National Privacy Test: Canadians drop to seventh place

About the National Privacy Test

The National Privacy Test (NPT) is an international survey that measures how well people understand internet security and online privacy. The test includes 22 questions covering three areas: daily digital habits, privacy awareness, and cybersecurity threats.

This year, more than 30,000 people from 185 countries took the test to check their cyber hygiene. To make global comparisons meaningful, the analysis focuses on 31 countries with the largest number of responses, each with at least 100 participants. This approach reveals not only how individuals scored but also how nations differ in their online safety knowledge.

Each country receives a National Privacy Test (NPT) score based on participant performance across the three categories. Participants are also grouped into four distinct “cyber personas” that reflect their level of cybersecurity awareness, from the least to the most knowledgeable.

Before looking at this year’s results, let’s outline how NPT scores are calculated and what the cyber personas mean.

How we calculate the scores

The National Privacy Test score shows how well a person understands online privacy and cybersecurity. To calculate it, we look at three separate areas:

• Daily digital life – how people handle their information, like passwords, app updates, data-sharing, and app permissions.
• Privacy awareness – how well they recognize risks such as scams, phishing attempts, or how companies collect personal data.
• Digital risk tolerance – how cautious they are when faced with risky online situations.

The test has 22 questions in total, and each one is worth 4.5% of the score. We calculate the NPT score by taking the average of the three category scores. The more correct answers a person gives in each category, the higher their final NPT score will be.

What are cyber personas?

To make the results easier to understand, everyone who takes the test lands in one of four “cyber personas.” Each represents a different level of knowledge and awareness:

• Cyber Wanderer (1-24%). Cyber Wanderers have very little knowledge about online safety. They often don’t know how to protect their accounts, devices, or data.
• Cyber Tourist (25-49%). Cyber Tourists know a bit more, but still make common mistakes. They may recognize some threats but not know how to respond to them.
• Cyber Adventurer (50-74%). Cyber Adventurers understand most everyday privacy and security issues. They know how to protect themselves in many situations, but they still have room to improve.
• Cyber Star (75-100%). Cyber Stars are the most knowledgeable. They are highly aware of online risks, understand how to protect their data, and follow safe digital habits.

What do the numbers show?

Canada ranked 7th worldwide in 2025, dropping from 6th in 2024 and 4th in 2023. While Canadians scored well in digital risk (4th), their results in privacy awareness (6th) and especially daily digital life (9th) pulled them down.

Key takeaways

The 2025 National Privacy Test shows that Canadian participants have a strong grasp of some fundamentals but weak performance in daily habits and phishing awareness: 

• Canada’s overall score (56) was just below the global average (57). Their digital risk score (66) was a relative strength, putting them 4th worldwide, but privacy awareness (53) and daily digital life (51) pulled them down.
• As many as 96% of Canadians knew how to create strong passwords, and 94% managed app permissions correctly. Nine in ten also understood which sensitive information should not be shared on social media. These everyday basics remain consistent strengths.
• Just 16% knew where to store passwords safely, one of the lowest results globally. Canadian participants were also among the lowest-performing groups when it came to recognizing the importance of updating apps. Weaknesses in such simple habits leave participants vulnerable.
• Only 30% could identify a phishing website, a worrying number given phishing’s role in most cyberattacks. Canadians also struggled with how to react to a suspicious login attempt.
• On the positive side, awareness of what to do after a login alert improved compared to 2024, and more participants recognized which data should never be shared on social media.

Canada has strong foundations, but its performance is slipping in key areas. Without stronger phishing awareness and better daily habits, Canadians risk falling further behind.

Cyber personas in Canada

Canada has fewer Cyber Stars than average, at just 8%, which puts them behind many top-performing countries. The majority (67%) are Cyber Adventurers, while 24% are Cyber Tourists. A small group (1%) are Cyber Wanderers, meaning they scored the lowest. This mix shows a strong middle tier but too few highly skilled participants.

Biggest changes since 2024

Canada’s 2025 results continue the slow decline seen in recent years. Even small drops matter when they become a trend.

The overall National Privacy Test score fell by one point, from 57 to 56, extending a downward slide that began in 2023. The daily digital life score stayed low at 51. Phishing knowledge also remained poor, with fewer than half of Canadians able to identify a fake website.

Still, some improvements were made. This year, more Canadians knew how to respond to a suspicious login alert and were more careful about what personal information to share on social media. These gains reflect progress in real-life scenarios where quick thinking matters most.

But the weak areas continue to outweigh the positives. Without better phishing awareness and stronger everyday habits, Canada may continue to slip in the rankings.

An overview of global results

This year’s National Privacy Test shows that global privacy and cybersecurity awareness is holding steady, but not improving. The worldwide NPT score in 2025 was 57 out of 100, the same as last year. 

The details reveal mixed progress. The daily digital life score continues to creep upward by about one percentage point a year, showing that people are slowly improving their everyday online habits. But at the same time, privacy awareness and digital risk tolerance are declining, suggesting that while individuals may be getting better at routines like managing passwords or permissions, they are less prepared for growing threats.

As in previous years, participants did best on basic practices: creating strong passwords (96% correct), handling suspicious streaming service offers (95%), knowing which data to share with apps (94%), and understanding which sensitive data should not be posted on social media (90%). Many also recognized how devices can get infected with malware.

The weakest results came from newer and more technical areas. Only 6% of participants knew the privacy issues to consider when using AI for work. Knowledge of what ISPs collect as part of metadata, how to secure home Wi-Fi, where to safely store passwords, and which online tools protect privacy also remained very low.

“AI has raised the stakes online, but the fundamentals of staying safe haven’t changed. People are getting better at spotting scams, yet too many still skip updates or reuse passwords, and those small gaps are exactly what criminals exploit,” says Marijus Briedis, chief technology officer (CTO) at NordVPN.

He adds: “The test aims to educate people worldwide about cyber threats and offer clear, practical guidance to reduce the risks of fraud, data harvesting, surveillance, and other online threats.”

Globally, the overall picture of cyber personas did not change from 2024 — one in ten participants is a Cyber Star. The highest scores came from people aged 30–54 and those working in IT. The lowest scores were seen among students, retirees, and people employed in hospitality or construction.

Think you’d score higher? Take the National Privacy Test and see how your knowledge stacks up. And if you’re curious about the full picture, check the global results for all countries in the 2025 NPT report.

The biggest global shifts

Compared to last year, a few changes stand out:

• AI-driven scams are better recognized. Awareness jumped by five percentage points (from 63% in 2024 to 68% in 2025). More people now understand how cybercriminals use AI to trick victims, making this one of the strongest improvements of the year.
• Privacy tools are gaining traction. Understanding of online tools that protect digital privacy rose from 27% in 2024 to 32% in 2025. While still a low number overall, this 5-point increase shows that awareness of solutions like VPNs, password managers, and encrypted services is slowly spreading.
• App permissions are better understood. Knowledge of which data to share with apps increased by 3 points (from 91% to 94%). This steady improvement suggests more users are learning to limit access and protect their personal information.
• Updates remain overlooked. Awareness of the security benefits of updating apps as soon as possible dropped another 2 points (from 56% to 54%). This decline confirms a continuing trend — many users still underestimate the role of updates in preventing hacks and fixing vulnerabilities.

Methodology

The National Privacy Test is an open-access survey available to anyone online. It does not use quotas for age, gender, or background and is therefore not nationally representative.

In 2025, 30,792 people completed the test, up from 25,567 in 2024 and 30,747 in 2023. The numbers in this blog reflect responses collected up to July 31, 2025. If the results on the NPT website look slightly different, that’s because more people have taken the test since then.