STUDY: 65% Now Use AI, but Majority Remain Untrained on Risks
New research highlights the urgent need to align rising AI adoption with stronger security awareness and training
WASHINGTON, Sept. 30, 2025 (GLOBE NEWSWIRE) -- The National Cybersecurity Alliance (NCA), the nation’s leading nonprofit empowering a more secure and interconnected world, and CybSafe, the leading behavioral risk platform, today announced the release of Oh Behave! The Annual Cybersecurity Attitudes and Behaviors Report 2025-2026. Conducted with support from international partners across seven countries, the report polls more than 6,500 individuals in the United States, United Kingdom, Germany, Australia, India, Brazil, and Mexico, exploring key cybersecurity behaviors and attitudes, and the growing impact of artificial intelligence.
The survey reveals an inflection point in digital life: AI tool usage has risen 21% year over year, with 65% of respondents now using AI. The adoption of AI tools is led by ChatGPT at 77% adoption, followed by Gemini usage at 49% and Copilot at 26%. Yet despite this surge, 58% of users report receiving no training on security or privacy risks associated with these technologies. Even more concerning, 43% admitted to sharing sensitive workplace information with AI tools without employer knowledge, including internal company documents (50%), financial data (42%), and client data (44%).
“AI adoption has skyrocketed in just one year – from 44% in 2024 to 65% today – yet safe practices still lag dangerously behind,” said Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance. “Last year’s report showed early warning signs of this gap, and this year’s findings confirm it’s widening. People are embracing AI in their personal and professional lives faster than they are being educated on its risks. Without urgent action to close this gap, millions are at risk of falling victim to AI-enabled scams, impersonation, and data breaches.”
At the same time, cybercrime victimization, including crypto scams, phishing attacks, identity theft, tech support scams, and online dating scams, has risen sharply. 44% of respondents reported experiencing cybercrime that led to data or monetary loss, a 9% increase from the previous year. Younger generations were hit hardest: 59% of Gen Z and 56% of Millennials reported losses from scams ranging from phishing to cryptocurrency fraud.
“Cybercrime is no longer just an occasional risk; it's becoming a routine experience particularly for younger generations who are deeply immersed in digital life,” said Oz Alashe MBE, CEO and Founder of CybSafe. “And even as cybercrime is hitting younger generations hardest, most people still lack access to effective training and continue to struggle with basic security habits.”
Overview of other key report insights:
Training Access Remains Limited Despite Proven Benefits
More than half of participants (55%) report having no access to cybersecurity training, a figure that has barely shifted from last year. Even among those with access, only 32% said they use it. 47% of respondents credit it with improving their ability to recognize phishing, 42% said it encouraged them to adopt multi-factor authentication and 40% adopted strong passwords. Time constraints and doubts about its effectiveness remain leading reasons why many skip training altogether, underscoring the need for a more outcomes-focused approach and a recognition that training doesn’t guarantee behavior change.
Security Habits Show Ongoing Weaknesses
Everyday cybersecurity practices remain inconsistent. Just 62% of respondents report regularly creating unique passwords, a decline from last year, while 41% never use a password manager. While multi-factor authentication is widely recognized (77%), less than half (41%) use it regularly. Software updates show slightly better traction, with 56% of participants updating frequently, though fewer than half (47%) consistently back up important data. These gaps reveal persistent vulnerabilities in even the most basic security measures.
Confidence in Detecting Threats Varies by Generation and Region
Overall, roughly two-thirds of participants (66%) are confident in their ability to identify a malicious email or link, but confidence differs sharply by age and geography. Millennials remain the most confident (72%), followed by Gen Z (66%), while Baby Boomers and the Silent Generation trail significantly. Despite rising confidence, fewer than half of participants regularly report phishing attempts, limiting the broader impact of individual vigilance.
AI-Driven Concerns Extend Beyond Privacy
Although the rise in AI adoption is clear, so too are growing anxieties about its consequences. Nearly two-thirds of respondents (63%) express concern about AI-related cybercrime, particularly impersonation and scam evasion. 65% percent believe AI will make it easier for criminals to pose as someone else, while 67% worry it will make real and fake information harder to distinguish. More than half (54%) also think AI will make scams harder to detect overall, with 44% anticipating potential changes to their employment status as the technology becomes more integrated into daily life.
To download the full “Oh Behave! The annual Cybersecurity Attitudes and Behaviors Report 2025,” please visit: https://www.staysafeonline.org/articles/oh-behave-the-annual-cybersecurity-attitudes-and-behaviors-report-2025
For more information on Cybersecurity Awareness Month, please visit: https://www.staysafeonline.org/cybersecurity-awareness-month
About Cybersecurity Awareness Month
Cybersecurity Awareness Month is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the Nation in the event of a cyber incident. Since the Presidential proclamation establishing Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congress, federal, state and local governments, and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit staysafeonline.org/cybersecurity-awareness-month/
About the National Cybersecurity Alliance
The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world. We advocate for the safe use of all technology and educate everyone on how best to protect ourselves, our families, and our organizations from cybercrime. We create strong partnerships between governments and corporations to amplify our message and to foster a greater “digital” good. Our core efforts include Cybersecurity Awareness Month (October); Data Privacy Week (January); and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information, please visit https://staysafeonline.org.
About CybSafe
CybSafe is a cybersecurity software platform transforming how organizations manage human risk in the AI era. It integrates with existing tools and uses behavioral data and intelligent automation to surface real risk signals, deliver science-backed interventions, and track behavior change—reducing the likelihood and impact of cyber incidents before they disrupt the business.
Headquartered in London with a global customer base, CybSafe is backed by a team of scientists, data analysts, and security experts driving pioneering research into human decision-making and security behavior. At the core of the platform is SebDB, the world’s first cybersecurity behavior database, which maps security behaviors to risk outcomes, frameworks, and controls. This behavioral ontology enables organizations to quantify human risk, accelerate compliance, and build resilient security cultures.
For more information, please visit www.cybsafe.com.
Contact Info:
Megan Lawson
518-901-9430
megan.lawson@modop.com
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
