Google presented a compelling study examining security related behaviors by "expert" security users (those with a set number of years of professional experience in the field) and non-experts representing "typical" internet users. By surveying these groups, the Google team who recently presented the paper at the Symposium On Usable Privacy and Security compared not effectiveness of one security technology or another, but instead presented data related to behavior and perception of security technologies.
The results show that the two groups of users tended toward different security behaviors, but that both were concerned and acted on that concern. "the computer security experts seem, in some ways, to live in less fear of the dangers of the Internet than the non-expert population. In some cases this may just be an indication of how experts and non-experts fear different threats—perhaps the group of non-experts is more concerned about their old passwords being guessed or stolen and therefore change their passwords regularly, while the experts are worrying about having their passwords phished, and therefore are more likely to activate two-factor authentication" says Josephine Wolff for Slate in an article discussing the results of the study.
User behaviors, education and perception play a key role in broadly used security practices and technologies, regardless of how the population is segmented. The Google study shows that users are taking measures to protect themselves, but that doing so can look very different across individuals and groups. Arguably, users could collectively do more, but in order to meet their needs, security providers should arm themselves with a strong understanding of who is currently using what technology, and why.