White Paper / April 2019

Report: Improving Cybersecurity Awareness in Underserved Populations

“Improving Cybersecurity Awareness in Underserved Populations” highlights how ‘underserved’ residents in San Francisco—including low-income residents, seniors, and foreign language speakers—face higher-than-average risks of being victims of cyber attacks. The report was authored by Ahmad Sultan, a recent graduate of UC Berkeley’s Goldman School of Public Policy, who partnered with officials from the City and County of San Francisco to study the cybersecurity awareness of underserved citizens.

Download the Report

“Improving Cybersecurity Awareness in Underserved Populations” highlights how ‘underserved’ residents in San Francisco—including low-income residents, seniors, and foreign language speakers—face higher-than-average risks of being victims of cyber attacks.

The report was authored by Ahmad Sultan, a recent graduate of UC Berkeley’s Goldman School of Public Policy, who partnered with officials from the City and County of San Francisco to study the cybersecurity awareness of underserved citizens. Sultan currently serves as the Associate Director for Research, Advocacy and Technology and Policy at the Anti-Defamation League’s Center for Technology and Society. Published as part of CLTC’s White Paper Series, the report is intended to help officials in other cities better understand how underserved populations may be at risk, and provides recommendations for city-led training programs and other initiatives that could help mitigate the cybersecurity challenge.

“This cybersecurity gap is a new ‘digital divide’ that needs to be addressed—with urgency—by the public and private sectors alike,” Sultan wrote. “The report is intended to help city leaders understand how they could better understand this issue in their own cities, and how they might forge public-private partnerships to address cybersecurity concerns at the system level.”

Through a survey of more than 150 San Franciscans at diverse community-based organizations across San Francisco, as well as a survey of 142 people from a comparison group, Sultan found that members of underserved populations are less likely to know whether they have even been victimized by a cyber attack, and they have lower awareness of cybersecurity risks. Partly as a result, they are also less likely to access vital online services, such as banking, health services, educational programs, and other resources, which could lead to them falling behind economically.

Among the key findings outlined in the report:

  • When underserved residents were asked about their knowledge of core cybersecurity concepts, 20 percent did not know about online crime, 21 percent didn’t know about email spam, 26 percent didn’t know about computer or phone “viruses,” and 31 percent did not know about anti-virus software. Underserved residents generally suffer from low levels of confidence in their ability to protect themselves online and have low trust in technology companies to secure their data. As a result, they are deterred from using online services, such as banking or social services, that can bring important economic and social benefits.
  • A significant percentage of underserved residents likely have been victim of a cyber scam, and many may have been scammed multiple times.
  • Underserved residents often possess an incomplete understanding or distorted view of the online security landscape. A large number of respondents were unable to comment on cybercrime impact because they did not understand basic cybersecurity concepts.
  • Respondents who said they were confident in their ability to protect themselves online are often not taking basic security precautions that could justify some of that confidence.
  • Underserved citizens whose primary language is not English often struggle to find resources on cybersecurity in their own language, and many do not know what resources to trust. Residents often turn to friends or relatives and receive partially accurate information at best.
  • Respondents generally have a poor understanding of basic cybersecurity concepts such as online scams and viruses. They also have low skill level and motivation to follow best practices as gauged by cyber-hygiene relevant questions. These include setting a complex password for online accounts and employing preventative methods when reading and interacting with the contents of an email.

The report encourages city leaders to study their own populations’ cybersecurity awareness, and to provide targeted trainings. The paper also suggests that city leaders develop resources, such as advice websites and public awareness campaigns, and it encourages them to participate in state and federal programs focused on boosting cybersecurity awareness, while also partnering with private-sector partners to help improve the practices and behaviors of underserved populations.

“While the field of cybersecurity impact evaluation is young, experiences in the field of public health can serve as a helpful guide for city leaders hoping to chip away and define the future of cybersecurity for underserved residents,” Sultan’s report advises. “Cities have opportunities to work together to develop joint cybersecurity initiatives, including digital literacy trainings to improve cybersecurity outcomes, while also creating strong, sustainable, and actionable partnerships with private-technology firms to address system-level cybersecurity concerns.”

Download the Report