The cost of cybercrime reached a whopping $126 billion during 2015 and affected 689 million people in 21 countries, an annual study found. The Norton Cyber Security Insights Report 2016 also found a 10 percent increase in online fraud compared to the year before, based on data from 17 countries where it conducted the survey in both years.

The study found a number of factors responsible for the high numbers of affected people, including users’ habits, lack of awareness and a lackadaisical attitude to their online safety despite being aware of some of the threats, as well as the proliferation of connected devices and increasing instances of connecting to non-secure networks.

More than three-fourths of the respondents said they were aware of the need to protect their online access information and still shared their passwords. Millennials were the most vulnerable sub-group in this category, with 40 percent of them having faced cybercrime during 2015.

More than 40 percent of those surveyed couldn’t tell for certain if an email was genuine or phishing, and of the 86 percent who had experienced one or more phishing instances, 13 percent had taken a compromising actions, like clicking on malicious links or sharing personal details. Four-fifths of those suffered negative consequences, including identity theft, getting money stolen from their bank accounts and new credit cards registered in their names.

Entering financial credentials when using a public Wi-Fi network and not protecting the Wi-Fi network and connected devices in their own houses was largely a consequence of misplaced overconfidence in the security of those networks and devices.

And all this, when 51 percent of those surveyed said it was now more difficult to stay safe online than in the real world, and 48 percent of the parents in the survey said they feared cyberbullying of their children more than what they thought happened in the schools or playgrounds.

When it comes to the United States, the numbers are almost uniformly worse.

As opposed to 31 percent of the global population, 38.5 percent of U.S. citizens were affected by cybercrime in 2015, and contributed $20.3 billion — almost a sixth — to the global share. About 48 percent Americans couldn’t identify a phishing attack and 70 percent believed it has become harder to stay safe online in the last 5 years. And 64 percent were more concerned about their children being bullied online than in real life.

The survey was conducted online between Sept. 14 and Oct. 4 by Edelman Intelligence on behalf of Norton by Symantec, and had 20,907 respondents, including 1,002 device users from the U.S.