Connect with us

Hi, what are you looking for?


Identity & Access

Many High-Risk Users Have Bad Security Habits: Google Survey

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows.

High-risk users are aware that they are more likely to be targeted by hackers compared to the general population, but many of them still have bad security habits, a Google survey shows.

High-risk user groups include business executives, politicians and their staff, activists, journalists and online influencers. Individuals in these categories are more likely to be targeted in cyberattacks due to their occupation or their online activities.

Google has commissioned The Harris Poll to survey 500 high-risk users from the United States; 100 people from each of the five aforementioned categories.

The results of the survey show that 78% of high-risk users are aware that they are more likely to be targeted by hackers compared to the general population, and 65% of them are more concerned about their accounts being hacked today than they were one year ago — a majority are mainly concerned about their work account being targeted.

Nearly three-quarters of respondents have been targeted in a phishing attack and 39% admitted having their accounts compromised. In many cases the phishing attempts relied on personal details, such as their name or organization, to increase the chances of success.

While roughly three-quarters of high-risk users believe their work and personal accounts are secure, with 91% of them claiming that they have taken steps to secure their accounts, the survey shows that many of them actually have bad security habits.

Specifically, over one-third of respondents admitted not using two-factor authentication, and 71% use the same passwords for at least some accounts. Only half of them use a security key for two-factor authentication, and 76% admit using their personal email accounts for work-related communications, which is generally considered an unsafe practice.

Advertisement. Scroll to continue reading.

The survey shows that high-risk users are more likely to take steps to secure their accounts as a result of an attack against a colleague than an attack aimed directly at them. However, 60% of politicians admitted not making any significant changes to how they secure their accounts following the 2016 attack on the Democratic National Committee, and over half of business executives have not made any changes following the 2017 Equifax breach.

A vast majority of politicians are concerned about their work accounts getting hacked, with damage to their reputation cited as the top concern. Nearly two-thirds of politicians believe they would not fall for a phishing attack, and 81% believe their work accounts are secure. Nearly half of them have a security advisor who helps them ensure their online accounts are secure.

Journalists are the least concerned about their accounts getting hacked and they are most likely to believe that they would not fall for a phishing attack. On the other hand, this category of high-risk users also had the most respondents admitting falling victim to a phishing attack, and of all the high-risk user groups they are the least aware of the best practices for securing accounts.

As for business executives, a vast majority are concerned about attacks on both their personal and work accounts, and the thing they fear most is their personal information being stolen. Unsurprisingly, they are also concerned that a successful hack could have a negative financial impact on their organization. Nearly three-quarters of the executives who took part in the survey said they had been targeted in a phishing attack and one-third had their account compromised.

Google released the results of the survey just as it announced that it has simplified the enrollment process for its Advanced Protection Program, which adds an extra layer of protection to the accounts of high-risk users through the use of security keys.

Related: Password Practices Still Poor, Google Says

Related: Google Expands Use of Password Checkup Tool, Unveils New Privacy Features

Related: Many Users Don’t Change Unsafe Passwords After Being Warned: Google

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...