Executive summary of the Study on Information Security and E-trust in Spanish households

2nd 4-month period of 2011 (16th wave)

INFORMATION SECURITY OBSERVATORY

Objectives and methodology

OBJECTIVES OF THE STUDY To compare user perception of computer security with the real situation. To analyse the change of security and e-trust indicators over time. To direct public policies and initiatives toward improving security and the generation of a climate of trust in the Information Society
OPINION

STUDY METHODOLOGY
Online panel

REMOTE AUDITING

iScan

Users are surveyed every 4 months

n = 3,743 / n = 2,405 (2nd 4month period of 2011) n= 56,499 (from Dec 2006) 16 data collections

Monthly scans of computers

7,865 computers (2nd 4-month period of 2011) 188,767 computers (from Dec 2006 52 data collections

Perception vs. Reality

(Readings over time)

Technical information
Sample Population Spanish Internet users over 15 years of age with frequent access to the Internet from home. Sample 3,743 users (block 1 questionnaire: Internet security habits and measures, safe use of the Internet). 2,405 users (block 2 questionnaire: security incidents, E-trust).
7,865 remote analyses

Sample distribution Multistage sampling with stratification by Autonomous Region and quotas based on size of household, age, gender, work activity and home size. Information collection Online interviews. Online analysis of computers Fieldwork May to August 2011 Sampling error In accordance with simple random sampling criteria for dichotomous variables in which p=q=0.5 and to obtain a trust level of 95.5%, the sampling error is established as 1.60% for n= 3,571 and 2.00 for 2,405.
3

Contents

Main results Security measures and habits Security incidents User reaction and the consequences of security incidents E-trust in Spanish households Final conclusions

http://observatorio.inteco.es
4

Main results
Security measures and habits
The antivirus continues to be the most used tool, with 92.2% of users stating they use it. Also, 71.9% of Internet users state that they check that their security tools are up to date. The real levels of usage, obtained via the iScan analysis, show that an antivirus is actually used on 81.5% of computers, with 76.5% having a firewall in place, and 72.5% of the computer operating systems are up to date. The last two pieces of data are very similar to the stated percentages (76.2% and 76.5%, respectively). A lack of knowledge and the perception that the tools are not required again form the main barriers to users applying automated security measures.

Security incidents
27.3% of users state that they have experienced some type of malware incident. The true data collected by iScan indicates that in August 2011, 45.8% of the analysed systems were hosting malicious code. Other security incidents are not as common, such as unwanted Wi-Fi network access and being a victim of identity theft, stated at 6.0% and 5.6% respectively.

Main results

User reaction and the consequences of security incidents

When faced with a security incident, nearly half of the Internet users are able to resolve the problem themselves (46.3%). The loss of data in the system or suffering hardware damage is very sporadic. Only 12.7% state that they have lost data in the last year, and an even lower proportion (7.8%) state that they have suffered data loss in the last three months. The percentage of users who have been forced to reinstall their operating system in the last year, quarter or "on occasion" has increased to 71.4%.

E-trust in Spanish households

52.6% of Internet users have a lot or quite a lot of trust in the Internet. At the other extreme, 1.1% are more pessimistic on acknowledging that they do not trust it at all. The majority of the respondents state that the users of Internet security are themselves responsible. They are of the opinion (30.5%) that the most pressing measure that the Government can take is to offer free security tools.

Security measures and habits Security measures and habits

Evolution of the stated use of automated security measures (%)

Overall, a slight decrease in the use of automated security measures can be seen in the 2nd 4-month period of 2011. This can be explained in part due to the renewal of the study panel. It is hoped that it will stabilise on future readings. The data referring to content filter programs (parental control for minors) is presented for the sub-sample of users with young children that use the Internet (27.7%).
7

Security measures and habits Security measures and habits

Evolution of the stated use of non-automated security measures (%)

Overall, a slight decrease in the use of non-automated security measures can be seen in the 2nd 4-month period of 2011. This can be explained in part due to the renewal of the study panel. It is hoped that it will stabilise on future readings.
8

Security measures and habits

Security measuressecurity measures in the next 3 months (data from 2nd 4-month period of and habits Stated intention to use automated
2011) (%)

The data referring to content filter programs (parental control for minors) is presented for the sub-sample of users with young children that use the Internet (27.7%).

Security measures and habits

Security measures and habits in the next 3 months (data from 2nd 4-month Stated intention to use non-automated security measures
period of 2011) (%)

10

Security measures and habits

To facilitate reading the chart, the percentage corresponding to the most frequently cited reason for each of the tools is shown in red. The data referring to content filter programs (parental control for minors) is presented for the sub-sample of users with young children that use the Internet (27.7%).

11

Security incidents Security incidents

Evolution of computers hosting malware (%)

iScan

12

Security incidents
Evolution of malware incidents by category (% of all scanned computers)

iScan

13

Security incidents Security incidents

iScan

Total number of malicious files and unique malware variants

iScan
Number of detections for each unique malware variant, August 2011

14

Security incidents Security incidents

Evolution of the total level of risk in computers (%)

iScan

15

User reaction and the consequences of security incidents

Type of action* taken after suffering a security incident by users who change their security habits and measures (%)

* Multiple response

16

User reaction and the consequences of security incidents

Method of resolving security incidents (%)

17

E-trust in Spanish households

Perception of the number of security incidents compared to 3 months ago (%)

18

E-trust in Spanish households

Perception of the severity of security incidents compared to 3 months ago (%)

19

E-trust in Spanish households

Measures demanded of the Government

20

E-trust in Spanish households

Overall, how much do you trust the Internet?

21

Final conclusions
Malware levels continue to decline, both in Spain and on a world-wide scale. Around 45% of the systems were infected in August 2011. Even if the great majority trusts the use of an antivirus, a high proportion complement it with other necessary techniques to provide protection. For example, 72.2% check that the amount of data requested for online banking does not differ from the previous session. Internet users use more automated tools for protection than non-automated habits. They continue to be cautious when it comes to downloading: a significant 64.5% of users state that they find out information about the download and, in addition, 77.2% download from trusted sites. Regular use of social networking websites has now surpassed 80%. Only 5.6% of the respondents have suffered one of the main risks, identify theft. This indicates good habits to protect accounts. For example, almost half of Internet users state that their profile can only be seen by friends and contacts. Overall, the surveyed users have quite a lot of trust in the Internet (44.3%) and 8.3% of them state they trust it a lot. When combined, then, over half of the users have a lot or quite a lot of trust in the Internet. When it comes to the Government, the main preference is for measures that create free security tools (30.5%), with training (courses, campaigns and workshops) being one of the lowest ranked in terms of demands.

22

Followusthrough:
Web
http://observatorio.inteco.es Facebook http://www.facebook.com/ObservaINTECO Twitter http://www.twitter.com/ObservaINTECO Scribd http://www.scribd.com/ObservaINTECO YouTube http://www.youtube.com/ObservaINTECO The Information Security Monitoring Centre Blog http://www.inteco.es/blogs/inteco/Seguridad/BlogSeguridad

Sendusyourenquiriesandcommentsto:
observatorio@inteco.es

http://www.inteco.es http://observatorio.inteco.es