What are the attitudes and behaviors of the Portuguese towards cybersecurity? The latest report from the Cybersecurity Observatory of the National Cybersecurity Center (CNCS) reveals that, compared to the European Union average, individuals and organizations in Portugal are not yet adequately prepared to protect themselves against the threats of cyberspace.
Despite the less positive trends in relation to attitudes and behaviors, the report indicates that the educational and awareness component has been gaining strength, presenting more favorable indicators. The data highlights the increase in the number of professional courses in Technological Specialization in Cybersecurity, as well as higher courses in Cybersecurity and Information Security, in addition to the implementation of awareness programs, which reached more than one million individuals.
Regarding attitudes, the report, which presents data for 2019, makes it known that 74% of individuals have some type of concern when using the Internet for activities such as homebanking or shopping for services and goods online. The misuse of personal data is stated as one of the biggest concerns (54%), in addition to the fear of not receiving the purchased products or services (20%).
In all, only 2% of respondents say they feel very well informed about the risks of cybercrime. In this context, the EU average is higher, standing at 11%. The data reveal that “the profile of the individual who feels well informed in Portugal tends to correspond to a man, young and with more studies”.
In line with the previous year, 73% of individuals claim to avoid disclosing personal information online. The biggest discrepancy in values compared to the EU average concerns those who believe that the risk of being a victim of cybercrime is increasing: in Portugal, 66% of respondents agree with this statement; in the EU, the figure reaches 76%.
Both in Portugal and in the EU average there is a significant decrease compared to the previous year among those who claim to be able to protect themselves sufficiently against cybercrime: 45% in Portugal (8 pp less) and 52% in the EU average (less 9 pp).
The report’s indicators show that individuals’ concerns have increased in almost all situations, in contrast to the downward trend seen in the EU average. Concern about bank card or online banking fraud, for example, increased by 10 pp, to 74%, while the EU average dropped by 3 pp, to 67%. Concern about identity theft also increased significantly, by 9 pp, to 77%, while the EU average decreased by 4 pp, to 66%.
In all, only 16% of respondents indicate that they know a relative, friend or acquaintance who has experienced or been a victim of cybercrime, a figure that represents 9 pp less than in the previous year. Among the most common situations are the discovery of malicious software (6%), followed by fraudulent emails or phone calls asking for personal data (3%).
The report highlights the low percentage (18%) of people who know the means by which they can report cybercrime or any other illegal behavior online. In the EU, the average rises to 22%.
Identity theft is the type of situation in which the most questioned indicate that in some way they were victims, with 79%; The action that individuals, in Portugal, most claim they would take if any of the situations presented to them happened would be to contact the police, which is the most frequent response in relation to all situations, with the same occurring in the EU average.
Behaviors of individuals and companies
As a result of concerns about the Internet, the most frequent behavior among individuals is not to open emails from unknown people, with 43%. In the EU, this is also the most frequent behavior, totaling an average of 42%.
The biggest drop compared to 2018 concerns the installation of antivirus software, at 9 pp less (to 35%). The biggest increase, of 7 pp (to 20%), corresponds to the use of different passwords for different websites, although national internet users continue to be less careful with passwords than the EU average.
The report details that 48% of respondents did not change their passwords in the previous 12 months. E-mail, with 25% (4 pp more than in the previous year), is the type of account for which there are more password changes in Portugal. Next are social network accounts and online banks, with 16% and 15%, respectively.
In relation to the EU, there are far fewer individuals who acknowledge that they have been victims of some cyber threat. The biggest discrepancies occur in relation to receiving fraudulent emails or phone calls asking for your personal data and discovering malicious software.
The situations that most led to some reaction on the part of people who were victims of some cyber threat were the hacking of social networks or email accounts (84%) and fraud in bank cards or online banking (81%).
Regarding the situations that grew the most in terms of reaction, bank card or online bank fraud (+21 pp) and identity theft (+19 pp) stand out. The ones that decreased the most were the discovery of malicious software (-18 pp) and accidentally come across online child pornography (-13 pp). The data also reveal that individuals tend to act less in relation to online harassment of children, with 26% doing something (3 pp less than in 2018), against 37% (1 pp more than in 2018) in the average of I.
Compared to the EU, respondents reported less cyber crime or other illegal behavior online, with only 4% saying they have done so before, while the EU average reaches 17%. Among individuals who have already reported cybercrime, the police were the most frequent contact.
With regard to companies in Portugal, 98% apply security measures, with the maintenance of updated software being the most frequent, with 90%. The least frequent is user identification and authentication through biometric methods, with 15%.
In Portugal there are fewer companies with defined or revised ICT security policies, 28%, than the EU average, which reaches 34%. Among all organizations that have policies, the majority defined or revised that policy in the last 12 months when conducting the survey.
However, there are fewer Portuguese companies to have documented recommendations on ICT security measures, practices and procedures, with 28%. The type of subject most considered in these recommendations is the storage, protection, access and processing of data.