Internet users are too confident they're protected

Given the number of high profile security breaches that make the headlines, you'd expect people to be wary about online security.

But a new study by Malwarebytes Labs shows a mismatch between people's confidence in their own privacy and security practices and their actual behavior.

Malwarebytes surveyed almost 4,000 people and finds that while data privacy was a top concern, with trust in companies to maintain it painfully low, users do not follow through with some of the more difficult and cumbersome cybersecurity best practices to keep their data safe.

The company believes this gap between perception and reality to be a result of security hubris. Because users follow many of the perceived-as-easier security tactics, they believe themselves safe, even while ignoring other important security measures that appear difficult.

The findings show 96 percent of respondents in all generations care about their privacy, and 93 percent use security software. However, only 32 percent read EULAs, 47 percent know which permissions their apps have, and just over 53 percent use password managers.

Overall 29 percent admit reusing the same password for multiple sites. Millennials are much worse at this though with 37 percent reusing passwords. Most respondents (87 percent) say they are not confident about sharing their personally identifiable information online.

When asked how much they trusted social media to protect their information, the average ranking was only 0.6, out of 5, meaning that users barely trust social media, if at all, to protect their data. Baby boomers are the most distrustful (96 percent) generation of social media, followed by Generation Xers (94 percent), Generation Z (93 percent), and Millennials (92 percent).

There's more trust in search engines and, interestingly, here the generations' positions are reversed. Baby boomers distrust search engines least (57 percent) compared to Gen Xers (65 percent), Millennials (64 percent) and Gen Z (75 percent).

The report’s authors conclude, "Too many times over the past few years, we have seen examples of overly confident security teams having to deal with the fallout from a major breach, or users having to clean up the utter life-changing mess of identity theft. Want to know how many of the users who've been breached before are now skimming through EULAs? Our guess is very few. Don't wait until the proverbial stuff hits the fan. Take the extra second and think before you click. A good security plan should allow for flexibility, as no plan survives first contact with the enemy."

You can find out more on the Malwarebytes Labs blog.

Image Credit: Angela Waye / Shutterstock