10.9.2025 Laurel Laluk
Estimated Reading Time: 5 Minutes
If you ask most people whether they know how to protect themselves online, they’ll probably say yes. But if you ask whether they actually do it – well, that’s where knowledge and behavior start to diverge.
According to Iris® Powered by Generali’s 2025 Identity and Cybersecurity Concerns (ICC) survey, fewer than one in three Americans reported following all recommended data protection practices.
And yet, this same research found that 88% of consumers are concerned about one or more of their passwords being compromised. Similarly, 85% worry about their personal devices being hacked.
The awareness is there. The anxiety is real. But the follow-through? Not always. In fact, while password managers are among the most commonly used identity protection tools, only 45% of consumers actually use one.
Key Takeaways
- Passwords remain the#1 weak point in digital security, contributing to 80–90% of scams and breaches.
- Convenience is beating security: Only 1 in 3 Americans follow all recommended cyber hygiene practices.
- Businesses play a critical role in making secure habits easy through built-in tools and guidance.
When Passwords are the Prize
We get it! It’s easy to roll your eyes at yet another reminder about password security.
But as the 2025 State of Scams in the USA report from the Global Anti-Scam Alliance (sponsored by Iris) revealed, 77% of Americans encounter scams daily, and more than 70% have been scammed in the past year. And scammers are just as interested in passwords as they are in our financial information.
In fact, compromised credentials (aka passwords) are a factor in a majority of scams and data breaches, with some reports citing figures as high as 80–90%. In 2024, IBM highlighted a significant surge in attacks exploiting valid accounts due to password reuse and consumers keeping the default passwords on devices like home routers. And when it comes to organizational risk, weak passwords account for more than 80% of data breaches.
The good news? Simple, consistent password management practices can drastically reduce risk.
Promoting the Basics: Small Actions, Big Impact
Consumers are, for the most part, simply doing the best they can. Unfortunately, convenience often outweighs security, leading to avoidable risks. Businesses can make a big difference, however, by encouraging a few foundational habits:
1. Use a password manager.
It’s the simplest way to create and store strong, unique passwords without having to remember them all.2. Turn on multi-factor authentication (MFA).
Just one extra verification step can block the vast majority of automated attacks — no advanced tech skills required.3. Never reuse passwords.
Encourage users to treat each account like a separate lock. If one password is stolen, reused credentials can give scammers the master key to everything.
These may seem like small, common-sense steps – but when scaled across a customer base, they have a huge collective impact.
Build Password Security into Your Digital Ecosystem
One of the most important insights from this year’s ICC survey is that most consumers aren’t ignoring security – they’re simply overwhelmed by it. Very few people have access to a comprehensive identity & cyber protection program, yet 66% of Americans say they are willing to pay for one! Even more telling, 80% say they would use identity protection features if those tools were built into a mobile app they’re already using.
This is where businesses have a massive opportunity to lead. Instead of relying on customers to manage security alone or adopt yet another standalone tool, organizations can create safer experiences by baking protection directly into their digital ecosystem. Password strength indicators, automatic breach alerts, built-in password managers, contextual education, and easy one-click MFA setup are all simple enhancements that guide users toward stronger habits – without slowing them down.
Iris’ Personal Web Defense was designed to do just that. Delivered as an easy-to-use app, businesses can help guard their customers (and their families!) from today’s many online threats. It offers a VPN to keep web traffic private; antivirus scanning and firewall protection; a secure browsing tool to help users avoid phishing and malware sites; and a Password Vault to help users generate, store, and secure their credentials seamlessly. Organizations can easily embed these protections within their own digital offerings via Iris’ award-winning API integration, giving users peace of mind without adding friction.
When businesses make security feel effortless (and not a burden!), they don’t just reduce fraud risk, they build long-term customer trust and loyalty.
Turning Awareness into Empowerment
Password protection might sound basic, but it remains one of the most effective defenses against today’s most common scams and breaches.
This Cybersecurity Awareness Month (CAM), Iris is helping businesses empower consumers with tools and education that stick. Explore our interactive CAM resource hub for ready-to-share resources, infographics, and quizzes that make cyber safety approachable – and actionable.
Then join us on October 21 for our live webinar, where we’ll dive deeper into scam trends, unpack the ins and outs of consumer behavior (and why it often doesn’t align with our perceived ability to detect scams), and share proven ways to close that gap through smarter education.
Because when it comes to online safety, small measures really do make a big difference.
.png?width=102&height=102&name=Iris-Generali-Logo-White%20(1).png){kind=logo}
