The National Cyber Security Alliance (NCSA) and McAfee today, in coordination with the kick-off of National Cyber Security Awareness Month, announced the results of a comprehensive consumer online security research study. The report reveals a significant gap between consumers' perceptions that they -- and their computers -- are protected from various Internet threats used by cyber criminals, while in reality, people were either unprotected or under-protected. The McAfee-NCSA Online Safety Study shows that while consumers think they are protected (93 percent feel safe from viruses), they are actually at risk because of outdated security software on their computer that doesn't protect them from new malware created everyday.

"The good news is that our survey reveals a growing awareness of the need for online security," said Todd Gebhart, senior vice president and general manager, McAfee Consumer, Mobile and Small Business. "Unfortunately, there are still many consumers who remain vulnerable to threats like spyware, phishing, hackers and risky Web sites that can infect their computers with a wide range of malicious software. Clearly we have a long way to go to educate consumers about online security to prevent them from being victims of cybercriminals, identity thieves and other dangerous threats."

Nearly all consumers (98 percent) who responded to the survey agreed keeping online security up-to-date is important. To address these concerns, consumers told researchers they had taken the following measures:

  • 87 percent said they use anti-virus software
  • 73 percent use a firewall
  • 70 percent use anti-spyware software
  • 27 percent use anti-phishing software

While nearly every survey respondent (98 percent) acknowledged the importance of having up to date security on their computer, nearly half of all scanned computers (48 percent) had not been updated within the month. Survey respondents also acknowledged they had been infected with malware:

  • 54 percent had been hit with a virus
  • 44 percent thought they were infected with spyware

When researchers were able to conduct a remote scan of consumers' computers, their findings revealed a significant gap between perception versus reality, where consumers thought they were protected, when in fact, they were not. In particular, the following results illustrate this disparity:

  • While 81 percent have a firewall installed on their computer, only 64 percent actually activated this anti-hacker protection
  • While 70 percent of respondents say they have anti-spyware software, 55 percent actually did
  • While 27 percent say they have anti-phishing protection, 12 percent actually do

"These results show a tremendous need to educate consumers about online security," said Ron Teixeira, executive director, National Cyber Security Alliance. "That's why we're asking consumers to 'protect themselves before they connect themselves' this October, and take a few minutes to find ways to better secure their identities, computers and our nation's infrastructure from cyber threats. If consumers incorporate a few simple steps and use the right security technology, they can bridge the cyber security perception vs. reality gap and feel more confident that they have the tools they need to stay safe online."

"This research clearly shows a need to educate consumers that updated, comprehensive security is a must," said Bari Abdul, vice president of Worldwide Consumer Marketing at McAfee. "The fact that the computer scans show so many PCs with out of date protection indicates people do not understand that the security software included with the purchase of their PC is usually a trial version that will expire if the user does not purchase a subscription. Further, when people think they have protections, but do not, they may not realize that the basic security software installed on their PC does not include anti-phishing and anti-spam protection. The education initiatives happening throughout National Cyber Security Awareness Month in October are a must because Internet users need to understand the dos and don'ts of cyber security to protect themselves from the potential risks of the Internet and being online."

Both the survey and the scan revealed additional examples that demonstrate how consumers remain ill-informed about online security.

  • One in four respondents (25 percent) had never heard of the term "phishing" and nearly half (46 percent) could not accurately define phishing
  • While four out of five online experiences begin with a search engine, 78 percent do not know how to evaluate the safety of Web sites found through an online search, despite the fact that free tools are available that rate the relative safety of search results
  • While 98 percent of respondents say it is important to know whether a Web site is safe before visiting it, 64 percent had no idea how to determine whether a Web site is safe