Security Experts:

Connect with us

Hi, what are you looking for?


Identity & Access

Many High-Risk Users Have Bad Security Habits: Google Survey

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows.

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows.

High-risk user groups include business executives, politicians and their staff, activists, journalists and online influencers. Individuals in these categories are more likely to be targeted in cyberattacks due to their occupation or their online activities.

Google has commissioned The Harris Poll to survey 500 high-risk users from the United States; 100 people from each of the five aforementioned categories.

The results of the survey show that 78% of high-risk users are aware that they are more likely to be targeted by hackers compared to the general population, and 65% of them are more concerned about their accounts being hacked today than they were one year ago — a majority are mainly concerned about their work account being targeted.

Nearly three-quarters of respondents have been targeted in a phishing attack and 39% admitted having their accounts compromised. In many cases the phishing attempts relied on personal details, such as their name or organization, to increase the chances of success.

While roughly three-quarters of high-risk users believe their work and personal accounts are secure, with 91% of them claiming that they have taken steps to secure their accounts, the survey shows that many of them actually have bad security habits.

Specifically, over one-third of respondents admitted not using two-factor authentication, and 71% use the same passwords for at least some accounts. Only half of them use a security key for two-factor authentication, and 76% admit using their personal email accounts for work-related communications, which is generally considered an unsafe practice.

The survey shows that high-risk users are more likely to take steps to secure their accounts as a result of an attack against a colleague than an attack aimed directly at them. However, 60% of politicians admitted not making any significant changes to how they secure their accounts following the 2016 attack on the Democratic National Committee, and over half of business executives have not made any changes following the 2017 Equifax breach.

A vast majority of politicians are concerned about their work accounts getting hacked, with damage to their reputation cited as the top concern. Nearly two-thirds of politicians believe they would not fall for a phishing attack, and 81% believe their work accounts are secure. Nearly half of them have a security advisor who helps them ensure their online accounts are secure.

Journalists are the least concerned about their accounts getting hacked and they are most likely to believe that they would not fall for a phishing attack. On the other hand, this category of high-risk users also had the most respondents admitting falling victim to a phishing attack, and of all the high-risk user groups they are the least aware of the best practices for securing accounts.

As for business executives, a vast majority are concerned about attacks on both their personal and work accounts, and the thing they fear most is their personal information being stolen. Unsurprisingly, they are also concerned that a successful hack could have a negative financial impact on their organization. Nearly three-quarters of the executives who took part in the survey said they had been targeted in a phishing attack and one-third had their account compromised.

Google released the results of the survey just as it announced that it has simplified the enrollment process for its Advanced Protection Program, which adds an extra layer of protection to the accounts of high-risk users through the use of security keys.

Related: Password Practices Still Poor, Google Says

Related: Google Expands Use of Password Checkup Tool, Unveils New Privacy Features

Related: Many Users Don’t Change Unsafe Passwords After Being Warned: Google

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.