Oh Behave! AI’s Gone Wild, And So Has Your Staff
Sept. 30, 2025
The fifth annual "Oh Behave!" report, published by the National Cybersecurity Alliance and CybSafe, stands as a critical resource for businesses navigating the era of artificial intelligence.
Drawing insights from 7,000 participants across seven countries, including newly represented Brazil and Mexico, the 2025 edition offers a comprehensive analysis of trends in cybersecurity behaviors. The report highlights both advancements and ongoing challenges for companies to address to remain cybersecure.
The AI Revolution: Transformation and Challenges
2024-2025 Report: The First Wave
Last year’s findings identified AI as an emerging concern within cybersecurity, with only 35% of respondents using AI tools. At that time, apprehension about AI's impact was growing, as 63% of participants expressed worry about AI-related cybercrime.
2025-2026 Report: The Tidal Wave
This year's report marks a dramatic reversal in AI adoption, with 65% of respondents now using AI tools, a significant jump from the previous year. This surge is especially notable among younger generations, as 89% of Gen Z and 79% of Millennials are actively embracing AI technologies.
A recent development is the emergence of "shadow AI." Forty-three percent of workers admit to sharing sensitive work information with AI tools without employer knowledge or approval. This includes internal company documents (43%), customer data (44%), and financial information (42%).
Despite this widespread usage, 58% of AI users have received no training on security or privacy risks, an increase from last year, exposing a critical vulnerability firms must urgently address.
Cybersecurity Attitudes: Shifts and Remaining Barriers
2024-2025 Report: Mixed Signals
The previous report highlighted waning confidence in cybersecurity. Only 60% of respondents thought online safety was worth the effort (a 9% decrease from the prior year), and just 53% believed staying safe online was achievable (down 5%). Frustration and intimidation with security measures were on the rise.
2025-2026 Report: Renewed Optimism
The latest findings show a significant positive shift in attitudes. Seventy-seven percent now believe security is worth the effort (a 17% increase), and 74% feel it’s possible to stay secure online (a 21% increase). These improvements are particularly marked among Gen Z, with 76% prioritizing online security (up 8%) and 71% believing cybersecurity is attainable (up 31%).
Nonetheless, concerns remain. Half of all respondents assume their devices are automatically secure (up 7%), and 53% still consider online protection to be expensive. Additionally, 43% of participants report reducing their online activities due to feeling overwhelmed by security information, up 6% from last year.
Behavior as the New Battleground
At STACK Cybersecurity, we believe that behavior is the new battleground in cybersecurity, and the 2025–2026 report reinforces this perspective.
What's Changed: Year-Over-Year Comparison
| Category | 2024-2025 | 2025-2026 | Change |
|---|---|---|---|
| AI Usage | 35% used AI tools | 65% now use AI tools | +30% |
| Shadow AI | Not measured | 43% share sensitive data with AI | +New Risk |
| Security Optimism | 60% said security is worth the effort | 77% now agree | +17% |
| Belief in Online Safety | 53% believed it was possible | 74% now do | +21% |
| Cybercrime Victims | 35% reported being victims | 44% now report | +9% |
| Deepfake Scams | Not measured | 34% received deepfake calls | New threat |
| MFA Usage | 43% used MFA | 41% use it reguarly | -2% |
| Training Access | 33% had access | 32% now do | -1% |
| Self-Rated Knowledge | 57% rated intermediate/advanced | 49% now do | -8% |
| Software Updates | 63% updated regularly | 60% now do | -3% |
Top 10 Key Statistics
- AI adoption rose from 35% to 65% in a single year.
- 43% of employees share sensitive data with unapproved (shadow) AI tools.
- 58% of AI users have received no training on security or privacy risks.
- 77% believe cybersecurity is worth the effort, a 17% increase.
- 44% of respondents have been victims of cybercrime, with phishing, identity theft, and dating scams most common.
- 34% received deepfake scam calls, and 42% of those lost money or data.
- Only 41% use multi-factor authentication (MFA) regularly, and 23% have never heard of it.
- India leads in AI adoption (87%), but also in unauthorized data sharing (55%).
- Only 2% of Silent Generation respondents have access to cybersecurity training.
- Confidence in cybersecurity is up, but good security behavior is down, widening the knowing–doing gap. Bulleted List Item
What's Better?
- Attitudes toward cybersecurity are improving, especially among Gen Z.
- Password manager adoption has increased slightly.
- Reporting rates for cybercrime are high, particularly in India (94%) and the U.S. (93%).
What's Worse?
- Shadow AI is widespread, with nearly half of Gen Z and Millennials sharing sensitive information with unsanctioned tools.
- Access to training remains stagnant, especially in high-risk sectors like retail and hospitality.
- The gap between knowledge and behavior is growing; fewer people feel confident, yet risky actions persist.
Cultural and Generational Contrasts
- India exhibits the highest AI usage and rates of unauthorized data sharing.
- The UK and Australia lead in MFA adoption, while Mexico has the lowest awareness of MFA.
- Gen Z is the most optimistic about security but also the most frequently victimized by cybercrime.
- Older generations, while less confident, are more diligent with MFA and software updates.
The Silent Generation (aged 80+) displays distinct cybersecurity habits. Only 20% use AI tools, and just 2% have access to cybersecurity training. A majority (66%) have never used password managers, prefer written materials for security information, and are more consistent in installing software updates. Despite these strengths, they feel less confident in identifying phishing attempts or AI-generated content. Including this group in the research underscores the differences in cybersecurity behavior across all adult age groups, from Gen Z to the oldest adults.
Implications for Your Business
This year’s findings make it clear that cybersecurity is no longer solely about awareness; it is fundamentally about behavior. Behaviors are influenced by factors like culture, age, industry, and access to resources.
At STACK Cybersecurity, we provide solutions to help businesses bridge the “knowing–doing” gap, including:
- AI policy templates for safe and responsible AI usage
- Secure AI tools tailored to business needs
- Customizable training programs to address specific risks
- Behavioral nudges that make secure actions second nature
- Risk assessments that consider human factors beyond compliance
Our comprehensive security services include risk assessments, managed security solutions, and cybersecurity awareness training designed to address the challenges highlighted in this report. Our training programs are customizable to help close the gap between security knowledge and practice.
By understanding these evolving trends and implementing targeted interventions, organizations can cultivate a more resilient security culture in today’s increasingly complex threat landscape.
Contact STACK Cybersecurity to schedule a cybersecurity risk assessment (CSRA) or request a demo of our training platform.
Download the report: Oh Behave! Cybersecurity Attitudes and Behaviors Report 2025