A new survey of more than 2,300 self-identified technologists from 90 countries finds a glaring lack of cybersecurity knowledge.

Conducted in April and May on behalf of RSA Security LLC, the survey asked a series of fact-based questions, such as the most frequent data breach cause and how to implement a zero-trust strategy. The results were published earlier this week as part of the RSA ID IQ report, since most of the questions concerned identity-related issues.

Almost half of the respondents answered at least half of the questions incorrectly, while fewer than 10% got most questions correct. That seems to be a failing grade right off the bat.

Two-thirds of the self-described identity management experts did not select the best practices for reducing phishing. The question asked to pick several ways to reduce phishing attacks, and the correct answers were multifactor authentication and tools using the Fast Identity Alliance protocols.

The online multiple-choice survey was distributed to RSA Conference attendees along with attendance at other European security conferences and other RSA customers. Each participant was asked to self-identify as either an identity expert, a cybersecurity expert or neither, though some kind of information technology involvement was assumed, given the audience. This means it’s difficult to draw definitive conclusions, given the self-selection, but the results are still unsettling.

The survey asked participants to estimate the cost of resetting a single user’s password, with three-quarters of the answers estimating too low. The correct answer, taken from an old Forrester Research study, is more than $70.

Other choices that were picked by the respondents were much lower. And two-thirds of the respondents admitted to recycling the same password across multiple accounts, something that really shouldn’t be surprising but is somewhat depressing nonetheless.

A third of all respondents said they were prevented from accessing systems needed to do their work at least once a week because of various operational malfunctions.

“We need the help of AI technologies to manage all the identities throughout their lifecycle,” RSA Chief Executive Rohit Ghai wrote in the introduction to the report. “Paradoxically, even in this world where AI can dynamically assess risks and automate responses to threats, humans will have an even more important and strategic role in cybersecurity and identity security.”

Ghai outlined a place for humans to pave the eventual artificial intelligence highways and set the AI rules of the road, as well as planning for potential AI-generated errors. In the meantime, it seems we still need help paving the way for more knowledgeable cybersecurity personnel too.

Images: Pixabay, RSA