In today’s multigenerational workforce, professionals over the age of 30 are more likely to adopt cybersecurity best practices than their younger colleagues who have grown up with technology. This insight comes from research recently conducted by the Security division of NTT Ltd., a leading global technology services company, regarding generational attitudes toward cybersecurity. Among the more than 2,000 professionals surveyed, nearly 700 respondents – all under 30 – worked outside of IT in management and decision-making positions.
NTT’s report, Meeting the Expectations of a New Generation, identified good and bad cybersecurity practices for organizations surveyed as part of its Risk:Value 2019 report, scored across 17 key criteria. From the responses to the research, NTT assigned each business a score of between -41 and +27. The average organization scored +3. The report revealed that under-30s scored 2.3 in terms of cybersecurity best practices, compared to 2.9 for 30- to 45-year-olds and 3.0 for 46- to 60-year-olds.
This data suggests that those born and raised in the digital age don’t necessarily follow cybersecurity best practices. In fact, employees who have spent more time in the workplace gaining knowledge, skills and acquired ‘digital DNA,’ tend to have a stronger security posture than younger workers.
Under-30s, on the other hand, are more laid back about cybersecurity responsibilities. They adopt different working styles and prefer to be more productive, flexible and agile at work using their own tools and devices. Moreover, half of under-30 respondents think that responsibility for cybersecurity rests solely with the IT department. This is 6% higher than respondents in the older age categories.
Top generational differences in attitudes toward cybersecurity, according to the research, are as follows:
- Under-30s are more likely to consider paying a hacker’s ransom demand (39%) than over-30s (30%). This may be due to an impatience to get systems back up and running, or a greater knowledge of bitcoin and other cryptocurrencies.
- Growing up in a technology skills crisis, 46% of under-30s are worried their company doesn’t have the right cybersecurity skills and resources in-house. This is 4% higher than for over-30s.
- The desire for flexibility and agility could be affecting attitudes to incident response. Under-30s estimate that a company could recover from a cybersecurity breach in just 62 days – six days less than the time estimated by older age groups (68 days).
- Younger workers are more accepting of personal devices at work than their older counterparts; 8% fewer consider them a security risk. However, they’re more concerned about the Internet of Things (IoT) as a potential risk (61% compared to 59%).
- Eighty one percent believe cybersecurity should be an item on the boardroom agenda, compared to 85% of over-30s.
The NTT data cited in the cited report was collected through global research commissioned in 2019 involving 2,256 organizations in 17 sectors across 20 countries and conducted by Jigsaw Research. Respondents were senior decision-makers outside of the IT department, with 20% holding a C-level position. Overall results were published in the Risk:Value 2019 Report and related content. From the responses to the research, NTT identified good practice and bad practice in cybersecurity, with each business being accordingly given a score of between -41 and +27. The average organization scored +3. NTT then considered the score of the organization by age of respondent.
Matt Gyde, CEO, Security, NTT Ltd., comments: “NTT’s research has uncovered contrasting attitudes and behaviors on cybersecurity from different generations. It’s clear from the research that the workforce has a very different approach and attitude to cybersecurity, depending on age. Businesses must transform their approach to security if they are to engage all generations. Most important is ensuring that employees understand that security is everyone’s business, and isn’t simply a role for IT, as has been the case in the past. Different generations use technology in very different ways and business leaders need to recognize that strong cybersecurity practices for all generations within the business is an enabler and not a barrier. Security leaders should make themselves more approachable and talk the language of business, not IT. Education is also fundamental to change in cybersecurity behavior, so make the learning process interesting and relevant to all generations in the workforce.”
More information is available at: https://hello.global.ntt/en-us/insights.