Most of us know we should be doing more to protect our online accounts—things like using better passwords or turning on two-factor authentication. But knowing something’s important doesn’t always mean we’ll actually do it. So, why the gap?
At this year’s RSA Conference, researchers shared a big truth: people care about staying safe online—but they often feel frustrated, confused, or like their actions don’t matter. Here’s what they found—and how you can start protecting yourself without feeling overwhelmed.
The Real Reason We Don’t Practice Good Cybersecurity Hygiene
Researchers from CybSafe surveyed over 7,000 people around the world. Their findings?
- 46% said cybersecurity is frustrating
- 44% found security tasks intimidating
- 38% believe losing their data is “unavoidable”
Many also thought security was too expensive, or that their devices are “automatically” protected.
This kind of thinking is known as learned helplessness: when people feel like nothing they do makes a difference, they give up—even when a solution is available.
We Know What to Do—We Just Don’t Do It
Even when people are aware of good security practices, they don’t always follow through. Take multi-factor authentication (MFA), for example:
- 81% had heard of MFA
- 24% don’t use it or stopped using it
- One surveyed user even said, “MFA annoys the heck out of me!!”
Clearly, awareness doesn’t always equal action. And if a security tool is annoying or confusing, people are more likely to avoid it.
Your Mindset Matters (More Than You Think)
Dr. Jason Nurse, one of the researchers, explained that our attitude about security influences whether we act. If you believe security is impossible, you’re less likely to bother trying.
But when you understand the risks—and how easy it is to stop many of them—you’re more likely to build better habits. For example, if you know how phishing scams work, you’re far less likely to click a sketchy link or fall for a fake message.
Are Younger People More Secure Online? Not Always.
Interestingly, the research showed that younger users—especially Gen Z—are more likely to share sensitive data with AI tools without realizing the risks. Nearly 46% of Gen Z admitted to sharing work data with an AI tool behind their employer’s back, compared to just 14% of Baby Boomers.
This highlights an important truth: every generation has its own blind spots. Online safety is a lifelong skill—not something you automatically “get” because you’re younger or tech-savvy.
What Makes Online Safety Feel Worth It?
Many people stop reporting scams or updating their security settings because they don’t feel like it helps. In workplaces, people are more likely to report phishing emails if they get feedback—like an email from IT saying, “Thanks, we’re on it.”
At home, it’s the same. If you can’t see the results of your efforts, it’s easy to assume they don’t matter. That’s why simple, visible security wins are key to building motivation.
5 Small Cybersecurity Habits That Actually Work
If you’re looking to improve your online safety, here are five easy wins:
- Use a Password Manager: Let it create and remember strong, unique passwords for every account.
- Enable Multi-Factor Authentication: A second login step can stop most hackers cold.
- Back Up Your Data: Save copies of important files in the cloud or on an external drive.
- Install Updates: Those annoying updates? They fix major security flaws—don’t skip them.
- Learn to Spot Scams: If a text or email feels fishy, it probably is. Trust your gut and don’t click.
Final Thoughts: You Can Do This
Cybersecurity doesn’t have to be complicated. You don’t need to be a tech genius or spend a fortune. Just like brushing your teeth, it’s about small, consistent habits that keep you healthy and protected.
Start with one step today—whether that’s installing a password manager, backing up your phone, or turning on MFA for your email. The more small wins you rack up, the safer you (and your family) will be.
Let’s stay safe out there!
