Selling fear: Marketing for cybersecurity products often leaves consumers less secure

You have likely seen multiple ads for products and services designed to make you more secure online. When you turn on your television, see online ads, or even when you get in-app notifications, you are likely to encounter cybersecurity technology marketed as the ultimate solution and the last line of defense against digital threats.

Cybersecurity is big business, and tech companies often sell their products based on fear. These campaigns are often rooted in what I call the technology vs. user cycle, a feedback loop that creates more problems than it solves.

It works like this: Cybersecurity companies often market their products using tactics that emphasize fear (“Hackers are coming for your data!”), blame (“It’s your fault if something happens!”) and complexity (“Only our advanced solution can protect you”). They perpetuate the idea that users are inherently not savvy enough to manage security independently and that the solution is to adopt the latest product or service.

As a cybersecurity researcher, I find that this approach often has unintended, harmful consequences for people. Rather than feeling empowered, users feel helpless, convinced that cybersecurity is beyond their understanding. They may even develop techno-stress, overwhelmed by the need to keep up with constant updates, new tools and never-ending warnings about threats.

Over time, this can breed apathy and resentment. Users might disengage, believing that no matter what they do, they’ll always be at risk. Ironically, this mindset makes them more vulnerable as they begin to overlook simple, practical steps they could take to protect themselves.

The cycle is self-perpetuating. As users feel less secure, they are more likely to demand new technology to solve their problem, further fueling the very marketing tactics that created their insecurity in the first place. Security providers, in turn, double down on promises of fix-all solutions, reinforcing the narrative that people can’t manage security without their products.

Ironically, as people grow dependent on security products, they can become less secure. They start ignoring basic practices, become apathetic to constant warnings, and put blind trust in solutions they don’t understand.

The result is users remain stuck in a loop where they depend on technology but lack the confidence to use it safely, creating even more opportunities for people with malicious intent to exploit them.

Cybercrime evolution

I’ve worked in cybersecurity since the early 1990s and witnessed the field evolve over the decades. I’ve seen how adversaries adapt to new defenses and exploit people’s growing reliance on the internet. Two key shifts, in particular, stand out as pivotal moments in the evolution of cybercrime.

The first shift came with the realization that cybercrime could be immensely profitable. As society moved from paper checks and cash transactions to digital payments, criminals found that accessing and stealing money electronically was relatively easy. This transition to digital finance created opportunities for criminals to scale up their attacks, bypassing physical barriers and targeting the systems that underpin modern payment methods.

The second shift emerged over a decade ago as criminals targeted individuals directly rather than just going after businesses or governments. While attacks on companies, ransomware campaigns and critical infrastructure breaches still make headlines, there has also been a rise in attacks on everyday users. Cybercriminals have learned that people are often less prepared and more trusting than organizations, and so present lucrative opportunities.

This combination of digital financial systems and direct user targeting has redefined cybersecurity. It’s no longer just about protecting companies or critical infrastructure; it’s about ensuring the average person isn’t left defenseless. Yet, how cybersecurity technology is marketed and deployed often leaves users confused and feeling helpless.

User empowerment

The good news is that you have more power than you think. Cybersecurity doesn’t have to feel like an unsolvable puzzle or a job for experts alone. Instead of letting fear drive you into techno-stress or apathy, you can take matters into your own hands by leaning on trusted sources like community organizations, local libraries and tech-savvy friends.

These trusted voices can simplify the jargon, provide straightforward advice and help you make informed decisions. Imagine a world where you don’t have to rely on faceless companies for help but instead turn to a network of people who genuinely want to see you succeed.

I believe that cybersecurity vendors should offer tools and education that are inclusive, accessible and centered on real user needs. At the same time, people should actively engage with community-driven initiatives, adopt thoughtful security practices and rely on trusted resources for guidance. People feel more confident and capable when they surround themselves with people willing to teach and support them. Users can then adopt technology thoughtfully rather than rushing to buy every new product out of fear or disengaging completely.

This community-based approach goes beyond individual fixes. It creates a culture of shared responsibility and empowerment and helps create a more secure and resilient digital ecosystem.

Resources

Knowing where to find reliable information and support is essential to take control of your cybersecurity and start building your confidence. The following resource list includes trusted organizations, community programs and educational tools that can help you better understand cybersecurity, protect yourself against threats and even connect with local experts or peers for guidance.

Whether you’re looking to secure your devices, learn how to spot scams or stay informed about the latest digital threats, these resources are a great place to begin. Empowerment starts with taking that first step toward understanding your digital world.

• The U.S. Cybersecurity and Infrastructure Security Agency has excellent resources to help you understand security.
• The Federal Trade Commission has resources on consumer safety and privacy.
• The Cyber House Rock website provides fun videos to help you understand security and privacy.
• To report a cyber incident, you can go to the FBI’s Internet Crime Complaint Center.

Doug Jacobson receives funding from NSF, DoD, and DoE. Doug Jacobson is the director of the Iowa State University Center for Cybersecurity Innovation and Outreach, which produces the Cyber House Rock Videos.

Source: The Conversation