In public, a glance over the shoulder is enough to spy out passwords, for example. © Michael Schwettmann

The human factor How safe do people around the world feel on the internet?

Who has ever been hit by cybercrime? How do people protect themselves from it? A survey reveals similarities and differences between different groups around the world.

When it comes to the internet, “evil is everywhere under the sun”, as the popular quote goes. By adopting safe practices, however, we can make it more difficult for cybercriminals to steal our data or cause damage in other ways. But what constitutes safe practices? What do you have to do to protect yourself from data theft and similar crimes? “There’s a lot of confusion about this, among people from all over the world,” is what Franziska Herbert has learned. The psychology graduate is currently completing her dissertation in the CASA Cluster of Excellence. In collaboration with Professor Markus Dürmuth, Professor Angela Sasse and other researchers, she has conducted a comprehesive survey that assesses the human factor in IT security.

More than 12,000 individuals in twelve countries took part in the online survey, which focused on what people understand safe behaviour in cyberspace to be, how they approach it and what misconceptions they may have. Participants came from China, Germany, the UK, India, Israel, Italy, Mexico, Poland, Saudi Arabia, Sweden, the USA and South Africa. They represent 42 per cent of the world’s population. The questions revolved, for example, around end-to-end encryption, WiFi surfing, the https standard, virtual private networks (VPN), and passwords.

Some risks are understood by people all over the world

“It emerged that some risks are equally well understood by all participants around the world,” points out Franziska Herbert, who designed the survey together with the team. One of these is the phenomenon of shoulder surfing, where unauthorised persons obtain personal data simply by looking over a user’s shoulder.

More than 12,000 people in twelve countries took part in an online survey on the topic of IT security. © Michael Schwettmann

Certain misconceptions, however, are apparently also widespread around the world. “For example, in all the countries we covered in the survey, 80 per cent of the participants believe that it is necessary to change passwords periodically to keep them secure,” says Franziska Herbert. IT security experts actually used to recommend this for a long time, until it turned out that this practice actually doesn’t do any good at all. “All that happens is that passwords become more and more insecure as a result, because otherwise users won’t be able to remember them. It’s much better to choose really strong passwords that are not easy to crack – a password manager is very helpful for this purpose,” explains Franziska Herbert. “Once you have a secure password, you can stick to it, as long as it doesn’t fall into the wrong hands.”

Participants in all countries also agreed with the statement that their computers could be infected by malware when they click on a link. “This only happens in a few exceptional cases,” say the researchers. “Most of the time, further actions are needed, such as entering data on the website accessed via the link.”

Uncertainty across the board

The researchers also found that uncertainty about IT security issues prevailed across the board among participants worldwide. “This is reflected in the fact that our survey participants chose exactly the middle on a scale ranging from ‘completely agree’ to ‘completely disagree’ on many questions,” says the researcher.

In addition to all the similarities, the researchers also identified differences between participants from different countries, especially with regard to the scale of the assessments. “We found the biggest differences to exist between Western and non-Western countries,” says Herbert. The researchers include China, India, Mexico, Saudi Arabia and South Africa among the latter. “Compared to participants from Germany, participants in all other countries were more likely to have misconceptions about malware, device security and passwords,” outlines Franziska Herbert. German participants were the least likely to agree with misconceptions – even though they still fell in the middle of the scale between ‘completely agree’ and ‘completely disagree’. The highest level of agreement with misleading statements came from participants from China and India.

Franziska Herbert wants to know how safe people feel on the internet and what experiences they have had. © Michael Schwettmann

Two examples from the survey:

“I am more likely to catch malware when I visit a porn site than when I visit a sports site.” Approximately 49 per cent of respondents in Germany agreed with this misconception, while 75 per cent from Saudi Arabia and 86 per cent from China agreed with it.

The correct statement “Links in emails can lead me to fake websites in order to intercept my login data” was agreed to by 87 per cent of German participants and 78 per cent of Chinese participants.

Family and friends can be adversaries too

All groups participating in the survey had in common that they tended not to consider family and friends an IT security risk. “That’s not how we see it,” says Markus Dürmuth. There are risks, especially when people share a computer or passwords. When it comes to domestic violence or stalking, it’s often people in a user’s closest circle who pose a threat. “And there’s another thing: among friends, pranks may be played that are not at all funny for the victim,” concludes the researcher.

Original publication

Franziska Herbert, Steffen Becker, Leonie Schaewitz, Jonas Hielscher, Marvin Kowalewski, M. Angela Sasse, Yasemin Acar, Markus Dürmuth: A world full of privacy and security (mis)conceptions? Findings of a representative survey in 12 countries, vorgestellt auf der CHI-Konferenz 2023, DOI: 10.48550/arXiv.2212.10382

Download high-resolution images
Der Download der gewählten Bilder erfolgt als ZIP-Datei. Bildzeilen und Bildnachweise finden Sie nach dem Entpacken in der enthaltenen HTML-Datei.
Nutzungsbedingungen
Die Verwendung der Bilder ist unter Angabe des entsprechenden Copyrights für die Presse honorarfrei. Die Bilder dürfen ausschließlich für eine Berichterstattung mit Bezug zur Ruhr-Universität Bochum verwendet werden, die sich ausschließlich auf die Inhalte des Artikels bezieht, der den Link zum Bilderdownload enthält. Mit dem Download erhalten Sie ein einfaches Nutzungsrecht zur einmaligen Berichterstattung. Eine weitergehende Bearbeitung, die über das Anpassen an das jeweilige Layout hinausgeht, oder eine Speicherung der Bilder für weitere Zwecke, erfordert eine Erweiterung des Nutzungsrechts. Sollten Sie die Fotos daher auf andere Weise verwenden wollen, kontaktieren Sie bitte redaktion@ruhr-uni-bochum.de

Document download

Published

Tuesday
27 June 2023
9:39 am

By

Meike Drießen (md)

Translated by

Donata Zuber

Share