Average Americans Doing Very Little About Heartbleed

Gallup poll shows most Americans aren't aware of Heartbleed cybersecurity bug

The Heartbleed security bug that affected millions of Americans earlier this year may be old news within tech circles, but new Gallup research suggests there's a lot more that solution providers could be doing to help shore up protection.

The Heartbleed problem came about as a result of a flaw in data encryption methods commonly used by Web sites and online retailers. Among those identified as vulnerable were Google, Yahoo! and Amazon.

Less than half of those surveyed by Gallup (45 percent) acknowledged being aware of the bug. Among those that had heard about Heartbleed, 71 percent said they were "somewhat" to "very concerned" about it. But only 40 percent of the respondents had actually done anything about it, the data show.

The research reflects the opinions of approximately 1,011 adults, surveyed by Gallup from April 23 to April 29.

Gallup Heartbleed poll

What's most concerning, perhaps, is that only one-third of the respondents said they had been contacted by companies that they do business with about this potential security gap. Whether that's because those companies haven't figured out what to do about it or they are unaware of their own vulnerability is open to interpretation.

Among the consumers who had both heard about Heartbleed from a business partner AND decided to take action about it, here are some of the most common responses:

  • Have changed online passwords (73 percent)
  • Have decided not to make an online purchase that they normally would have (20 percent)
  • Have decided not to log on to a Web site until the issue is resolve (22 percent)
  • Have contacted a Web site or company with concerns (10 percent)
  • Have closed or cancelled an online account (11 percent)

Even though consumers bear some responsibility for ensuring their own protection, the Gallup data suggests there's a lot more that companies of all sizes – in collaboration with their solution providers -- could be doing to address Heartbleed specifically and cybersecurity generally.