Millennials and Gen Z “desensitized” to cyber risk

Security Awareness
9 November 2022

It’s easy to become complacent about cybersecurity. After all, you are confident your modern, state-of-the-art security technologies will safeguard the network, cloud and endpoints from advanced adversaries. And you trust your security operations team to monitor, investigate and resolve every digital interaction and threats.

But there’s a problem. And it’s with your people. Recent research by EY Consulting, explored in this new CSO article, reveals that one of the greatest threats to cybersecurity lies with the human vulnerability.

According to the EY Consulting research, Millennials and Gen Z employees in the U.S. are much less likely to prioritise or adhere to cybersecurity protocols than their older Gen X and Baby Boomer counterparts.

Despite understanding the need for security, younger, digitally native workers are also significantly more likely to disregard mandatory IT updates for as long as possible (58% for Gen Z and 42% for millennials versus 31% for Gen X and 15% for baby boomers).

Important findings in the research

They are also more likely to use the same password for professional and personal accounts (30% for Gen Z and 31% for millennials vs. 22% for Gen X and 15% for baby boomers).

The word ‘more’ in the above paragraph is key here. Using the same password in the private and professional dimension is a classic scenario for all digital users and reflects a degree of complacency that adversaries will be quick to exploit.

One of the other important findings in the research is perception: people do not consider themselves to be the weak link in corporate security. The research finds, for example, that three-quarters (76%) of workers across generations consider themselves knowledgeable about cybersecurity.

Simply ticking the box on annual compliance training is unsuited to today’s always-on, fast evolving business environment. Your users have limited time and interest in security awareness.

So how can organisations tackle this overconfidence in the younger generation who clearly overlook and underestimate the risk from persistent phishing, ransomware, email fraud, and other cyber incidents?

People are your first line of defence

Here at Cyber Guru, our goal is to accelerate secure digital transformation using modern learning methodologies. We want people to act safely and become the first line of defence in their organisations, reducing the human vulnerability component in cybersecurity.

Our continuous and adaptive security awareness training platform guides and trains employees to become the first line of defence against cyber threats, while minimising the impact on organisational productivity. Security awareness is not just phishing and training; it demands people scoring and measuring. Modern users need shorter and more relevant content that relates to their behaviours and emerging risks. And that’s what Cyber Guru delivers.

There needs to be a 360-degree focus on the human angle, engaging every employee and embedding safety checks and protocols that make the risks tangible in their professional and personal lives.

The experts at EY Consulting validate the value of this role- and risk-based security education for employees. According to the study, “Respondents who received cybersecurity training relevant to their role in the past year were significantly more likely to implement cyber-safe practices at work than those who had received no education for more than a year.”

Cyber Guru can help your organisation

To find out how Cyber Guru can help your organisation transform user behaviour and turn its weakest line into the first line of defence, talk to one of our security awareness training experts.

Book a meeting!


Articoli correlati

Digital Operational Resilience Act (DORA)

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA) is a EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. It aims at strengthening the IT security of financial entities such as banks, insurance companies and investment firms and...

read more