Trustpilot

Router security study 2025: Half of internet users ‘leaving the door open’ to hackers

Alex Tofts

Author:

Last updated:

For our fourth router security survey in 2025, the Broadband Genie team wanted to find out if attitudes had changed towards router security over the previous 7 years.

Prior studies between 2018 and 2024 showed the vast majority of people had no idea they were compromising their security by not changing default settings or passwords.

Had that changed? Were more people now aware of network security or less informed?

In our 2025 router security survey, we polled 3,242 Broadband Genie users and asked the same series of questions. While we found the results surprising at the time, the findings suggested some important lessons still relevant today.

With a strong commitment to improving router security in 2025 and beyond, let’s analyse the key points.

2025 Router security survey results

Let’s discuss the findings of the router security survey and what it means for the internet-using public.

47% have never adjusted any of their router factory settings

We’ll dive deeper into the results soon, but to start off, the majority of internet users have never adjusted any of their router factory settings.

This figure represents the lowest rate since our first study and a 5% improvement from 2024.

While this is a step in the right direction and the tide could be turning, there is still a long way to go. We’ll dive further into the results and see how users are interacting with their router.

81% have not changed the router administrator password

We recommend changing the administrator password as soon as you set up your broadband router, but 81% of users still don’t do it, as shown in the chart below.

5% more internet users are changing their router administrator password compared to in 2024.

Leaving the password as the default is the easiest way for someone to gain access to your router and therefore, your network and connected devices.

It’s an open invitation to nefarious characters to snoop around and take what’s yours.

It’s illegal to sell connected devices with weak passwords in the UK, but router manufacturers use a specific type of username and password.

That information is out there for everyone to see, which makes it easy for hackers to attack your router.

69% have never changed their Wi-Fi password

Next we looked at Wi-Fi passwords - Our research found that almost a third - only 31% had ever changed their Wi-Fi password.

 

Changing your Wi-Fi password is a simple, yet fundamental security precaution and takes seconds.

Similar to the router admin password, default Wi-Fi passwords are well known, and it would take seconds for a knowledgeable hacker to gain access.

84% have never updated their router firmware

Another area of concern was that over 8 in 10 of internet users have never updated their router firmware. Over the past 6 years, we’ve seen fewer people update their router software. In 2025, 5% more people are updating their routers' firmware. The following graph illustrates this trend.

 

Firmware is the software routers use to operate. It’s often updated over time to add new features, make the router more secure, resolve any issues and optimise code.

Failing to update can leave routers vulnerable, which is why this result isn’t the one we wanted to see. The challenge is, updating router firmware can seem complicated, and the instructions aren’t always clear.

Fortunately, many newer routers handle updates automatically, but it’s still something users need to be aware of.

85% have never changed their network name

Changing your network name is a small, but useful security precaution to help protect your home network, but it seems 85% of people still aren’t changing theirs.

That’s 4% more people changing their network name than in 2024 and in 2022. However, it’s still below the levels we saw in 2018.

The network name is your Wi-Fi name, such as ‘SKY12345’ or ‘Linksys-7890’. Leaving it as default provides a simple way for hackers to identify the router, making it easier to access your network.

69% of respondents haven’t checked to see who is using their network

It seems only 31% check to see who or what is using their home network.

 

An average home network has 12 connected devices, but most users don’t check. This is a fundamental security precaution which is usually very straightforward to do.

73% of respondents don’t know why they would need to adjust their router settings

So what’s the reason behind us not engaging with our router settings? The vast majority of our survey respondents do not know why they would need to make these changes.

 

Worryingly, this awareness gap has stayed at a high level for the past 3 years.

79% know how to change router settings

Our research revealed knowledge how to change their router settings is not the biggest barrier.

Commenting on the research, Alex Tofts, broadband expert at Broadband Genie: “While it’s encouraging to see more people accessing their router settings, far more needs to be done to help them make essential changes. Providers and manufacturers can educate customers and need to make it easier for the average user to secure their home networks.

“We encourage everyone to take just five minutes to log into their router, update their login details, and change default passwords.”
- Alex Tofts, broadband expert at Broadband Genie

Why it’s important to adjust your routers’ default factory settings

Broadband Genie asked Oliver Devane, Senior Security Researcher at McAfee, why it’s important to adjust your router factory settings: “Many default settings can be dangerous in the hands of cybercriminals. Your router is the gateway to all the connected devices in your home, so it’s key to make sure it’s secure.

“Cybercriminals take advantage of bugs and vulnerabilities in firmware, to gain access to your online information, which may then be used to launch further rounds of phishing scams. Keeping the firmware up to date with the latest security patches will prevent this from happening. Investing in protection software which has a VPN will also encrypt and secure internet connections, adding an extra layer of protection to help you stay safe online.

“Just like changing the lock on your front door, changing the default router password will ensure only authorised people can access your home network.

“Many internet users are simply unaware of the risks associated with their routers, and more needs to be done to raise awareness.”

How to prevent being a victim of a cyberattack

There are some simple but effective ways to help prevent cyberattacks.

Each requires just a couple of minutes and can make a big difference to how secure your home network is.

Change passwords

Changing your router administrator and Wi-Fi passwords are the single most effective precautions you can take. They are also the easiest.

Make passwords as long as you can while remaining easy to remember. If you can add a mix of uppercase and lowercase letters, numbers and special characters, all the better.

Change your network name

Changing your network name not only personalises your network, it also makes life harder for cyber criminals.

You can change your network name at the same time you’re changing your Wi-Fi password.

Update your router's software

Many routers will automatically update their firmware, but not all do. It takes just a few seconds to check the firmware on a router and compare it to the latest version on the manufacturer’s website.

We recommend checking every few weeks to see if there’s an update.

Check who’s using your network

Checking who’s using your network prevents people from using your bandwidth without permission, reveals devices you forgot had internet access, and helps detect unauthorised access.

Most routers will have a list of connected devices within the dashboard. Check it regularly and remove any device or user you don’t recognise.

Read this guide for more information on securing your router.

What to do if you’re a victim of a cyberattack?

Even if you take every precaution possible, you still may be unfortunate enough to be a victim of cybercrime.

So what can you do?

  1. Disconnect your internet and perform a full factory reset of the router. This will erase any code the hacker may have installed to give them access. This will reset all your settings, but is an essential step.
  2. Change your router admin password, Wi-Fi password and network name to something unique immediately. Don’t reuse anything you used before.
  3. Check devices to see what an attacker may have been able to access. Follow up with any banks or organisations, just in case.
  4. Reach out to your ISP for guidance if you need extra help.

 

It’s important to stay informed and regularly educate yourself about cybersecurity best practices to better protect your network in the future.

Taking these steps can help you recover from a security breach and strengthen your home network against future attacks.
 

  • Methodology

    The findings reveal significant gaps in router security awareness. The research was carried out by Broadband Genie with expert input from McAfee’s cybersecurity researchers, combining consumer data with insights from McAfee’s threat intelligence team.

    Broadband Genie interviewed a total of 3,242 internet users. 2,000 through a OnePoll survey between 7th-9th October 2025 and 1,342 internet users between 24th April-30th September 2025 through an online survey.

Alex Tofts

Meet the author:

Broadband Expert

Alex came on board in October 2016 and in that time has risen to Broadband Genie’s resident broadband expert. For the last 7 years, he has appeared all over the UK press, giving expert advice about anything and everything related to broadband.


Specialist subject: Fighting the consumer's corner on all things broadband.

Related pages

Top guides

Why do we need your address?

We need your address to show you the broadband deals available at your home. This information is gathered in partnership with thinkbroadband.
Read our privacy policy for more details.