Millennial and Gen Z employees are far more likely than their older colleagues to disregard security best practices, marking them out as a potentially serious insider threat, according to EY.
The global consulting giant polled 1000 US employees about their cybersecurity awareness and practices to compile its 2022 EY Human Risk in Cybersecurity Survey.
It found that three-quarters (76%) of respondents across all generations now consider themselves knowledgeable about cybersecurity.
However, so-called “digital natives” were more likely to engage in risky behavior. Around half (48%) of Gen Z and two-fifths (39%) of millennial respondents admitted taking cybersecurity protection on their personal devices more seriously than on their work devices.
In addition, 58% of Gen Z and 42% of millennials interviewed said they’d disregard mandatory updates for as long as possible, versus 31% of Gen X and 15% of baby boomers polled.
Younger employees were also more likely to use the same password for a professional and personal account, and more likely to accept web browser cookies on their work-issued devices all the time or often, the report found.
Tapan Shah, EY Americas consulting cybersecurity leader, argued the findings should be a “wake-up call” for security leaders, given that most incidents can be traced back to a negligent individual.
“There is an immediate need for organizations to restructure their security strategy with human behavior at the core,” he added.
“Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then building proactive cybersecurity systems and a culture that educates, engages and rewards everyone in the enterprise.”
Unfortunately, there still appears to be some way to go in achieving this. Nearly a fifth (16%) of respondents admitted that if they encountered a suspected security breach, they’d try to handle the situation themselves rather than immediately informing the IT department or a supervisor.
The need for improved security awareness training is made more urgent by the changing nature of the workplace, with employees spending more time working from home.
According to Proofpoint, 67% of companies experienced between 21 and more than 40 “insider incidents” in 2021, up from 60% in 2020. These threats cost global organizations an average of over $15m to remediate last year, it added.