Cybercrime Victimization Climbs to Record High 44% Over Five-Year Period

National Cybersecurity Alliance and CybSafe research reveals persistent gaps between cybersecurity awareness and action

WASHINGTON, Feb. 25, 2026 (GLOBE NEWSWIRE) -- The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral security platform, today announced the release of the Oh, Behave! Cybersecurity Attitudes and Behaviors Report: 2021–2025, the first five-year research study examining how people’s cybersecurity attitudes, habits, and behaviors change over time.

Built on data collected annually since 2021, the study analyzes responses from more than 25,000 adults across multiple countries. By examining trends over five years, the research moves beyond annual snapshots to provide broader context on how cybersecurity behaviors are shifting, exposing both progress made and weaknesses that remain as the digital landscape has been reshaped by rapid technological advances.

The five-year analysis reveals a consistent trend: cybersecurity awareness has increased, while sustained secure behavior has declined. Awareness of multi-factor authentication (MFA) rose significantly over the study period – from 52% in 2021 to 77% in 2025 – yet regular use fell to 53%, down from a peak of 94% in 2022. Similar patterns appear across other foundational security behaviors.

Routine maintenance habits also weakened over time. The share of respondents who said they always install software updates declined from 44% in 2021 to 31% in 2025, while consistent data backups dropped to just 22% by the end of the study period. At the same time, confidence in identifying phishing messages increased.

“Five years of data tell a very different story than a single year ever could,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “People understand cybersecurity risks better than they did five years ago, but the behaviors that actually reduce risk are becoming harder to sustain. As an industry, we need to do a better job connecting the risks people hear about to the specific actions that protect them. This research helps us see where that disconnect exists and how we can better support secure habits in real life.”

The study also shows that cybercrime victimization increased steadily over the five-year period. Reports of incidents involving financial loss, identity misuse, or data compromise rose year over year, alongside growing concern about online threats, with the share of respondents experiencing some form of cybercrime-related financial or data loss reaching 44% by 2025, representing a 10% increase from the prior year. By 2025, a growing share of respondents described financial loss or data theft as an unavoidable part of being online, signaling a normalization of cybercrime that researchers warn could undermine prevention efforts in an environment where AI has made scams more convincing, attacks easier to scale, and malicious activity harder for individuals to recognize in real time.

“Long-term data shows this isn’t about people being careless or uninformed,” said Oz Alashe MBE, CEO and Founder of CybSafe. “Across five years, we see motivated individuals struggling against time pressure, complexity, and security fatigue. These insights give organizations the evidence they need to design security approaches that align with how people actually behave – not how we assume they do.”

Overview of key five-year findings:

Awareness Is Rising Faster Than Action

Awareness of core security tools has increased steadily, but consistent protective behavior has not kept pace. Awareness of multi-factor authentication rose from 52% in 2021 to 77% in 2025, yet regular MFA use fell to just 53% after peaking in 2022. Similar gaps appear in everyday security habits: the share of respondents who say they always install software updates declined from 44% in 2021 to 31% in 2025, while consistent data backups dropped to 22%. Despite growing familiarity with recommended protections, fewer than six in ten participants report reliably following basic secure behaviors — underscoring a persistent gap between knowing what to do and actually doing it.

Training Access Has Remained Largely Unchanged

Access to cybersecurity training has improved only modestly over time, leaving a majority of people without formal support. Across the study period, more than half of respondents consistently reported having no access to cybersecurity training, peaking at 64% in 2023 and remaining at 55% in 2025. Among those with access, participation, and impact were limited: only 32% of respondents reported using available training in 2025, up just five points from 27% in 2021, while the share who chose not to use available training increased to 13%. These findings suggest that training, while valuable, remains underutilized and insufficient on its own to drive sustained behavior change.

Human Constraints Are the Primary Barrier

Over time, psychological and perceptual barriers have emerged as major obstacles to sustained secure behavior. Worry about cybercrime has risen steadily, climbing from 57% of respondents in 2022 to 68% in 2025. At the same time, fatalistic beliefs have intensified: nearly one-third of participants now believe losing money online is unavoidable, up from 25% in 2022 to 31% in 2025. This growing sense of inevitability signals declining confidence that individual actions can meaningfully reduce risk, reinforcing security fatigue and weakening motivation to maintain protective behaviors.

Cybercrime Is Becoming Normalized

The growing volume and diversity of cyber incidents suggest online harm is becoming routine rather than exceptional. In 2025, phishing alone accounted for 40% of reported incidents, underscoring how commonplace attacks have become, while online dating scams rose from 22% of incidents in 2022 to 29% in 2025 and identity theft increased year over year. Harmful online experiences are also extending beyond financial loss, with cyberbullying affecting 23% of respondents in 2025, up from 13% in 2022. Although reporting of cyberbullying has improved substantially, the continued rise in both frequency and types of incidents points to cyber harm increasingly being treated as a normal part of being online.

“Five years of data make one thing clear: awareness alone isn’t enough,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “AI is enabling cybercriminals to act more quickly and convincingly, while individuals struggle to keep pace. That’s why we need a stronger commitment to ‘secure by design’ – meaning technology providers must ensure products and services are secure out of the box, recognizing that most consumers won’t take on the burden of configuring every available safeguard themselves. ”

The Oh, Behave! five-year research study is grounded in behavioral science and applies the COM-B framework – Capability, Opportunity, Motivation, and Behavior – to help organizations better understand why security behaviors succeed or fail over time.

To download the full Oh, Behave! Cybersecurity Attitudes and Behaviors Report: 2021–2025, please visit: https://www.staysafeonline.org/articles/oh-behave-cybersecurity-attitudes-and-behaviors-report-2021%E2%80%932025

About the National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. Our core efforts include Cybersecurity Awareness Month (October), Data Privacy Week (January), and CyberSecure My Business™, which provides resources to help businesses be resilient against cyber threats. For more information, please visit https://staysafeonline.org.

About CybSafe

CybSafe is a cybersecurity software platform that uses applied AI, behavioral data, and science-backed interventions to help organizations manage and reduce human cyber risk at scale in the AI era. For more information, please visit https://www.cybsafe.com/.

Contact Information:
Megan Lawson
megan.lawson@modop.com

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.