65% currently use AI, but the majority remain untrained for risk

summary

Washington, September 30, 2025 – The National Cybersecurity Alliance (NCA), the leading national nonprofit organization that strengthens a safer, interconnected world, and Cybsafe, the leading behavioral risk platform, have announced the release of OH Beave! Annual Cybersecurity Attitudes and Behaviors Report 2025-2026.

With support from international partners from seven countries, the report has voted over 6,500 individuals from the US, UK, Germany, Australia, India, Brazil and Mexico to investigate key cybersecurity behaviors and attitudes and examine the growing impact of artificial intelligence.

This study revealed the inflection points of digital life. AI tools usage has increased by 21% year-on-year, with 65% of respondents currently using AI. The adoption of AI tools was led by ChatGPT adoption at 77%, followed by Gemini at 49%, and 26% Copilot. However, despite this surge, 58% of users report that they have not received training in the security or privacy risks associated with these technologies. More concerning, 43% allow them to share AI tools and sensitive workplace information without employer knowledge, including internal company documents (50%), financial data (42%) and client data (44%).

“AI adoption has skyrocketed in just one year, from 44% in 2024 to 65% today. “Last year’s report shows early warning signs of this gap, and this year’s survey findings confirm it is expanding. People are embracing AI in their personal and professional lives faster than they are educated about risk.

At the same time, the damage caused by cybercrimes, including crypto fraud, phishing attacks, identity theft, technical assistance fraud and online dating fraud have skyrocketed. 44% of respondents reported experiencing cybercrimes that led to data or financial losses, up 9% from the previous year. The younger generation was hit hardest. 59% of GenZ and 56% of millennials reported losses from fraud, ranging from phishing to cryptocurrency fraud.

“Cybercrime is no longer an occasional risk, and it is becoming a routine experience, especially for younger generations who are deeply immersed in digital lives,” says Oz Alashe Mbe, CEO and Founder of Cybsafe. “And despite cybercrime hitting the youngest generation the hardest, most people still lack access to effective training and continue to struggle with basic security habits.”

Despite proven benefits, training access remains limited

Over half (55%) of participants reported not having access to cybersecurity training. This is a number that has hardly changed since last year. Even among those who have access, only 32% said they were using it. 47% of respondents praised it for improving their ability to recognize phishing, 42% encouraged them to adopt multifactor authentication, and 40% said they adopted strong passwords. Time constraints and doubts about its effectiveness are the key reasons why many people skip training completely, highlighting the need for a more outcome-focused approach and the perception that training does not guarantee behavioral change.

Security habits indicate ongoing weaknesses

Daily cybersecurity practices are contradictory. Only 62% of respondents report that they regularly create unique passwords. This has been reduced since last year, with 41% not using password managers. Multifactorial authentication is widely recognized (77%), but less than half (41%) use it regularly. Software updates show slightly better traction, with 56% of participants updating frequently, but less than half (47%) consistently backing up important data. These gaps reveal persistent vulnerabilities, even the most basic security measures.

Confidence in threat detection varies by generation and region

Overall, around two-thirds of participants (66%) are confident in their ability to identify malicious emails or links, but confidence varies widely depending on age and geography. Millennials remain the most confident (72%) and ZZ (66%), but baby boomers and silent generations are making significant progress. Despite increased confidence, fewer than half of participants regularly report phishing attempts, limiting the broader impact of individual vigilance.

AI-driven concerns go beyond privacy

While there is a clear rise in AI adoption, there is also growing concern about the outcome. Almost two-thirds (63%) of respondents expressed concern about AI-related cybercrime, special impersonation and fraud avoidance. 65% believe that AI makes it easier for criminals to pose as someone else, while 67% worry that it will be difficult to distinguish between real-life false information. It also makes it difficult for AI to detect fraud, with 44% predicting potential changes in employment situations as technology is integrated into daily life, and over half (54%) believe they will detect fraud.

About Cybersecurity Awareness Month

Cybersecurity Awareness Month is designed to engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity and increasing national resilience in the event of a cyber incident. Since the presidential declaration that established Cybersecurity Awareness Month in 2004, the initiative has been formally recognized by Congressional, federal, state, local governments, and industrial and academia leaders. This united effort is necessary to maintain cyberspace, safer, more resilient, and continues to be a source of incredible opportunities and growth for the next few years.

About the National Cybersecurity Alliance

The National Cybersecurity Alliance is a nonprofit organization on its mission to create a safer, more interconnected world. We advocate for the safe use of all technology and educate everyone on the best ways to protect ourselves, our families and our organizations from cybercrime. We create strong partnerships between governments and businesses, amplify our messages and promote greater “digital” goodness. Our core initiatives include Cybersecurity Awareness Month (October). Data Privacy Week (January); CyberSecure My Business offers webinars, web resources and workshops to help businesses resist and be resilient against cyberattacks.

About Cybsafe

Cybsafe is a cybersecurity software platform that will change how organizations in the age of AI manage human risks. Integrate with existing tools, use behavioral data and intelligent automation to surface real risk signals, provide science-supported interventions, and track behavioral change.

Headquartered in London with a global customer base, Cybsafe is supported by a team of scientists, data analysts and security experts who drive pioneering research into human decision-making and security behaviors. At the core of the platform is SEBDB, the world’s first cybersecurity behavior database. This maps security behavior and risks the results, frameworks, and controls. This behavioral ontology allows organizations to quantify human risk, accelerate compliance and build a resilient security culture.

See the full report