Concerns surrounding cyber threats and scams increased in 2025, but these risks weren’t enough to prompt people to adopt safer online behaviors, an industry report found.
The nonprofit National Cybersecurity Alliance and CybSafe, a cybersecurity firm, released their Annual Cybersecurity Attitudes and Behaviors Report during this year’s Cybersecurity Awareness Month, finding that many participants were concerned about cyber scams and often felt that the loss of personal details, information, or money was inevitable. Despite this, most participants don’t consider themselves potential scam targets, which may explain upward trends in risky behaviors highlighted in the report, such as creating weak passwords, reusing account passwords, and forgoing two-step login.
“Universities are prime targets for cyber criminals, because of the large volume of personal data and research assets we have,” said Guy J. Albertini, Rutgers Chief Information Security Officer. “This report highlights a significant gap between awareness and action, emphasizing the necessity of aligning effective training solutions with the university’s goals to tackle modern threats. Overall, security is everyone’s responsibility, whether it’s using strong passwords or ensuring that you’re using Duo with a three-digit code.”
Cybersecurity awareness training also remains a hurdle: only 32 percent of participants reported having access to and taking cybersecurity training. Of those who attended these trainings, 83 percent found it useful, but less than half changed their behavior as a result. The primary reasons for forgoing cybersecurity training among those with access to it included lack of time and the disbelief that it reduces risk.
“Awareness about cyber threats is essential in higher ed,” Albertini said. “I invite faculty and staff to join me in taking advantage of the cybersecurity training Rutgers offers through KnowBe4. It’s a great opportunity to boost your cybersecurity awareness, which not only helps our university but also helps protect you personally. Let’s learn together and stay safe!”
Increases in Artificial Intelligence (AI) adoption resulted in more reports of risky behaviors associated with using AI tools. Although most survey respondents reported using AI, more than half of respondents received no training on security or privacy risks associated with AI tools. Additionally, just under half of participants shared sensitive work information with AI tools without their employers’ knowledge, particularly among the Gen Z and Millennial cohorts.
“The rapid rise in AI usage is the double-edged sword to end all double-edged swords: while it boosts productivity, it also opens up new and urgent security risks, particularly as employees share sensitive data without proper oversight,” the report noted.
Register to read the full report here and learn more about the National Cybersecurity Alliance at StaySafeOnline.org.
Tags: artificial intelligence, phishing, security