Consumers’ Overconfidence Helps Hackers Up the Ante and Steal $172 Billion in 2017

2017 Norton Cyber Security Insights Report Reveals Common Traits of Cybercrime Victims

January 24, 2018

5 Min Read


Mountain View, Calif. – January 22, 2017 – Consumers are confident they’re safe online, but hackers have proven otherwise, stealing $172 billion from 978 million consumers in 20 countries in the past year, according to the 2017 Norton Cyber Security Insights Report, released today by Norton by Symantec (NASDAQ: SYMC).

Globally, cybercrime victims share a similar profile: they are everyday consumers who use multiple devices whether at home or on the go, but have a blind spot when it comes to cyber security basics. This group tends to use the same password across multiple accounts or share it with others. Equally concerning, 39 percent of global cybercrime victims despite their experience, gained trust in their ability to protect their data and personal information from future attacks and 33 percent believe they had a low risk[1] of becoming a cybercrime victim.

In the United States, 143 million consumers were victims of cybercrime – more than half the U.S. adult online population. Losses totaled $19.4 billion and each victim lost an average of nearly 20 hours (19.8 hours) dealing with the aftermath.

“Consumers’ actions revealed a dangerous disconnect: Despite a steady stream of cybercrime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves,” said Fran Rosch, executive vice president, Consumer Business Unit, Symantec. “This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cybercrime.”

Americans Embrace Cyber Security Safety Measures, but Leave Their Virtual Door Unlocked

Consumers used device protection technologies such as fingerprint ID, pattern matching and facial recognition, with 45 percent using fingerprint ID, 21 percent using pattern matching, 19 percent using a personal VPN, 14 percent using voice ID, 16 percent using two-factor authentication and 16 percent using facial recognition. However, consumers who adopted these technologies often still practice poor password hygiene and fell victim to cybercrime.

  • Consumers express confidence, but are more prone to attacks as they protect newer and more devices. Forty-six percent of U.S. cybercrime victims owned a smart device for streaming content, compared to about one quarter of non-victims. They were also three times as likely to own a connected home device.

  • Despite experiencing a cybercrime within the past year, nearly a quarter of victims in the U.S. used the same online password across all accounts and 60 percent shared their passwords for at least one device or account with others, negating security efforts. By comparison, only 17 percent of non-cybercrime victims reuse passwords and 37 percent share their passwords with others. Additionally, 41 percent write their passwords down on a piece of paper and are almost twice as likely to use different passwords and save their password to a file on their computer/smartphone than non-victims.

Consumer Boundaries Skewed Between Cybercrime and “Real Life”

Eighty-one percent of U.S. consumers believe cybercrime should be treated as a criminal act. However, when pressed, contradictions emerged. Nearly one in four believe stealing information online was not as bad as stealing property in ‘real life.’ When presented with examples of cybercrime, 41 percent of consumers believed it’s sometimes acceptable to commit morally questionable online behaviors in certain instances, such as reading someone’s emails (28 percent), using a false email or someone else's email to identify their self online (20 percent) and even accessing someone’s financial accounts without their permission (18 percent).

The State of Consumers’ Trust

Despite this year’s cyberattacks, Americans generally continue to trust the institutions that manage their data and personal information. However, they are not as trusting of some institutions and organizations.

  • Consumers gained or maintained trust in organizations such as banks and financial institutions (76 percent), and identity theft protection service providers (71 percent) despite the attacks that made headlines this year.

  • Alternatively, more than half of U.S. consumers (53 percent) lost trust in their government to manage their data and personal information within the past year. 39 percent lost trust in social media platforms.

  • More than one third (37 percent) of U.S. cybercrime victims gained trust in themselves to manage their data and personal information.

To learn more about the real impact of cybercrime and how consumers can protect their digital information, go here for more information.

About the Norton Cyber Security Insights Report

The Norton Cyber Security Insights Report is an online survey of 21,549 individuals ages 18+ across 20 markets, commissioned by Norton by Symantec and produced by research firm Reputation Leaders. The margin of error for the total sample is +/-.7%. The U.S. sample reflects input from 1,003 U.S. adults ages 18+. The margin of error is +/- 3.1% for the total U.S. sample. Data was collected Oct. 5 – Oct. 24, 2017 by Reputation Leaders.

How We Define Cybercrime

The definition of cybercrime continues to evolve as avenues open up that allow cybercriminals to target consumers in new ways. Each year, we will evaluate current cybercrime trends and update the report’s methodology as needed, to ensure the Norton Cyber Security Insights Report provides an accurate snapshot of the impact of cybercrime as it stands today. In the 2017 Norton Cyber Security Insights Report, a cybercrime is defined as, but not limited to, a number of specific actions, including identity theft, credit card fraud or having your account password compromised. For the purposes of this report, a cybercrime victim is a survey respondent who confirmed one or more of these incidents took place. Visit to learn more.

About Symantec

Symantec Corporation (NASDAQ: SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec’s Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world’s largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats. For additional information, please visit or connect with us on Facebook, Twitter, and LinkedIn.

[1] Respondents’ attribution of cybercrime risk is based on their personal beliefs and definition of cybercrime.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights