Study Digs the Dirt on US Cyber Hygiene

Generally it's not good, but there are a few clean-livin' types out there.

Larry Loeb, Blogger, Informationweek

May 13, 2019

3 Min Read

Wakefield Research has published its Webroot-sponsored report, The Cyber Hygiene Risk Index, in which they make evaluations about Americans and their habits.

Wakefield fielded an online survey to 10,000 US consumers (ages 18+) with 200 interviews in each of the 50 US states. It was conducted between February 11 and February 25, 2019, using an email invitation and an online survey instrument. The stated margin of error is +/-0.98 percentage points for the total audience of this study and +/-6.9 percentage points for each state at the 95% confidence level.

The researchers came up with ten survey metrics to assess risk factors, which all follow a pass/fail (yes/no) format:

  • 1.Do they backup their data?


  • 2.Have they lost a device without recovering it or given away a device?


  • 3.Have they had their ID stolen?


  • 4.Have they been impacted by malware?


  • 5.Have they been a victim of phishing?


  • 6.Do they use AV software?


  • 7.Do they share passwords with others?


  • 8.Do they reuse passwords?


  • 9.Do they keep their social media public?


  • 10.Do they practice good online behavior?

They found that residents of Mississippi, Louisiana, California, Alaska and Connecticut were likely to have the lowest compliance scores on this test.

The states with the best scores (New Hampshire, North Dakota, Ohio, Idaho, and Kentucky) were not all that different from the worst scorers in many parameters.

In fact, the highest scoring state of New Hampshire, only got a D and a 65% overall score on it.

Cyber hygiene faults that seemed to get a lot of people nicked included reusing passwords for multiple accounts (63% of Americans), failing to use the "private" setting on social media (64%), and falling for phishing attempts (53%).

The study looked at user beliefs as well. Roughly nine in ten (88%) Americans agree that they're taking the appropriate steps to protect themselves from cyber-related attacks, including half (49%) who agree strongly or agree 100%.

The researchers think that Americans have only a surface-level understanding of the most common types of cyber threats. Respondents could recognize some of the names of the most common cyber attacks such as malware (79%) or phishing (70%), but for most, that was where their knowledge ends. Less than one in three actually knew what these common cyber attacks are or what they do.

Yet the report found superstars in the wilderness. About 5% of respondents were exceptional, compared to the norm.

They share some characteristics. They are more likely to be Boomers, married or in a relationship, more likely to live in the suburbs and less likely to be parents.

They all regularly backup data in multiple ways, keep their reliable AV software up to date, use VPN, ID protection & password management services.

The report has no information on how often they change their toothbrushes.

These folk are spread across 100% of US states and the highest Cyber Hygiene Risk Index performers.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Read more about:

Security Now

About the Author(s)

Larry Loeb

Blogger, Informationweek

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet protocol. His latest book has the commercially obligatory title of Hack Proofing XML. He's been online since uucp "bang" addressing (where the world existed relative to !decvax), serving as editor of the Macintosh Exchange on BIX and the VARBusiness Exchange. His first Mac had 128 KB of memory, which was a big step up from his first 1130, which had 4 KB, as did his first 1401. You can e-mail him at [email protected].

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights