Norton Cyber Security Insights Report 2017

Norton Cyber Security Insights Report
2017
Global Results

Table of Contents
Copyright © 2018 Symantec Corporation
2
1. Key Findings 3 – 9
2. Cybercrime by the Numbers 10 – 16
3. Portrait of a Cybercrime Victim 17 – 20
4. Consumers’ Contradicting Beliefs 21 – 24
5. State of Consumers’ Trust 25 – 26
6. About the 2017 Norton Cyber Security Insights Report 27 – 30

Key Findings
3

Key Findings
4
When it comes to cyber security, consumers are overconfident in their security prowess, leaving them
vulnerable and enabling cybercriminals to up the ante this year, which has resulted in record attacks.
• 978 million people in 20 countries were affected by cybercrime in 2017.
• 44% of consumers were impacted by cybercrime in the last 12 months.
• The most common cybercrimes experienced by consumers or someone they know include:
o Having a device infected by a virus or other security threat (53%)
o Experiencing debit or credit card fraud (38%)
o Having an account password compromised (34%)
o Encountering unauthorized access to or hacking of an email or social media account (34%)
o Making a purchase online that turned out to be a scam (33%)
o Clicking on a fraudulent email or providing sensitive (personal/financial) information in response to a fraudulent
email (32%)
• As a result, consumers who were a victims of cybercrime globally lost $172 billion – an average of $142 per victim –
and nearly 24 hours globally (or almost three full work days) dealing with the aftermath.

Key Findings
5
Cyber security concerns do not always seem to translate to good behaviors as many consumers put
themselves at risk in their day-to-day lives. This leads us to a startling cybercrime confession: those who
emphasize the importance of online security, generally contradict themselves through their actions, and as a
result, are more likely to fall victim to cybercrime.
Cybercrime victims share three common traits:
• Overconfident in Cybersecurity Prowess: Consumers who’ve fallen victim to cybercrime, emphasize the importance
of online security more than non-victims, yet they’re more likely to contradict their efforts through simple missteps.
While 44% of consumers have personally experienced cybercrime, 39% of cybercrime victims globally report gaining
trust in their ability to hold and protect their personal information and data and 33% believe they're at a low risk of
becoming a cybercrime victim.
• Favor Multiple Devices: Consumers who adopt the newest technologies and own the most devices are also more likely
to be victims of cybercrime. More than one third (37%) own a gaming console and smart device, compared to 28% of
non-victims. They’re also almost twice as likely to own a connected home device than non-victims.
• Dismiss the Basics: They practice new security techniques such as fingerprint ID (44%), facial recognition (13%),
pattern matching (22%), personal VPN (16%), voice ID (10%) and two-factor authentication (13%). Yet, 20% of
cybercrime victims globally use the same password across all online accounts and 58% shared at least one device or
account password with others. By comparison, only 17% of non-cybercrime victims use the same password across all
online accounts and 37% share their passwords with others.

Key Findings
6
From Millennials to Baby Boomers, to the parents in between, everyone leaves their virtual door open
when it comes to security.
• Confession: Millennials are the most technologically savvy – owning the most devices (four devices on average) and
adopting advanced security practices (32%) such as pattern matching, face recognition, VPN, voice ID and two-factor
authentication, yet they make simple security mistakes such as bad password management (70%) and become a
cybercrime victim, with 60% globally experiencing a cybercrime in the last year alone. :
o One in four (26%) of Millennials use the same password for all accounts, compared to 10% of Baby Boomers.
o 63% of Millennials globally have shared at least one or more of their passwords with another person, compared
to 36% of Baby Boomers.
• Confession: Baby Boomers and Seniors are generally the safest age groups, though they make faux pas as well:
o 61% of Baby Boomers and two-thirds of Seniors globally use different passwords, but 39% of Baby Boomers and
49% of Seniors write those passwords down on a piece of paper.
o Globally. Seniors are least likely to back up their devices, with 16% failing to back up any devices.
o Notably, Baby Boomers globally lost an average of $167 – the highest of all age groups and 15 percent higher
than the global average.
• Confession: Parents are worried about many things when it comes to their child and the Internet – but few act. 96% of
parents globally worry about their children and the Internet, yet only a third of parents always supervise their children
online when they are playing online games, using social media or surfing the internet. Meanwhile, 11% of parents
globally do not take any actions to protect their children online.

Key Findings
7
Consumers’ boundaries skewed between cybercrime and “real life”
• Confession: While 81% of consumers globally think a cybercrime should be treated as a criminal act, 43% believe it’s
acceptable to commit morally questionable online behaviors in certain instances:
o One fourth (26%) of consumers globally say reading someone’s emails without their consent is sometimes
acceptable
o 21% of consumers globally believe using a false email or someone else's email to identify their self online is
sometimes acceptable
o 15% of consumers globally believe that accessing someone's financial accounts without their permission is
sometimes acceptable
• Interestingly, 53 percent of cybercrime victims globally were more likely to think it was acceptable to commit morally
questionable online behavior than non-victims (32%):
o 31% of cybercrime victims globally say reading someone’s emails without their consent is sometimes acceptable
compared to 18% of non-victims
o 25% of cybercrime victims globally believe falsely identifying themselves is sometimes acceptable compared to
14% of non-victims
o 18% of cybercrime victims globally believe that accessing someone's financial accounts without their permission
is sometimes acceptable compared to 10% of non-victims

Key Findings
8
Despite this year’s cyberattacks, consumers continue to trust the institutions that manage their data and personal
information; though, they have lost trust in their government.
• Consumers globally have gained or maintained the same level of trust in the following institutions that manage their
data and personal information:
o 76% in identity theft protection services
o 80% in internet service providers
o 80% in email providers
o 82% in financial institutions
• Concerningly, however, 41% of consumers globally lost trust in their government to manage their data and personal
information.

What to Do?
9
Stick to the basics. The realities of cybercrime can feel daunting, but practicing basic behaviors, such as proper
password hygiene will go a long way. While new technologies such as facial recognition and voice ID are effective, it
all starts with basic security measures such as:
• Craft the perfect password: Don’t tie your password to publicly available information as it makes it easier for the bad guys to guess
your password. Be sure to use a phrase that consists of a string of words that are easy to memorize but hard for anyone else to crack.
The longer your password, the better it is. Additionally, if your account or device enables it, consider two-factor authentication for an
additional layer of security. That way, if your password is compromised, it’s harder for the hacker to access your account. Finally, once
you’ve created a strong password, stick with it until you’re notified of a security breach. If you still feel overwhelmed, use a password
manager to help!
• Know the ins and out of public Wi-Fi networks: Accessing personal information on unprotected public Wi-Fi is like broadcasting your
entire screen on TV – everything you do on a website or through an app, could potentially be exposed. Avoid anything that involves
sharing your personal information (paying a bill online, logging in to social media accounts, paying for anything with a credit card, etc.).
If you must access the information over public Wi-Fi, consider using a Virtual Private Network (VPN) to secure your connection and help
keep your information private.
• Don’t keep a (dis)connected home: When installing a new network-connected device, such as a router or smart thermostat, remember
to change the default password. If you don’t plan on using the Internet feature(s), such as with smart appliances, disable or protect
remote access when not needed. Also, protect your wireless connections with strong Wi-Fi encryption so no one can easily view the data
traveling between your devices.
• Don’t go on a phishing expedition: Think twice before opening unsolicited messages or attachments, particularly from people you don’t
know, or clicking on random links. The message may be from a cybercriminal who has compromised your friend or family member’s
email or social media accounts.
• Be in control when online: Protect all your devices with a robust, multi-platform security software solution to help protect against the
latest threats.

Cybercrime by the Numbers
10

Within the last year, more than 978 million adults in 20 countries
globally experienced cybercrime
Millions unless noted:
Adult population of 20 countries - 3.1 billion
Online population (57%) - 1.8 billion
Experienced Cybercrime – 978 million
11
Australia Brazil Canada China France Germany Hong Kong India Indonesia Italy Japan Mexico Netherlands
New
Zealand
Singapore Spain Sweden UAE UK USA
2017 6.09 62.21 10.14 352.70 19.31 23.36 2.41 186.44 59.45 16.44 17.74 33.15 3.43 1.14 1.26 16.20 2.09 3.72 17.40 143.70

53% of consumers experienced cybercrime or know someone who
has
12
6%
7%
7%
8%
9%
10%
10%
12%
12%
13%
13%
13%
14%
14%
14%
16%
16%
17%
18%
36%
12%
14%
13%
15%
17%
18%
16%
22%
19%
17%
21%
15%
15%
16%
20%
21%
17%
23%
19%
26%
18%
20%
19%
22%
25%
26%
25%
33%
30%
28%
32%
26%
27%
28%
33%
34%
30%
38%
34%
53%
Lost a job or a promotion due to a social media posting you did not post
Had payment information stolen from your phone
Had someone gain unauthorized access to a smart home device
Experienced a ransomware attack
Fell for a technical support scam
Been a victim of identity theft
Had your financial information compromised as a result of shopping online
Had a child that was bullied online (Parents only)
Had a child's online activity compromise your security (Parents only)
Received a phone call or text that resulted in malware being downloaded to your mobile device
Clicked on a fraudulent email or provided sensitive (personal/financial) information in response to a fraudulent email
My location-based information was accessed without my permission
Detected unusual activity on your home Wi-Fi network
Had others use your home Wi-Fi without permission
Made a purchase online that turned out to be a scam
Unauthorized access to or hacking of your email or social network profile
Been notified that your personal information was involved in a data breach
Experienced credit or debit card fraud
Had an account password compromised
Had a device computer/tablet/phone infected by a virus or other security threat
I have Someone I know has Either I or someone I know has (Net)

13
Consumers who were victims of cybercrime globally
lost $172 billion
The
average
victim
lost
$142
Australia Brazil Canada China France Germany Hong Kong India Indonesia Italy Japan Mexico Netherlands
New
Zealand
Singapore Spain Sweden UAE UK USA
2017 $1.9 $22.5 $1.5 $66.3 $7.1 $2.6 $0.1 $18.5 $3.2 $4.1 $2.1 $7.7 $1.6 $0.1 $0.4 $2.1 $3.9 $1.1 $6.0 $19.4
Figures represented in billions (USD):

The average cybercrime victim spent nearly
24 hours (23.6 hours) globally (or almost three full
work days) dealing with the aftermath
Australia Brazil Canada China France Germany Hong Kong India Indonesia Italy Japan Mexico Netherlands New Zealand Singapore Spain Sweden UAE UK USA
2017 16.2 33.9 10.3 28.3 16.0 14.6 18.9 50.7 34.1 19.2 5.6 55.1 5.6 9.0 14.6 22.1 22.0 47.9 14.8 19.8
14

Consumers emphasize the importance of online security
PROTECTION
from malicious
threats is the
biggest concern
15
50%
59%
62%
70%
77%
77%
81%
82%
82%
84%
85%
Turn off the internet and/or internet access to the devices in
my household
Control the information my family shares on social networks
Protect the files, photos and videos I have on cloud services
Secure my Wi-Fi connections outside of the home
Monitor and control the content my child(ren) access online
(Parents Only)
Protect my entire home network, not just individual devices,
from threats
Manage all my passwords
Monitor and restore my identity if it is stolen
Keep my online activity and personal information private
Protect my mobile devices from viruses, malicious apps and
suspicious text messages
Protect me from malicious sites or files
Important (Top 2)

Yet, one-third store their passwords insecurely and one in five use
the same password for all accounts.
16
1%
3%
4%
6%
9%
12%
16%
19%
32%
34%
I don't have any online passwords
I keep/use the default passwords
I just reset my passwords so I don't have to remember them
Other methods
I use different passwords and use a password manager program to store them
I use different passwords and have my computer's web browser save them for me
I use different passwords and have them in a file on my computer or smartphone
I use the same password for all my accounts
I use a technique to remember different passwords
I use different passwords and write them down on a piece of paper

Portrait of a Cybercrime Victim
17

They’re adopters of newer security techniques
18
52%
16%
13%
44%
13%
22%
10%
0%
10%
20%
30%
40%
50%
60%
Security software Personal VPN Two-factor
authentication
Fingerprint ID Facial recognition Pattern matching Voice ID
Victim

And almost 2x as likely to own a connected home device
than non-cybercrime victims.
19
89%
75%
51% 52%
28%
24%
11%
6%
92%
81%
58% 58%
37%
34%
18%
12%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Smartphone Laptop computer Tablet or e-reader Desktop computer Gaming console
with access to the
internet
Smart device that
connects to the
internet for
streaming content
Wearable device or
a smartwatch
Connected home
device
Non-victim Victim

20
They’re more likely to use the same online password across
all accounts and share their device or online account
passwords with others than non-cybercrime victims.
58%of cybercrime
victims shared at
least one device or
account password
with others
20%of cybercrime
victims globally use
the same online
password across all
online accounts

Consumers’ Contradicting Beliefs
21

Consumers believe cybercrime is wrong and should be treated as a
criminal act
22
22%
35%
53%
67%
80%
81%
Stealing information online is not as bad as stealing property in 'real life'
Cybercrime is a fact of life and we have to accept it
Cybercrime is wrong but it is too difficult to find the attacker
Cybercrime is wrong but all I can do is to protect myself and my family
Cybercrime is wrong; law enforcement and internet companies should do more to
protect us
Cybercrime should be treated like any other criminal act
Agree (Top 2)

Yet 43 percent believe it’s sometimes acceptable to commit morally
questionable online behaviors in certain instances
23
26%
21%
21%
20%
20%
19%
17%
15%
15%
15%
15%
14%
Reading someone else's email without their permission
Sharing things you know are not true on social media
Using a false email or someone else's email to identify yourself online
Using a false photo or someone else's photo to identify yourself online
Putting software on someone's machine that allows you to spy and/or
track them
Changing someone's status, posts or comments on social media
without permission
Posting inflammatory, threatening or sexually explicit comments or
photos online
Accessing someone's financial accounts without their permission
Using someone else's credit card without permission to shop or book
online
Stealing someone's personally identifiable information
Allowing your device to be used to send spam, malware or attack other
computers
Sending emails that trick people into giving out personal, financial or
sensitive details
Sometimes Acceptable (Net)
43%
believe at least
one type of
cybercrime is
always or
sometimes
acceptable

Nearly one in four believe stealing information online is
not as bad as stealing property in ‘real life’
24
63% 22%
Stealing information online is not as bad as stealing property in ‘real life’
Disagree (Bottom 2) Agree (Top 2)

State of Consumers’ Trust
25

Consumers generally continue to trust the institutions that
manage their data and personal information
26
41%
44%
34%
11%
19%
18%
24%
20%
20%
17%
44%
45%
51%
53%
58%
58%
60%
61%
61%
63%
16%
11%
14%
36%
23%
24%
17%
19%
19%
19%
0% 20% 40% 60% 80% 100% 120%
My government
Credit report companies that gather information without my consent
My social media platform
Myself
Security software
My bank or financial institutions
Identity theft protection service providers
My email provider
My internet service provider
My employer
I've lost all trust + I've lost some trust I trust them the same as I always have I've gained some trust + I've gained complete trust

27
About the 2017 Norton Cyber Security Insights Report

About the 2017 Norton Cyber Security Insights Report
The Norton Cyber Security Insights Report is an online survey of 21,549 individuals ages 18+ across
20 markets, commissioned by Norton by Symantec and produced by research firm Reputation
Leaders. The margin of error for the total sample is +/-.7%. Data was collected Oct. 5 – Oct. 24,
2017 by Reputation Leaders.
28
Markets: 20
North America Canada, United States
Europe & Middle East France, Germany, Italy, Netherlands, Spain, Sweden, United Arab Emirates,
United Kingdom
Asia Pacific Australia, China, Hong Kong, India, Indonesia, Japan, New Zealand, Singapore
Latin America Brazil, Mexico

How We Define Cybercrime
The definition of cybercrime continues to evolve as avenues open up that allow
cybercriminals to target consumers in new ways. Each year, we will evaluate
current cybercrime trends and update the report’s methodology as needed, to
ensure the Norton Cyber Security Insights Report provides an accurate snapshot of
the impact of cybercrime as it stands today. In the 2017 Norton Cyber Security
Insights Report, a cybercrime is defined as, but not limited to, a number of specific
actions, including identity theft, credit card fraud or having your account password
compromised. For the purposes of this report, a cybercrime victim is a survey
respondent who confirmed one or more of these incidents took place. Visit
https://www.symantec.com/about/newsroom/press-kits to learn more.
29

Demographics Breakdown
30
Gen Z
Gen Y
Gen X
Boomer
Senior
32%
35%
4%
26%
3%
50%50%
50% 50%
Non-
Parents
Parents
Not victim
Cybercrime
vicitm
36%
64%
18-24
25-34
35-4445-54
55-64
65+
19%
19%
13%
18%
22%
9%

Norton Cyber Security Insights Report 2017

More Related Content

What's hot (20)

Similar to Norton Cyber Security Insights Report 2017 (20)

More from CheapSSLsecurity (20)

Recently uploaded (20)

Norton Cyber Security Insights Report 2017