Research findings released ahead of World Backup Day by Kaspersky have shed light on how people around the globe are managing their most private information in an increasingly connected world. A comprehensive survey carried out by the company’s market research team polled 3,000 adults across 15 nations, including markets in Europe, Asia, Latin America, the Middle East, and other regions.
The results paint a clear picture: 84 percent of respondents now keep sensitive personal records—such as identity documents, banking details, medical files, or family photo collections—exclusively in electronic form.
The shift toward digital storage is especially stark among younger users.
Ninety percent of those aged 18 to 34 reported relying solely on electronic formats, reflecting the seamless integration of technology into daily life for millennials and Generation Z.
By comparison, older adults remain more cautious; nearly one in three people over 55 still prefer traditional paper copies as their primary safeguard.
When it comes to where this digital information actually lives, local computers and external hard drives remain the top choice for 56 percent of participants.
Cloud-based platforms follow closely at 45 percent, while 20 percent entrust their files to official government digital portals.
Although these methods offer convenience and instant access, Kaspersky experts stress that each carries hidden vulnerabilities, from accidental deletion and hardware failure to remote hacking attempts.
To counter these risks, the company urges users to adopt proven protective habits.
A cornerstone recommendation is the 3-2-1 backup rule: maintain at least three copies of critical files on two separate types of media, with one stored safely off-site.
For especially private material like passwords or scanned IDs, dedicated password-management tools equipped with encrypted vaults provide an extra layer of defense.
Users are also encouraged to move beyond easily guessed passwords by activating two-factor authentication or passkey systems wherever possible. Automating routine backups through built-in device features or specialized security suites can further reduce the burden of manual efforts.
Marina Titova, Vice President for Consumer Business at Kaspersky, highlighted the practical side of these strategies:
“Backups become manageable when you categorize files by importance and let automation handle the essentials. Prioritizing critical data prevents overload while ensuring what truly matters stays protected.”
Compounding these everyday concerns, Kaspersky’s Global Research and Analysis Team simultaneously exposed a sophisticated new remote-access trojan named CrystalX RAT.
First documented in early April, the malware is being marketed as a service to other criminals through YouTube tutorials and Telegram channels, lowering the barrier for even novice attackers.
Beyond standard data theft—pulling system details, login credentials from apps such as Steam, Discord, and Telegram, and browser histories—CrystalX includes a cryptocurrency clipper that silently swaps wallet addresses during transactions.
Even more unsettling are its surveillance and psychological features.
The trojan can secretly record microphone audio, snap screenshots, and capture video from both webcams and screens.
Its standout “prankware” module lets operators visibly harass victims in real time: shaking the mouse pointer, swapping desktop wallpapers, flipping screen orientation, hiding icons, forcing sudden shutdowns, or flooding the display with mocking pop-up messages.
Researchers note that these disruptive antics turn a silent breach into a deeply personal ordeal, potentially amplifying emotional distress and opening doors to blackmail using stolen information.
Senior security researcher Leonid Bezvershenko warned that the threat is evolving rapidly, with fresh variants already appearing and dozens of victims confirmed so far.
Geographic reach is expected to widen quickly.
To defend against both routine data-loss risks and advanced attacks like CrystalX, Kaspersky advises exercising caution with email attachments and messenger downloads, sourcing software and games only from verified platforms, deploying full-featured security solutions, and enabling visible file extensions in Windows settings to spot disguised executables.