Oscar Wilde once declared, “with age comes wisdom,” and according to new research, this rule applies to the cybersecurity industry. A recent white paper by cybersecurity company Appgate, How Do Generational Differences Impact Enterprise Cybersecurity Teams?, provided vital insights into the benefits older generations – baby boomers and Generation X – can provide cybersecurity teams. This is despite the common perception that these workers are less tech-savvy than their younger counterparts, and less able to adapt to a rapidly evolving cyber landscape.
This perception appears to be far from reality. For example, the report cited various studies showing that Baby Boomers (aged 58-67) have developed soft skills that are vital for overcoming challenges in cyber. This includes the ability to think deeply through a challenge and avoid distractions when there is a need to focus. In respect of Gen-Xers (aged 42-57), the report highlighted their independence, resilience and adaptability within the workplace, partly due to being the last generation to transition from analog to digital.
While younger generations – Millennials (aged 25-40) and Gen Z (aged 10-25) – have grown up with new technologies, such as social media and smartphones, they have several weaknesses in cybersecurity. This includes a lack of life experiences and emotional intelligence compared to their older counterparts, which the Appgate report noted: “can hamper decision-making in situations that are not clear-cut and easy to deal with, such as responding to cyber-threats.”
Even more worryingly, their desire for quick resolution and ease of access makes them more likely to engage in insecure behaviors. For example, Millennials are twice as likely to prioritize simplicity over security when handling sensitive data than older counterparts, and more than three times more likely to avoid security policies. In addition, the study cited research showing 39% of under 30s admitted they would pay a ransom in the event of a ransomware attack, nine percentage points higher than for over 30s.
Given these findings, cybersecurity leaders should be concerned that baby boomers are reaching retirement age, meaning vast swathes of experience and knowledge will potentially be lost, including crucially the ability to manage and integrate legacy systems into modern security environments.
To find out more about this research and generational issues in cybersecurity more broadly, Infosecurity spoke to Henry Rose Lee, an intergenerational specialist and author who conducted the research, and Gernot Hacker, sales engineering manager EMEA/APAC at Appgate.
Lee highlighted the importance of researching age diversity across all industries, which she believes receives less attention than characteristics like race and gender. She said the cybersecurity industry needs a greater appreciation of the various skillsets offered by different generations. Lee acknowledged that older generations have generally not had much training on cybersecurity, but their experiences of working without modern technologies, including working on mainframes, have provided them with other types of attributes. “They got clever and good at problem-solving, and they’ve retained those skills,” she explained.
Combining such soft skills with younger people’s knowledge of modern technologies can have significant benefits. “I like to think of an organization as a family – you’ve got grandparents, parents, aunts, uncles, children and cousins. An organization should be like that as well – lots of diversity, in age as well as gender, ethnicity and sexual orientation. All of those enrich an organization,” added Lee.
This is a view that Hacker, a man in his 50s working in the industry, concurs with, noting that his younger colleagues are often more willing to think ‘outside of the box.’ “It’s always refreshing talking to younger people who simply have a different mindset – more open, looking at things from a different perspective, so I think this mixed work environment is beneficial,” he stated.
Nevertheless, the new study clearly showed that younger ‘digital natives’ tend to be more lax when it comes to security, despite growing up with technology. Lee cited another finding included in the report, that Millennials are far more optimistic about the time it takes to recover from a cyber-attack, on average assuming recovery will take six days less than Gen-Xers or Baby Boomers think. She believes this shows that older generations tend to be more realistic and willing to take time to fix issues properly, which is critical in cybersecurity. In the case of Millennials, “it’s not that they don’t care about cybersecurity, it’s just that they’re so used to things working immediately and being able to get on with things.” This can have downsides in cybersecurity; for example, ignoring security policies and taking the easiest option when handling confidential documents.
While such attitudes are partly a result of always having access to technology that makes their lives easier, Hacker feels it can also be explained by the ‘folly of youth,’ with younger people less appreciative of the damage their actions can cause. “You haven’t hurt yourself as frequently yet, so you care less about things, you don’t worry too much,” he noted. This can help explain behaviors like oversharing personal information on social media too.
Lee outlined several other key attributes older generations tend to hold over their younger colleagues. One of these is emotional intelligence, which improves with age. “Emotional intelligence is about resilience, personal understanding and identity,” explained Lee. “It’s also about being with other people, collaborating. This is very powerful, and the older we get, the better we are at it.”
Another is the ability to think deeply and critically to solve a problem. “If you don’t need that in cybersecurity, I don’t know what you need it in!” pointed out Lee.
Going the extra mile and taking on challenging tasks is another area older generations tend to excel at compared to Millennial and Gen Z generations. Hacker shared a scenario at work where a younger colleague was unwilling to undertake an additional task, even with a cash bonus incentive. “It doesn’t make sense to me,” he commented.
"I think they've learned the world's going to keep changing, so they better keep up"
Lee believes this example demonstrates that older generations better understand the value of work and can look ahead at the bigger picture. “One of the transition points we’ve got with Baby Boomers is that they are individuals who have grown up at the dawn of technology. They are early IT adopters, individuals who’ve seen transitions from mainplay, on-premises to off-premises, different technologies and software and so on. I think they’ve learned the world’s going to keep changing, so they better keep up.”
It is therefore concerning that too often, employers do not properly recognize the value of Baby Boomers and Gen-Xers. This is across all industries, not just cyber, according to Lee. She highlighted research from Gallup in 2019, which found many workers in their 50s and 60s felt they were becoming invisible career-wise and weren’t being offered training opportunities. “Many organizations tend to look at older generations and think ‘they cost us too much money,’ and stop training them as much,” noted Lee.
Yet, according to research conducted by Lee, 80% of workers who were near retirement or have retired would be willing to return if they were encouraged to do so as a consultant. This is an opportunity employers should seize upon in Lee’s view, and involves making these workers feel valued; for example, by continuing to be offered training.
She also believes the experiences and skills of these older workers should be utilized to help their younger colleagues. This can be achieved by encouraging mentoring and deliberately mixing teams. Lee observed: “Some organizations have a senior cybersecurity team who then create a shadow team of mixed individuals, including different ages, and encourages debate and discussion around how to improve cybersecurity for all generations.”
Older generations are often taken for granted, or even written off entirely when it comes to the tech industry, seen as unable to adapt to modern technologies. Yet, numerous research highlights the enormous benefits older workers offer sectors like cybersecurity, especially through their soft skills, such as problem-solving abilities. Security teams should leverage these talents as much as possible by enticing these employees to stay in the workplace longer and encouraging them to work closely alongside their younger colleagues. The topic of age diversity is relatively rarely discussed in cybersecurity and other industries – it’s time to bring this conversation into the limelight.