Same internet, different worlds: New evidence reveals significant differences in how people understand and protect their digital security across Western and non-Western regions

Digital risks don’t land the same way everywhere. Drawing on nationally quota-representative samples from 12,351 participants in 12 countries, the research uncovers consistent, statistically significant gaps between WEIRD (Western, Educated, Industrialized, Rich, Democratic) and non-WEIRD contexts. These gaps shape which threats people notice, which protections they choose, and which sources they trust—with implications for policy, product safety, and the day-to-day resilience of citizens and organizations.

What the study uncovered

The team examined familiarity with security concepts, perceived risks, protective behaviors, sources of advice, and experiences with cybercrime. Three patterns stand out:

• Different threat lenses: Participants in non-WEIRD countries tended to assign higher importance to protecting more kinds of data, saw more groups as potential attackers, and consulted more sources for guidance.
• Advice cuts both ways: Interpersonal networks (friends and family) play a larger role in non-WEIRD settings—serving as both a trusted support and, paradoxically, a suspected risk vector.
• Protection favors low-friction tools: Across all regions, people commonly take at least one protective step, gravitating toward built-in, low-effort defenses (automatic updates, antivirus) while adoption of more complex privacy tools remained low.

Taken together, these findings caution against one-size-fits-all assumptions. Effective interventions need to reflect cultural norms, legal environments, infrastructure, and local threat models.

From insight to action

For policymakers this means pairing secure-by-default regulation with outreach that uses trusted local voices—and actively counters myths. For industry, it means designing products with default safety and minimal friction, aligned to users’ mental models in each region. For students and educators, the results point to the value of regionally sensitive curricula. And for the general public, the practical guidance is clear: keep devices updated, rely on built-in protections, and double-check advice—even when it comes from people you trust.

Advancing AI and digital security—together

Although the study itself focuses on digital security, the results also have implications for AI. As AI systems mediate authentication, content filtering, and fraud detection, they inherit our human assumptions. Since those assumptions differ across societies, building trustworthy, human-aligned AI means grounding safeguards, explanations, and evaluations in cross-cultural evidence—so automated defenses match real user behavior, encourage adoption, and reduce risky workarounds.

The people behind the work

The paper, “Digital Security Perceptions and Practices Around the World: A WEIRD versus Non-WEIRD Comparison,” is authored by Franziska Herbert (CASA), Collins W. Munyendo (George Washington University), Jonas Hielscher (CASA), Steffen Becker, and Yixin Zou (MPI-SP).

For RC Trust: Steffen Becker of the Young Investigator Group Human-Centered Hardware Security located at Ruhr University Bochum contributed to the study, drawing on his methodological and practical experience in human-centered security. His group focuses on interdisciplinary, human-centered approaches to hardware security.

Open data

In line with open-science principles, the authors have released the full dataset—anonymized questionnaire responses from 12,351 participants in 12 countries—to enable independent analysis, regional benchmarking, and evidence-based policy.

Access it via https://doi.org/10.60517/ZW12Z533J

Full paper here: https://www.usenix.org/system/files/usenixsecurity25-herbert.pdf