Report: Every State Gets Failing Cyber Grade

April 7, 2020

Webroot's fourth annual report reveals the most and least cyber-secure states in the U.S., and underlines the nation’s lack of cybersecurity education during the peak of remote work.

The report, “A Look at 2020's Most (And Least) Cyber-Secure States”, sheds light on the continued need for more security awareness education nationwide. At a time when people are working remotely more than ever, the report highlights a larger issue – the lack of understanding in cybersecurity best practices and Americans’ overconfidence in their ability to bounce back from a breach.

“This is the fourth consecutive year we’ve seen the same high levels of consumer misunderstanding and general overconfidence when it comes to cybersecurity practices and safety,” said Webroot security analyst Tyler Moffitt. “According to our report, there is very little difference between the most secure and least secure states, which brings to light the larger need for better cyber hygiene practices and education across the United States. More Americans than ever are working remotely and with cyber risks continuing to increase, consumers need to take the initiative to understand those risks and practice safer online behavior before it’s too late.”

Least Cyber-Secure States

New York (MOST RISKY)
California
Texas
Alabama
Arkansas

Most Cyber-Secure States

Nebraska (LEAST RISKY)
New Hampshire
Wyoming
Oregon
New Jersey

Notable Findings:

Almost all (89%) Americans say they’re taking appropriate steps to protect themselves online, but there is a general lack of understanding when it comes to cybersecurity.

Few Americans practice all key benchmark metrics (including using anti-virus software, backing up data and keeping social media profiles private) needed to protect themselves from cyberattacks – the average American scored a 58% on our index (an “F” grade) and only 11% scored 90% or higher (an “A” grade).There is a 15 point difference between the riskiest state (New York, 52%) and least risky state (Nebraska, 67%). No state scored a “C” grade or higher.
A majority of Americans say they are familiar with malware (78%) and phishing scams (68%), but only about a third feel confident they can explain what malware or phishing is.
83% of Americans use anti-virus software and regularly back up their data (80%), but only half know if their backup is in an encrypted format and only 18% back up their data online and offline.
Almost half (49%) of Americans use the same password across multiple accounts and only 37% keep their social medial accounts private.

More than three-quarters (78%) of Americans who have had their identity stolen have made changes to their online behavior as a result of them or someone they know being negatively affected by a cyber-related attack.

Less than half (47%) of those who have not had their identity stolen have not changed their online behavior.
Those who have had their identity stolen are more likely than those who have not to perform:
- Regularly monitoring bank accounts (31% vs. 22%)
- Regularly monitoring credit card statements (26% vs. 16%)
- Keeping software up to date (26% vs. 16%)
- Regularly checking credit reports (25% vs. 15%).
Nearly three-quarters (73%) of employed Americans who have had their identity stolen have looked into the security of their work devices, while 59% of those who have not say the same thing.
Those who have lost a device (71%) or discarded a device without wiping the data (71%) are the next most likely to have experienced or know someone who has experienced a cyber-attack and made a change to their online behavior.

More than half (55%) of Americans routinely use their employer-provided work device for personal use.

More than one-third (38%) consider an employer-provided work device to be their “primary” device for use at home.
Almost half (48%) have never looked into the security of their work devices, and only a third have taken any steps to improve its security.
Only around a quarter (26%) believe their personal devices are more secure than their work devices.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

ON DEMAND: The insider threat—consisting of scores of different types of crimes and incidents—is a scourge even during the best of times. But the chaos, instability and desperation that characterize crises also catalyze both intentional and unwitting insider attacks. Learn how your workers, contractors, volunteers and partners are exploiting the dislocation caused by today's climate of Coronavirus, unemployment, disinformation and social unrest.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

Report: Every State Gets Failing Cyber Grade

Related Articles

Related Products

Related Events

Report Abusive Comment