As many as 978 million people in 20 countries lost money to cybercrime last year, according to a new report by security firm Norton. It says that victims lost an average of $142 to hackers in 2017, and that each victim spent almost 24 hours dealing with the fallout.

The leading technique used to extort money from consumers was malware—including things like ransomware and cryptojacking. But fraud and password loss were also significant factors.

Globally, cybercrime victims share a similar profile, said Norton; they are “everyday consumers who use multiple devices whether at home or on the go, but have a blind spot when it comes to cyber security basics. This group tends to use the same password across multiple accounts or share it with others”.

Equally concerning, said Norton, is that 39% of global cybercrime victims despite their experience, gained trust in their ability to protect their data and personal information from future attacks and 33% believe they had a low risk of becoming a cybercrime victim.

“Consumers’ actions revealed a dangerous disconnect,” said Fran Rosch, executive vice-president of Symantec. “Despite a steady stream of cybercrime sprees reported by media, too many people appear to feel invincible and skip taking even basic precautions to protect themselves.

“This disconnect highlights the need for consumer digital safety and the urgency for consumers to get back to basics when it comes to doing their part to prevent cybercrime.”

Consumers used device protection technologies such as fingerprint ID, pattern matching and facial recognition, with 45% using fingerprint ID, 21% using pattern matching, 19% using a personal VPN, 14%  using voice ID, 16% using two-factor authentication, and 16% percent using facial recognition.

However, consumers who adopted these technologies often still practice poor password hygiene and fell victim to cybercrime.

The Norton Cyber Security Insights Report is an online survey of 21,549 individuals ages 18+ across 20 markets, commissioned by Norton by Symantec and produced by research firm Reputation Leaders.