Consumers fear a cyberattack over a physical attack, but what are they doing about it?

Soph HomeWorking day in day out with IT departments around the world to keep cyber attacks at bay, we at Sophos understand what worries them about the ever-changing threat landscape, the effect a malware infection could have on the running of the business and the work the departments do to keep their businesses ticking over.

But, it is consumers who are the most susceptible to malware, ransomware and other cyberattacks. Without an up-to-date knowledge of the cyber security industry or the benefit of an IT department quietly looking after their backs, the role of ‘IT support’ often falls to the one person who holds the most knowledge. However, that person might not have the time, possess the self-assurance or even the know-how to look after a whole ‘family and friends’ network of computers.


We conducted a survey to find out how informed consumers are about ransomware, phishing and similar widespread cyber threats. Covering five different countries, we asked 1,250 consumers about their biggest safety fears, where they sought advice for keeping their computers safe and their experiences of ransomware and other malware.

The results clearly demonstrate that there are significant gaps in cyber threat awareness among consumers.

The most worrying findings show that, although consumers fear the risk of cybercrime over a physical attack or robbery, most are not sufficiently aware of how cybercrime could hit them – and what they can do to prevent it.

For example, 63% of the consumers we surveyed are concerned about financial loss as a result of a data breach, with 61% also anxious that their computers could be taken over by hackers who would send spam and malware campaigns to other contacts or innocent users. This is in contrast to just 46% who worry about being physically assaulted or having their car stolen.

“People understand how to protect their home or car – they feel they’ve got the physical world covered. Whereas cybercriminals are invisible and the virtual crime world is unpredictable and complicated, especially when it comes to cyber threats like phishing and ransomware,” said John Shaw, vice president, Enduser Security Group, Sophos. “Attacks today usually start from legitimate websites that have been hacked – unbeknownst to the people visiting them – or from phishing – sending fake emails designed to look real – to lure consumers into opening dodgy documents or clicking malicious URLs. Once unwitting users have clicked, ransomware executes in the background and then locks and holds hostage your personal files, photos and other valuable data until you pay the criminals money.”

One of the key areas of concern is the lack of knowledge about phishing, the top technique employed by cybercriminals to get access to personal information, and ransomware, the number one cyberattack today. Although longstanding malware and spyware was a big security priority for most, over 30% of participants admitted to either being critically unprotected against phishing and ransomware attacks or, worse, totally uninformed about them.

As Shaw explains, “Those within cyber security circles know ransomware has become a lucrative billion dollar business for an army of cybercriminals…It’s time consumers learn about the tricks and trade of cybercriminals and how their threats are constantly evolving.”

This raises the question – what are consumers doing to protect themselves against these dangers?

The survey confirmed that out of all the people who took part over half give IT advise to family and friends. Yet, 14% of these people admitted to feeling unsure about whether they had properly backed up the data on someone else’s computer or if they have the ability to recover that data if it was hacked, 18% didn’t know either way and 11% are not even sure that the computers they look after are protected from hackers and viruses.

Ultimately, this shows that 25% of all home computers are likely vulnerable to cyberattacks.

“Backing up computers and installing advanced protection for home PCs and Macs are things we should all be doing, like adding a house or car alarm to the locks on your doors. We should also be much less trusting online…These are some top tips consumers and designated home IT providers should use as best practices to stay safe online,” advises Shaw.

Our survey proves that, while the population recognizes the hazards they face online, there are serious holes in their knowledge and understanding but, more importantly, in their lack of protection. If the role of ‘family IT support’ is destined to fall to just one person, it suggests a need for a remote, cloud-based cyber security, like Sophos Home. The free security solution that allows one person to easily look after several computers from a single dashboard.