Take9: Advancing Cybersecurity Practices Through Consumer Awareness 

Online threats are on the rise: despite consumer awareness that the security landscape is dangerous and harder to navigate, individuals are taking fewer actions to protect themselves online. 

Take9, a national public service campaign dedicated to increasing public awareness on cybersecurity practices to help individuals, communities, and the nation protect against online attacks and threats, is rooted in research on consumer behavior when it comes to digital safety. Bully Pulpit International, the partner agency on the Take9 campaign, conducted a nationally representative survey in Fall 2025 to deepen our understanding on the language, actions, and methods that can improve consumer behavior online.

Consumers are concerned about cybersecurity threats – particularly those that affect them personally – and feel responsible for their own online safety. The public already sees online threats as a serious issue. When asked what worries people most about the internet, online threats ranked top of concerns with 44% of respondents choosing “cybercrimes such as fraud and identity theft.” Other cyber threats – including threats to national security (25%) and the vulnerability of America’s online infrastructure (15%) – were also concerning, but were not felt as acutely as concerns about personal impact on their financial and individual wellbeing. 

While a majority of adults find any breach or theft caused by cybercriminals to be of concern, the magnitude of concern was greater for the individual cost compared to national security issues such as political, infrastructural or systemic attacks.

Consumers are concerned about cybersecurity threats – particularly those that affect them personally – and feel responsible for their own online safety.

Respondents were most intensely concerned about cybercriminals stealing financial information (53%, very concerned), their identity (50%, very concerned), and extorting their private and personal information (47%, very concerned). There is also notable strong concern for how emerging technology like AI can facilitate and augment online fraud and scams (48%, very concerned). Concerns about online threats are felt most strongly when they have tangible personal consequences. 

Who is responsible for cybersecurity?

Increasing consumer awareness and convincing people that they play a role in their own cybersecurity is not the problem. People overwhelmingly believe it is up to them to keep themselves and others safe online rather than the government, law enforcement, or tech companies. Further, there is strong consensus that online scams are a threat “that affects everyone” and that online safety is “something you have to keep doing, not a one-time issue to solve” (67% strongly agree for both). Respondents believe that cybersecurity is not a quick fix but rather needs to be integrated into their digital lives. 

Consumers feel empowered to protect themselves from online threats, and feel optimistic that their actions are not futile. When asked: 65% say they can “take steps to protect [their] data online” versus “no matter what [they] do, [their] data will be vulnerable to attack” (35%). Public awareness campaigns can leverage this optimism and sense of personal responsibility to help inspire consumer action. 

The Gap Between Consumer Awareness and Action 

Despite recognizing online threats as a solvable and personal issue, the public feels ill-equipped to take it on. There is low consumer confidence in one’s ability to identify an online scam or what they can do to prevent them. Only 32% strongly agree they feel “confident in their ability to spot a dangerous email or text message”, and only 22% strongly agree that they know “what tools to use to stay away from online scams.” While cybersecurity training programs and awareness campaigns are a common part of workplace and community outreach, it has not transferred to consumer awareness and confidence. 

Take9’s role is to bridge this gap between the concern around cybersecurity and actions that can be taken. Cyber professionals need everyday users to implement cybersecurity best practices in order to maintain a secure system overall. Given that the research shows 25% of people currently take no action to stay safe online, Take9 is reframing the conversation to show individuals that they have confidence and control through simple actions like slowing down online. 

Why haven’t we been able to increase consumer awareness before?

Cybersecurity can feel overwhelming and intimidating. The field is fraught with confusing language and naming conventions, such as threat actors with names like “Fancy Bear”, “Deep Panda” and “Charming Kitten” to name a few. These mean little to the average person and do not inspire enough concern to spur consumer action. 

When asked about a range of issue-terms across the cybersecurity landscape – including online fraud and scams, cyberattacks, cybercrimes, cyberwarfare, and cyberthreats – 62% responded that “online fraud and scams” were most concerning. In reality, these cybersecurity terms have significant overlap, and all can have personal consequences on consumers. The difference? Cyberattacks, cybercrimes, cyberwarfare, and cyberthreats continue the pattern of language focused on broader consequences, while online frauds and scams feel personal. 

Reframing Cybersecurity for Consumers

By focusing on online scams and frauds, Take9 is talking to consumers about what they care about most and inspiring behavior change that helps protect the entire digital ecosystem. The same measures that mitigate online scams and fraud can also thwart other cybersecurity attack and threat vectors. 

Take9’s role is to bridge this gap between the concern around cybersecurity and actions that can be taken.

To drive consumer action, Take9 speaks to people in language that resonates and equips them with the means to protect themselves. Instead of focusing on the national, infrastructural, or systemic issues; we’re focusing on personal impact. Through education and consumer awareness efforts, Take9 guides people through simple yet effective cybersecurity steps that have far reaching benefits for the overall security ecosystem. Most importantly, we skip the technical jargon and keep it uplifting. The average consumer may not know the ins-and-outs of the cyber landscape – but they don’t have to to be secure. 

Starting with the 9-second pause. Getting people to slow down is a tested and trusted common cybersecurity recommendation for catching and preventing online threats. Take9 is designed to grab attention, interrupt behavior patterns, and empower the consumer to take the first step to protect themselves. We provide tips and security practices that are easy to communicate and share, and actions that feel reasonable and doable.

Who We’re Persuading

When it comes to convincing consumers to change their behaviors, not everyone is equally amenable. The research indicated that starting with what is termed the “sandwich generation”, adults who are responsible for their own online security – as well as for their older parents and young children, reaches a group who is already thinking about how to protect themselves and their family from online scams. They are concerned about online threats, and they know that scams and frauds are out there and getting more potent. They are also trusted and credible messengers to bring Take9 to their intergenerational communities and increase consumer awareness of frauds and scams. Take9’s mission is to inspire consumers, with a focus first on the sandwich generation, to pause before clicking and help steward this message forward to people who trust them. 

This research has guided the messaging strategy around Take9: focus on actionable and empowering messages to inspire consumers to act today – and everyday – to protect themselves online.