Don’t assume your younger employees are the most tuned in to cybersecurity. A new study finds that many workers under 30 don’t fully appreciate the risks and may see security practices as impediments to productivity.
Younger employees have been working with technology all their lives, so they should be savvy about cybersecurity, right?
Not necessarily, according to a recent study from NTT, a global technology services and telecom firm based in Japan. That finding has implications for organizations, including associations, that store and handle lots of institutional information, member and customer data, and sensitive financial records in digital form.
In “Meeting the Expectations of a New Generation” [registration], which summarizes NTT research, the firm reports that employees under age 30 have “profoundly different attitudes towards cybersecurity,” emphasizing flexibility and productivity. Older employees have a stronger handle on cybersecurity practices—particularly in Norway and Sweden, the United Kingdom, and the United States. (Overall, the most cyber-savvy nation is France, where a government program raised awareness of cybersecurity issues among students who are now in the workforce.)
So why are older employees often better at cybersecurity? Simply put, they’ve been around the block more often.
“It would be easy to assume that—due to their inherent digital DNA—under 30s always demonstrate good cybersecurity practice,” the report notes. “However, this is not always the case: On average, the 30–60 year-old age group exhibits more cybersecurity good practice than the under 30s. This is due to a greater acquisition of workplace knowledge and skills over time.”
The report notes that younger employees often underestimate the impact of cyberattacks and how long they can take to recover from.
“Under 30s believe that their organizations’ recovery from a security incident would be six days quicker than those in older age groups,” the report states. “Successful incident response requires detailed planning and strong stakeholder communication. Time to recover is often underestimated by those unfamiliar with incident response and cybersecurity threats.”
In addition, workers under 30 are 39 percent more likely to pay ransom to a cybercriminal.
The report suggests that solving this problem requires employers to ensure that good security practices don’t get in the way of young workers’ productivity.
“If we want to harness the fantastic creativity and energy of younger workers, we need to think about security as something that enables their work, not something that blocks them from achieving their tasks,” noted Adam Joinson, a professor of information systems at the University of Bath, in commentary on the study.