Younger workers not taking enough responsibility for security

They may think they are the Digital Generation, but younger workers are actually less savvy than their older colleagues in at least one aspect of the Digital Workplace, at least according to a report recently released by NTT.
NTT’s report, ‘Meeting the Expectations of a New Generation’, reveals very different attitudes to cybersecurity amongst workers under 30, and found that older workers were far more likely to adopt cybersecurity best practices than their younger colleagues.
The report scored good and bad cybersecurity practices across 17 key criteria, with the average organisation scoring +3. However, the research found that while workers under-30 scored an average of 2.3 in terms of cybersecurity best practices, 30-45 year olds scored an average of 2.9 and 46-60 year olds scored 3.0.
NTT says that its research suggests three things:

  • under-30s are more ‘laid back’ about cybersecurity responsibilities and put productivity, flexibility and agility ahead of security in the workplace – using their own tools and devices as they see fit
  • many under 30s think that responsibility for cybersecurity rests solely with the IT department
  • employees who have spent more time in the workplace gain knowledge, skills and acquired ‘digital DNA,’ and tend to have a stronger sense of security issues than younger workers.

Generational differences are revealed in other parts of the study. Digital impatience means that workers under 30 are more likely to pay a hacker’s ransom demand (39%) than over-30s (30%). Likewise, they expect their company to recover from a breach nearly six days faster than over 30s (62 days compared to 68 days).

“It’s clear from the research that the workforce has a very different approach and attitude to cybersecurity, depending on age…Different generations use technology in very different ways and business leaders need to recognize that strong cybersecurity practices for all generations within the business is an enabler and not a barrier.” Matt Gyde, CEO Security, NTT Ltd

The ability to educate employees about being ‘security aware’ continues to be an ongoing challenge. How will organisations raise awareness and the impact of security breaches on these digital natives who do not have the time or patience to add this to their responsibilities, especially as they are all about the ‘now’ and not something that might happen?
As working practices change for digital citizens, they become the new ‘customer’ for organisations. Providers of services need to change elements of their ‘purpose’ and accept a secure environment needs to be embedded into everything, with the user responsibility for security minimised.
NTT Ltd are highlighting security as one of the key practices within their newly re-organised business (see Digital service provider update: NTT), with the company offering comprehensive capabilities that elevate the business as a leader in the provision of security offerings (including threat intelligence, 10 SOCs, seven R&D centers and 2,000+ security experts). Omnisperience would encourage NTT Ltd to highlight the predictive capabilities across their services to minimise the impact on all citizens. The growing use of AI, machine learning and deep learning associated with threat intelligence needs to also take account of the attitudes of digital citizens, so they (citizens) can focus on productivity rather than being frustrated by employers’ lack of investment to keep them secure or, even worse, by the consequences of cyber attacks.

  1. […] Enterprises will have to refocus on the balance between productivity and innovation versus risk and security – a balance that will become ever-more challenging as workers and objects within the smart workplace become more connected. How do you tell a Generation Zer that they cannot wear their connected coat to work, or use their connected umbrella?  How do you prevent an Alexa-enabled headset in someone’s bag from listening to sensitive corporate information? (see Younger workers not taking enough responsibility for security) […]