Full Report
The study shows that the US cybersecurity and online privacy awareness hasn’t improved since last year, according to NordVPN.
Analysis Summary
# Industry News: US Cybersecurity Literacy Declines, AI Privacy Skills Lag
## Summary
Research by NordVPN indicates that the United States has dropped to 4th globally in cybersecurity and online privacy knowledge, with stagnant overall awareness since the previous year. While Americans demonstrate proficiency in traditional security measures like strong passwords and identifying streaming scams, there is a critical lack of understanding regarding emerging privacy risks associated with Artificial Intelligence in the workplace.
## Key Details
- Date: September 16, 2025
- Companies Involved: NordVPN (researcher), International Society of Automation (publisher context)
- Category: Market Analysis / Industry Benchmarking
## The Story
The 2025 National Privacy Test (NPT), analyzing over 30,000 responses across 186 countries, positioned the US behind global leaders like Lithuania, Singapore, and India. American strengths lie in spotting common scams (96% on streaming offers, 96% on strong passwords). However, significant knowledge gaps persist in fundamental areas such as identifying phishing websites (only 31% success), understanding ISP metadata collection (15% know), and secure password storage (16%). Most concerning for the modern threat landscape is the near-total failure to grasp AI-related workplace privacy issues, with only 5% capable of identifying these risks.
## Business Impact
### For the Companies Involved
- **NordVPN:** Reinforces its position as a leading authority in consumer cybersecurity awareness, leveraging benchmark data to drive product messaging for its core VPN services and related offerings like the Saily travel eSIM app.
### For Competitors
- Competitors (VPN providers, security awareness training firms) can use this data to tailor educational campaigns or product features specifically addressing the AI privacy gap and improving foundational knowledge identified as weak in the US market.
### For Customers
- Consumers must recognize that while they feel secure in some areas, significant blind spots exist, particularly concerning new technologies like AI. This implies a higher unmanaged risk exposure in both their personal and professional digital lives.
### For the Market
- The data suggests a growing maturity mismatch: user adoption of advanced technologies (like generative AI) outpaces user knowledge regarding their associated privacy implications, creating vulnerabilities that threat actors will likely exploit.
## Technical Implications
The data highlights a gap in translating security best practices into actionable knowledge for protecting granular data flows, specifically around *how* AI tools process and handle sensitive information (input/output data security). Furthermore, weak grasp of home Wi-Fi security (17%) and metadata collection indicates poor adoption of baseline network hygiene standards.
## Strategic Analysis
- Market Positioning: The US lags in overall digital maturity compared to leading nations, suggesting an underserviced or undertaught segment of the market focusing on next-generation threats.
- Competitive Advantage: Countries ranking higher (e.g., Lithuania) may see reduced successful targeted attacks due to a better-educated populace, potentially leading to lower insurance premiums or regulatory compliance advantages in the long term.
- Challenges: The rapid adoption rate of AI tools challenges the speed at which security training material can be developed, validated, and effectively disseminated to close the 5% AI privacy understanding gap.
## Industry Reactions
- **Analyst opinions:** Analysts will likely view this ranking as a warning sign for US enterprise risk management, suggesting that security awareness programs need immediate modernization to cover AI governance alongside legacy phishing defense.
- **Expert commentary:** CISOs will likely cite this report when arguing for increased budget allocation toward comprehensive security awareness training that specifically addresses GenAI adoption policies.
## Future Outlook
- **Predictions and expectations:** Expect a surge in demand for targeted training solutions focusing on responsible AI use and metadata awareness.
- **What to watch for:** The shift in focus from basic phishing/password hygiene to complex concept comprehension (like metadata and AI privacy) will define the next wave of cybersecurity education tools.
## For Security Professionals
Security teams must prioritize developing and deploying updated training modules that explicitly address the privacy considerations of using AI tools at work, as the general user base clearly lacks the necessary context. Furthermore, efforts should be redoubled on reinforcing fundamental network security (Wi-Fi configuration) and understanding data telemetry (ISP collection).