What are the lessons of Cybersecurity Awareness Month?
Has Cybersecurity Awareness Month actually done any good?
As Cybersecurity Awareness Month enters its third decade, it’s worth asking whether it has truly made a difference. In an era when cybercriminals are continually ramping up their attacks, the educated technology user is still the best line of defense.
But knowing and doing are not the same thing. While some metrics point to users being more aware of good cybersecurity practices, others show that some — even among digital natives — just don’t care enough to follow them.
Cybersecurity Tribe featured a quote from an anonymous CISO in late 2023 that summed up the questionable value of awareness campaigns: “We are still making the same stupid mistakes we were 20 years ago.”
But does that assessment still hold true in 2025? In terms of knowledge, users are more aware than before. The Acronis Data Privacy Report 2025 found that two-thirds of consumers (68%) say they use strong, unique passwords, and 46% have adopted two-factor authentication (2FA). That’s a notable improvement compared to 2019, when Pew Research found that only about a quarter of adults in the U.S. could even identify an example of 2FA.
Read more at Acronis