Millennials and Gen Z employees in the US are significantly less likely to prioritize or adhere to cybersecurity protocols than their older Gen X and baby boomer counterparts, according to a recent survey from EY Consulting.
The survey suggests that despite understanding the need for security measures, young digital native workers were much more likely to ignore mandatory IT updates for as long as possible (58% for Gen Z and 42 % for Gen Y versus 31% for Gen X and 15% for Baby Boomers). They were also more likely to use the same password for work and personal accounts (30% for Gen Z and 31% for Millennials vs. 22% for Gen X and 15% for Baby Boomers).
This is despite a finding that three-quarters (76%) of workers of all generations consider themselves well-informed about cybersecurity.
Human risk data a “red flag” for employers
“This research should be a wake-up call to security leaders, CEOs and boards, as the vast majority of cyber incidents can be traced back to a single individual,” said Tapan Shah, leading cybersecurity consultant at EY Americas, in a press release. “Organizations have an immediate need to reengineer their security strategy with human behavior at its core. Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then creating proactive cybersecurity systems and a culture that educates, engages and rewards everyone in the company.
Millennials are a demographic cohort born between the early 1980s and mid-1990s through the early 2000s, which puts them in their early to mid-40s. Generation Z is generally considered to have been born between the mid-1990s and early 2010s, which puts them today somewhere between their early teens and early 20s.
Shah believes that it is precisely because they are used to the cybersecurity process and aware of the risks that younger generations believe they need not worry.
Millennials and Gen Z “desensitized” to cyber risk
“Millennials and especially Gen Z have grown up as digital natives incorporating technology into their daily lives and expect their employers to already have seamlessly built-in cybersecurity protections,” Shah told CSO. “They also grew up where cyber breaches occur regularly. In a way, they are desensitized to the risks and despite the precautions they take, they believe that cyber incidents are inevitable.
The survey also found that younger generations were more likely to accept web browser cookies on work devices all the time or often (48% for Gen Z and 43% for Millennials versus 31% for Gen X and 18% for baby boomers). ).
Other responses from all employee age groups:
- 84% felt prepared to avoid cybersecurity mistakes at work.
- Only 35% felt very prepared to avoid cybersecurity mistakes.
- 50% were very confident about how to use strong passwords.
- 43% were very confident about keeping work devices up to date with cyber protection.
- 41% were very confident about how to identify phishing attempts.
- 38% were very confident about how to avoid ransomware.
- 32% were very confident about how to encrypt their data (32%).
Cybersecurity education is the solution
According to EY, the key to improving cybersecurity practices is role-based and risk-based employee training. The survey found that respondents who had received cybersecurity training relevant to their role in the past year were significantly more likely to implement cybersecurity practices at work than those who had not received any training in the past. more than a year.
“Companies are investing to embed cybersecurity into every business unit as they digitally transform, but software, controls, processes and protocols are only part of the equation to minimize cyber risk” , Shah said. “Increasing enterprise-wide security also requires a holistic approach to people, engaging every employee and embedding security controls and protocols that make risks tangible in their work and personal lives. .”
The survey, conducted between August 20 and August 29, 2022 for EY by a third party, sampled 1,000 full-time and part-time U.S. employees ages 18 and older whose jobs require the use of laptops. or a desktop computer. The sample was balanced by age, gender, household income, race/ethnicity and region. The margin of error is estimated at +/- 3 percentage points.
Copyright © 2022 IDG Communications, Inc.