IT Security

How People Worldwide Understand Digital Security

Digital risks don’t land the same way everywhere. Drawing on nationally quota-representative samples from 12,351 participants in twelve countries, the research uncovers consistent, statistically significant gaps between WEIRD (Western, Educated, Industrialized, Rich, Democratic) and non-WEIRD contexts. These gaps shape which threats people notice, which protections they choose, and which sources they trust – with implications for policy, product safety, and the day-to-day resilience of citizens and organizations. The results were published at the 34th USENIX Security Symposium which was held in Seattle from August 13 until August 15, 2025. The study was a collaboration of the Research Center Trust of the University Alliance Ruhr, Cluster of Excellence CASA, the Bochum Max Planck Institute for Security and Privacy as well as the George Washington University.

What the study uncovered

The team examined familiarity with security concepts, perceived risks, protective behaviors, sources of advice, and experiences with cybercrime. Three patterns stand out:

• Different threat lenses: Participants in non-WEIRD countries tended to assign higher importance to protecting more kinds of data, saw more groups as potential attackers, and consulted more sources for guidance.
• Advice cuts both ways: Interpersonal networks (friends and family) play a larger role in non-WEIRD settings – serving as both a trusted support and, paradoxically, a suspected risk vector.
• Protection favors low-friction tools: Across all regions, people commonly take at least one protective step, gravitating toward built-in, low-effort defenses (automatic updates, antivirus) while adoption of more complex privacy tools remained low.

Taken together, these findings caution against one-size-fits-all assumptions. Effective interventions need to reflect cultural norms, legal environments, infrastructure, and local threat models.

From insight to action

For policymakers this means pairing secure-by-default regulation with outreach that uses trusted local voices – and actively counters myths. For industry, it means designing products with default safety and minimal friction, aligned to users’ mental models in each region. For students and educators, the results point to the value of regionally sensitive curricula. And for the general public, the practical guidance is clear: keep devices updated, rely on built-in protections, and double-check advice – even when it comes from people you trust.

Advancing AI and digital security – together

Although the study itself focuses on digital security, the results also have implications for AI. As AI systems mediate authentication, content filtering, and fraud detection, they inherit our human assumptions. Since those assumptions differ across societies, building trustworthy, human-aligned AI means grounding safeguards, explanations, and evaluations in cross-cultural evidence – so automated defenses match real user behavior, encourage adoption, and reduce risky workarounds.