Back to Posts Cover of Oh Behave report

Oh Behave! AI’s Gone Wild, And So Has Your Staff

Sept. 30, 2025

The fifth annual "Oh Behave!" report, published by the National Cybersecurity Alliance and CybSafe, stands as a critical resource for businesses navigating the era of artificial intelligence.

Drawing insights from 7,000 participants across seven countries, including newly represented Brazil and Mexico, the 2025 edition offers a comprehensive analysis of trends in cybersecurity behaviors. The report highlights both advancements and ongoing challenges for companies to address to remain cybersecure.

Graph showing use of sensitive info in AI tools by generation

The AI Revolution: Transformation and Challenges

2024-2025 Report: The First Wave

Last year’s findings identified AI as an emerging concern within cybersecurity, with only 35% of respondents using AI tools. At that time, apprehension about AI's impact was growing, as 63% of participants expressed worry about AI-related cybercrime.

2025-2026 Report: The Tidal Wave

This year's report marks a dramatic reversal in AI adoption, with 65% of respondents now using AI tools, a significant jump from the previous year. This surge is especially notable among younger generations, as 89% of Gen Z and 79% of Millennials are actively embracing AI technologies.

A recent development is the emergence of "shadow AI." Forty-three percent of workers admit to sharing sensitive work information with AI tools without employer knowledge or approval. This includes internal company documents (43%), customer data (44%), and financial information (42%).

Despite this widespread usage, 58% of AI users have received no training on security or privacy risks, an increase from last year, exposing a critical vulnerability firms must urgently address.

Cybersecurity Attitudes: Shifts and Remaining Barriers

2024-2025 Report: Mixed Signals

The previous report highlighted waning confidence in cybersecurity. Only 60% of respondents thought online safety was worth the effort (a 9% decrease from the prior year), and just 53% believed staying safe online was achievable (down 5%). Frustration and intimidation with security measures were on the rise.

2025-2026 Report: Renewed Optimism

The latest findings show a significant positive shift in attitudes. Seventy-seven percent now believe security is worth the effort (a 17% increase), and 74% feel it’s possible to stay secure online (a 21% increase). These improvements are particularly marked among Gen Z, with 76% prioritizing online security (up 8%) and 71% believing cybersecurity is attainable (up 31%).

Nonetheless, concerns remain. Half of all respondents assume their devices are automatically secure (up 7%), and 53% still consider online protection to be expensive. Additionally, 43% of participants report reducing their online activities due to feeling overwhelmed by security information, up 6% from last year.

Graph comparing people's attitudes about cybersecurity in 2025

Behavior as the New Battleground

At STACK Cybersecurity, we believe that behavior is the new battleground in cybersecurity, and the 2025–2026 report reinforces this perspective.

What's Changed: Year-Over-Year Comparison

Category 2024-2025 2025-2026 Change
AI Usage 35% used AI tools 65% now use AI tools +30%
Shadow AI Not measured 43% share sensitive data with AI +New Risk
Security Optimism 60% said security is worth the effort 77% now agree +17%
Belief in Online Safety 53% believed it was possible 74% now do +21%
Cybercrime Victims 35% reported being victims 44% now report +9%
Deepfake Scams Not measured 34% received deepfake calls New threat
MFA Usage 43% used MFA 41% use it reguarly -2%
Training Access 33% had access 32% now do -1%
Self-Rated Knowledge 57% rated intermediate/advanced 49% now do -8%
Software Updates 63% updated regularly 60% now do -3%

Top 10 Key Statistics

  • AI adoption rose from 35% to 65% in a single year.
  • 43% of employees share sensitive data with unapproved (shadow) AI tools.
  • 58% of AI users have received no training on security or privacy risks.
  • 77% believe cybersecurity is worth the effort, a 17% increase.
  • 44% of respondents have been victims of cybercrime, with phishing, identity theft, and dating scams most common.
  • 34% received deepfake scam calls, and 42% of those lost money or data.
  • Only 41% use multi-factor authentication (MFA) regularly, and 23% have never heard of it.
  • India leads in AI adoption (87%), but also in unauthorized data sharing (55%).
  • Only 2% of Silent Generation respondents have access to cybersecurity training.
  • Confidence in cybersecurity is up, but good security behavior is down, widening the knowing–doing gap. Bulleted List Item

What's Better?

  • Attitudes toward cybersecurity are improving, especially among Gen Z.
  • Password manager adoption has increased slightly.
  • Reporting rates for cybercrime are high, particularly in India (94%) and the U.S. (93%).

What's Worse?

  • Shadow AI is widespread, with nearly half of Gen Z and Millennials sharing sensitive information with unsanctioned tools.
  • Access to training remains stagnant, especially in high-risk sectors like retail and hospitality.
  • The gap between knowledge and behavior is growing; fewer people feel confident, yet risky actions persist.

Cultural and Generational Contrasts

  • India exhibits the highest AI usage and rates of unauthorized data sharing.
  • The UK and Australia lead in MFA adoption, while Mexico has the lowest awareness of MFA.
  • Gen Z is the most optimistic about security but also the most frequently victimized by cybercrime.
  • Older generations, while less confident, are more diligent with MFA and software updates.

The Silent Generation (aged 80+) displays distinct cybersecurity habits. Only 20% use AI tools, and just 2% have access to cybersecurity training. A majority (66%) have never used password managers, prefer written materials for security information, and are more consistent in installing software updates. Despite these strengths, they feel less confident in identifying phishing attempts or AI-generated content. Including this group in the research underscores the differences in cybersecurity behavior across all adult age groups, from Gen Z to the oldest adults.

Implications for Your Business

This year’s findings make it clear that cybersecurity is no longer solely about awareness; it is fundamentally about behavior. Behaviors are influenced by factors like culture, age, industry, and access to resources.

At STACK Cybersecurity, we provide solutions to help businesses bridge the “knowing–doing” gap, including:

  • AI policy templates for safe and responsible AI usage
  • Secure AI tools tailored to business needs
  • Customizable training programs to address specific risks
  • Behavioral nudges that make secure actions second nature
  • Risk assessments that consider human factors beyond compliance

Our comprehensive security services include risk assessments, managed security solutions, and cybersecurity awareness training designed to address the challenges highlighted in this report. Our training programs are customizable to help close the gap between security knowledge and practice.

By understanding these evolving trends and implementing targeted interventions, organizations can cultivate a more resilient security culture in today’s increasingly complex threat landscape.

Contact STACK Cybersecurity to schedule a cybersecurity risk assessment (CSRA) or request a demo of our training platform.

Download the report: Oh Behave! Cybersecurity Attitudes and Behaviors Report 2025

Cybersecurity Risk Assessment

Do you know if your company is secure against cyber threats? Do you have the right security policies, tools, and practices in place to protect your data, reputation, and productivity? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cyber's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices, and provide you a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Learn More