inconsistent, particularly among Millennials and Gen Z. While older generations report more consistent use, many younger users have tried MFA in the past but have since abandoned it. Additionally, only 45% of Gen Z respondents have not enabled automatic software updates despite this feature’s convenience in most applications.
AI adds a new layer of concern.
The report also highlights concerns surrounding artificial intelligence. More than half of employed participants (52%) and students (58%) have not received any training on safe AI use. Millennials are worried that AI will make detecting scams even more challenging. Trust in companies responsibly implementing AI is also low, with Australians expressing the lowest confidence at 35%, compared to 71% of participants from India.
“As the threat landscape evolves with the introduction of AI, we must equip individuals and organisations in Australia with the tools they need to navigate this complex environment,” said Salier. “Our goal is to drive education and resources that empower Australian organisations to take control of their online security.”
Aus3C is launching a new awareness campaign for Cybersecurity Awareness Month to address the complacency and pessimism surrounding cybersecurity. The campaign will educate individuals and organisations about the importance of personal responsibility for online security and encourage the adoption of simple but effective cybersecurity practices.
You can read the full report here.