Consumer Reports Study Reveals Nearly Half of Consumers Have Experienced Cyberattacks or Digital Scams

Washington, DC – Consumer Reports (CR) along with Aspen Digital and the Global Cyber Alliance, released the third annual Consumer Cyber Readiness Report today, marking the beginning of Cybersecurity Awareness Month. The report reviews consumer attitudes toward digital privacy

and security practices.

The report’s findings indicate that while consumers are taking steps to improve their cybersecurity online, the adoption of practices and tools has remained flat. Cyberattacks and digital scams continue to pose serious threats, often leading to devastating consequences for American consumers, with Black and Hispanic Americans who experienced a digital attack or scam being twice as likely to lose money compared to white Americans who experienced a digital attack or scam. This echoes similar findings that have been made by other organizations in the recent past, including the Federal Trade Commission and academic researchers.

CR conducted two separate nationally representative multi-mode surveys–one of 2,024 US adults in April 2024 and one of 2,022 US adults in May 2024–to understand consumers’ behaviors in improving their digital security and privacy and provide new insights into consumer scams and their attack vectors. 

 “CR is proud to represent the consumer voice during Cybersecurity Awareness Month and advocate for policies that help protect people from digital threats and attacks, while equipping them with the tools and education necessary to protect their digital security,” said Yael Grauer, a program manager for Consumer Reports. “It’s concerning that nearly 1 in 10 consumers have fallen victim to cyber scams, and the disparities are even more troubling—cyber scams are taking money away from Black and Hispanic Americans at twice the rate of white Americans. Our findings underscore the need for solutions that genuinely address and improve digital security for consumers of color.” 

Key findings of the surveys include: 

• When we asked Americans whether they had ever personally encountered a cyberattack or a digital scam, nearly half said they had. Alarmingly, 1 in 5 of those who say they have personally encountered a scam or cyberattack—or about 1 in 10 Americans—say they lost money to the scam. 
• Among Americans who have personally encountered a cyberattack or digital scam attempt, Black and Hispanic Americans are twice as likely to have lost money to a digital attack or scam as white Americans.
  • 33 percent of Black Americans and 30 percent of Hispanic Americans who have encountered such an attack say they have lost money to a digital attack or scam, compared with just 13 percent of white Americans. 
• The majority of scam attempts that Americans have experienced began on email (30%), social media (23%), or through text messages or a messaging app (20%).
• The most common type of scam or attack people say they experienced was phishing, where scammers trick you into giving them your personal information, such as a password or credit card number. Other common types of scams or attacks involved impersonations, where scammers pretend to be, for example, the consumer’s bank, a tech support person, or even someone they know personally.
• Roughly a third of Americans do not use unique passwords across accounts, even though doing so can limit the damage when a single password is compromised.

This study demonstrates that improving the nation’s cyber civil defense through collective behavior change is an ongoing challenge that disproportionately affects communities of color. CR is encouraging people to visit pausetake9.org, a new initiative that calls on individuals to take a 9 second pause and think before they click, download, or share a link.

“The results of this year’s study are galvanizing,” said Sasha O’Connell, Senior Director for Cybersecurity Programs at Aspen Digital. “Individuals must be empowered to each take responsibility for our collective cyber civil defense, and we are excited about the Take9 campaign and its ability to help do just that.” 

“The good news is that we are seeing some improvement in the adoption rate of improved security mechanisms like passkeys,” said Komal Bazaz Smith, Chief Business Officer of the Global Cyber Alliance. “The bad news is that improvement is slow, and not keeping pace with attackers. It’s concerning that one-third of Americans are not using unique passwords per account. The only long-term solution is to remove most of the burden from consumers by providing services and software that are secure by design. To use a car analogy, the driver has a responsibility to drive safely, but just as importantly, the manufacturer must make the car as safe as possible right off the factory floor.”

While consumers can use resources such as Take9 to improve their cyber hygiene, government and industry have a key role to play in improving the cybersecurity ecosystem. In particular, companies can lift the burden from consumers by designing products with a secure-by-default, secure-by-design approach and by making emerging security and privacy tools more available, such as passkeys, which help consumers protect access to their accounts without using passwords. Regulators should also take action against companies that fail to use reasonable safeguards to protect consumers from cyber attacks.