A new report by NTT has revealed that workers over 30 adopt better behaviour than their younger counterparts..
Despite having grown up around digital technology for most of their lives, under 30’s appear to be less effective when it comes to behaviour and attitudes surrounding cybersecurity, a new report suggests. The report ‘Meeting the expectations of a new generation. How the under 30s expect new approaches to cybersecurity’ has been conducted by global technology services company NTT and reveals that younger workers are more concerned with how well their organization can fend off the growing risks posed by increasingly sophisticated cyber attacks.
Interestingly, the data reveals that while the over-30s in the UK, US, Nordics and Hong Kong demonstrate better cybersecurity behaviours, their younger adversaries in France and Brazil are leading the way.
The report sought to identify both good and bad practice taking place in organizations across the globe, using a number of key criteria to analyze their results. They revealed that on average, under-30s score 2.3 in terms of cybersecurity best practice, compared to 3.0 for over-30s.
Many would assume that Millennials and Generation Z workers would be more in tune with cybersecurity measures, given they have grown up in the digital age, but this data suggests otherwise. One theory given is that older employees who have spent longer in the workplace have acquired ‘Digital DNA’ which has given them a distinct advantage over younger workers.
In terms of attitude, it was revealed that older workers were more accepting of the need to use their own tools and devices to remain productive, flexible and agile at work, whereas over half of younger respondents felt this responsibility lay squarely with the IT department. This means that older workers are likely to respond quicker and more effectively to tackling cybersecurity risks than younger works who may just sit back and expect the IT department to come to the rescue. That said, younger workers consider the Internet of Things (IoT) as more of a security risk (69%) than older colleagues (65%).
Younger workers were also more likely to be risk takers, with over half (52%) saying they would consider paying a ransom demand to a hacker, compared to just 26% of over-30s. Over half (58%) of under-30s believe their company does not have adequate skills and resources in-house to cope with the number of security threats, compared to a quarter (26%) of over-30s, and may be the result of growing up in a technology skills crisis
When estimating recovery times from a cyberattack, the under-30s group thought that it would take around three months (97 days) to recover from a cybersecurity breach – six days more than the time estimated by older respondents. Furthermore, 82% believe that cybersecurity should be a regular item on the boardroom agenda, compared to 90% of over-30s.
Reflecting on this research, Azeem Aleem, VP Consulting (UK&I) Security, NTT, said: “It’s clear from our research that a multi-generational workforce leads to very different attitudes to cybersecurity. This is a challenge when organizations need to engage across all age groups, from the oldest employee to the youngest. With technology constantly evolving and workers wanting to bring in and use their own devices, apps and tools, business leaders must ensure that security is an enabler and not a barrier to a productive workplace.
“Our advice for managing security within a multi-generational workforce is to set expectations with young people and make security awareness training mandatory. Then execute this training to test your defences with all company employees involved in simulation exercises. Finally, team work is key. The corporate security team is not one person, but the whole company, so cultural change is important to get right.”
To help battle the risks of cybercrime, NTT has provided six cybersecurity best practice tips for a multi-generational workforce:
- Be inclusive – Security culture must include all generations and be supported by a diverse range of employee champions, which includes age
- Tap into younger digitally-native minds – Build a panel of younger employees and listen to their views on cybersecurity
- Use tech as an enabler – Younger employees can be at their best and most motivated in an agile, productive, flexible workplace environment, where they are most likely to buy into the desired culture and behaviours. Security should be designed to enable the business
- Promote a safe culture – Make cybersecurity everyone’s business. Security leaders should be approachable to employees, through one-to-one interaction and more formal company events
- Invest in training – Where skills shortages are most acute, support learning programmes, mentoring and consider external support.
- Educate – Education is vital. Gamify security learning and make it fun for all
For those who are interested in finding out more, the NTT Report: ‘Meeting the expectations of a new generation. How the under 30s expect new approaches to cybersecurity’ is available at: https://hello.global.ntt/en-us/insights