Younger workers more likely to pay a ransom demand to a hacker than over-30s. Under-30s also troubled by lack of the right security skills in their organization
In today’s multigenerational workforce, the over-30s are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology.
This is according to a report on generational attitudes to cybersecurity from the Security division of NTT Ltd. a leading global technology services company.
NTT’s report identified good and bad practice for organizations researched as part of its Risk:Value 2019 report, scored across 17 key criteria. This revealed that under-30s score 2.3 in terms of cybersecurity best practice, compared to 2.9 for 30-45 year-olds and 3.0 for 46-60 year-olds.
The data suggests that a person born in the digital age wouldn’t necessarily follow cybersecurity best practice. In fact, employees who have spent longer in the workplace gaining knowledge and skills and acquired ‘digital DNA’ during that time, sometimes have an advantage over younger workers.
Under-30s, who are born into the digital age, on the other hand, are more laid back about cybersecurity responsibilities. They adopt different working practices and expect to be productive, flexible and agile at work using their own tools and devices. However, half of respondents think that responsibility for cybersecurity rests solely with the IT department. This is 6% higher than respondents in the older age categories.
Top generational differences in attitudes toward cybersecurity:
Under-30s are more likely to consider paying a hacker’s ransom demand (39%) than over-30s (30%). This may be due to an impatience to get systems back up and running, or a greater knowledge of bitcoin and other cryptocurrencies.
Growing up in a technology skills crisis, 46% of under-30s are worried their company doesn’t have the right cybersecurity skills and resources in-house. This is 4% higher than for over-30s.
The desire for flexibility and agility could be affecting attitudes to incident response. Under-30s estimate that a company could recover from a cybersecurity breach in just 62 days – six days less than the time estimated by older age groups (68 days).
Younger workers are more accepting of personal devices at work than their older counterparts; 8% fewer consider them a security risk. However, they’re more concerned about the Internet of Things (IoT) as a potential risk (61% compared to 59%).
Eighty one percent believe cybersecurity should be an item on the boardroom agenda, compared to 85% of over-30s.
“It’s clear from the research that the workforce has a very different approach and attitude to cybersecurity, depending on age. Businesses must transform their approach to security if they are to engage all generations. Most important is ensuring that employees understand that security is everyone’s business, and isn’t simply a role for IT, as has been the case in the past,” says Matt Gyde, CEO, Security, NTT Ltd. “Different generations use technology in very different ways and business leaders need to recognize that strong cybersecurity practices for all generations within the business is an enabler and not a barrier. Security leaders should make themselves more approachable and talk the language of business, not IT. Education is also fundamental to change in cybersecurity behavior, so make the learning process interesting and relevant to all generations in the workforce.”