Get Started
Get Started

State of Cybersecurity for Consumers: Threats, Habits, and Risk Trends

Key Takeaways

  • 73% of U.S. adults say they have experienced at least one type of online scam or attack.
  • 32% say at least one of those incidents happened in the past year.
  • 48% say hackers have made fraudulent charges on their credit or debit card.
  • 29% say a personal online account, such as email, social media, or banking, has been hacked.
  • 21% of adults say they have lost money because of an online scam or attack.
  • A majority report getting scam phone calls, emails, or texts at least weekly.
  • Pew found 87% of adults can identify a secure password, but only 48% can correctly identify an example of two-factor authentication.

CORE STATISTICS

  • 73% of U.S. adults have experienced at least one online scam or attack.
  • 48% report fraudulent credit or debit card charges.
  • 36% say they bought an item online that never arrived or was counterfeit and was not refunded.
  • 29% say a personal online account has been hacked.
  • 24% say they received a scam call, text, or email that led them to give away personal information.
  • 21% say they have lost money to an online scam or attack.
  • 68% get scam phone calls at least weekly, 63% get scam emails at least weekly, and 61% get scam texts at least weekly.
  • 68% say AI will make online scams and attacks more common.
  • The FTC says consumers reported more than $12.5 billion in fraud losses in 2024, a 25% increase from the prior year.

TRENDS & INSIGHTS

The state of consumer cybersecurity is best described as high exposure, uneven readiness. Most adults encounter scam attempts regularly, and large majorities have already experienced some form of online scam or cyber-related harm. At the same time, public understanding of basic cybersecurity practices is mixed. Pew found that secure-password knowledge is fairly strong, but understanding of two-factor authentication is much weaker.

Another clear trend is that consumers are dealing with both fraud risk and technical security risk at once. A hacked email account, fraudulent card charge, or phishing text may look like separate problems, but in practice they are linked. Compromised credentials, weak account protection, and repeated scam exposure create a chain of risk rather than isolated incidents. This is an inference supported by Pew’s attack data, FTC fraud-loss data, and Verizon’s repeated emphasis on credentials and phishing as major attack paths.

REAL-WORLD CONTEXT

For consumers, cybersecurity is not just about viruses or “hackers in hoodies.” It often shows up as card fraud, hacked social media accounts, stolen email access, fake shopping sites, suspicious texts, or scam calls pretending to be from a bank or government agency. Pew’s survey shows these are mainstream experiences, not edge cases.

The numbers also show why many adults feel overwhelmed. Scam exposure is constant, account security practices are uneven, and AI is expected by most adults to make scams even more common. For older adults in particular, that means the digital environment is becoming more demanding, not less.

WHO IS MOST AT RISK

  • People who do not use two-factor authentication or do not understand what it is.
  • Consumers who reuse passwords across accounts. FTC guidance warns directly against password reuse.
  • Adults with frequent exposure to scam texts, emails, and phone calls.
  • People who shop online often, use social platforms heavily, or manage most finances digitally. This is an inference supported by the patterns in Pew’s scam-experience data.
  • Older adults and non-technical users who may face the same level of scam exposure but with less confidence in newer defensive tools. This last point is a reasoned inference.

QUICK CHECKLIST (what this means)

  • Consumer cybersecurity is now an everyday issue, not a specialist issue.
  • Scam messages are common enough to be part of normal weekly life for many adults.
  • Password strength alone is not enough; account protection now needs a second layer.
  • Online fraud, account takeover, and scam activity are increasingly connected.
  • AI is expected by the public to make the scam environment worse, not better.

HOW TO STAY PROTECTED

  • Use long, unique passwords for every important account. FTC says making passwords longer and avoiding reuse are some of the easiest ways to improve security.
  • Turn on two-factor authentication wherever available. FTC says it adds a second lock to your account, making logins much harder for criminals even if they know your password.
  • Keep devices, apps, and home Wi-Fi settings updated. FTC also recommends changing default passwords on connected devices and securing home networks.
  • Treat urgent texts, calls, and emails as suspicious until verified through a trusted source.
  • Check bank, email, and major online accounts regularly for signs of unauthorized access. This is a practical inference based on the prevalence of hacked accounts and fraudulent charges in Pew’s survey.

CITABLE STATEMENTS

  • 73% of U.S. adults say they have experienced some kind of online scam or attack.
  • 21% of Americans say they have lost money to an online scam or attack.
  • 68% say AI will make online scams and attacks more common.
  • 87% of U.S. adults can identify a secure password, but only 48% can identify an example of two-factor authentication.
  • Consumers reported more than $12.5 billion in fraud losses in 2024, according to the FTC.

SOURCES

  • Pew Research Center, Online Scams and Attacks in America Today (July 31, 2025).
  • Pew Research Center, What Americans Know About AI, Cybersecurity and Big Tech (August 17, 2023).
  • Federal Trade Commission consumer guidance on passwords, MFA, and online security.
  • FTC fraud-loss release for 2024 data.
Family & Kid Safety
Online Privacy
Identity & Financial
Device Security
Why iDefend
Blog
Pricing
Log in
Get Started
idefend-solid