Overall, fewer than half (41%) of IRE journalists have received training or instruction from outside sources about ways to protect themselves and their sources.

The most common source of training for this group is a journalism conference or seminar. Nearly one-third (30%) say they have learned about digital security from this type of training. That compares with just 15% who say they have received training or instruction from a news organization they work for or have worked for in the past. Fewer than one-in-ten investigative journalists (4%) have received training or instruction about these issues in journalism school.

Outside of any formal training, these investigative journalists report spending little time conducting research on their own about digital security. When asked how much time they’ve spent over the past year researching what they can do to secure their communications, the majority of journalists (73%) say they have spent not much time or no time at all. About a quarter (23%) have spent some time doing so, and just 3% say they spend a great deal of time.

Science and Tech Reporters Have Higher Levels of Familiarity With Key Tech TermsDespite the apparent dearth of training and information, most respondents claim to have at least some familiarity with key tech security concepts:

  • 77% are familiar with what constitutes “metadata”
  • 76% are familiar with the difference between HTTP and HTTPS sites
  • 65% are familiar with proxy servers
  • 59% are familiar with two-factor authentication
  • 37% are familiar with digital threat modeling

As one might expect, some of the highest levels of familiarity with these concepts are reported by journalists who cover science and technology, as well as by those who cover national security, foreign affairs or the federal government.