We have to draw a line somewhere I hear you say. Well I say, no you don't and I'll tell you why. It boils down to the difference between blacklisting and whitelisting or opting-in and opting-out. Let me explain; in the world of IT or online connectivity generally, the terms blacklisting and whitelisting are commonly used but rarely by ordinary home users of Internet connected equipment or software but in the real world you will at least understand blacklisting - a list used to prohibit or bar people in some way. On a PC email client you may have a list of email addresses on a blacklist you don't want to be downloaded onto your PC, which means that every other email address in world is acceptable. With a whitelist only email addresses on the list will be downloaded, every other address in the world will not be. Assuming that every email you receive can constitute a threat (and they can), which list is safer? A good email client or client add-on or plug-in that can provide whitelisting facilities will prompt when it sees an email address not on the list and ask if you want to add it to the list.
The point is with whitelisting you are completely in control of your own safety. It is analogous to organ donor cards and the debate over opting-in or out so that if you have to opt-in and you have an accident, the emergency services don't know if you wanted to donate your organs and have to ask somebody else if you are not carrying your card. If we have an opt-out system, it is assumed that you don't object to someone else benefiting from your organs if you don't need them any more. In order to be completely in control of what happens to your body when you die, you have to support an opt-out system, provided nobody is given a legal right to overrule your decision. Some would say that when you are dead, it is no longer your body or decision. They might be right but, for the purposes of this analogy, let's assume they are wrong.
If you want to be safe online why would you assume that the whole world is your friend before you expose yourself to danger. Why on earth would you trust all your relatives to treat your corpse as you wished? All the people you do trust might die in the same incident that you do. Opting-in to organ donating (without legal guarantees) and email blacklisting require that you trust everybody except those you have learned not to. In both scenarios that means, after the damage has been done. So, you may ask me, why have I never heard of whitelisting (or blacklisting for that matter). That is the point of this article.
I don't know if there are any reliable published figures but I personally don't know anybody using IT to access anything online who uses a trust-no-one approach despite endless reporting on the consequences of poor internet security. Most people I know have no idea how to go about conducting email communications safely never mind everything else that should happen before you ever set up an email client. What the hell's an email client, I hear you shout. Yep, you are not alone. I hear you demand that you be able to turn on your brand new PC/tablet/smartphone and do emailing, online shopping, banking and 'socialising' without having to worry about all that geeky/techy/anal detail. We are talking about your privacy, the protection of your ID, your bank details, your total finances, your livelihood and you think you should simply trust the PC manufacturer, your ISP, your other hardware manufacturers and software developers, each in turn and that they will have collaborated systematically to ensure your safety. They don't, they don't say they do and they never will. Read on.
You need a licence to drive a car, a much less complicated system than surfing the web securely. You need a passport/visa/security check to cross borders and expect to able to do that with your PC without taking precautions. You will call the police if somebody tries to force their way into your house but you have left many doors wide open on your PC/tablet/smartphone because that is how they are set up on delivery, even worse if your machine used to belong to somebody else. So, having got your attention, you can forget everything above now and we can start at the beginning.