Gen Z really doesn't care about workplace cybersecurity

News
By Sead Fadilpašić
published

They understand it, but they can't be bothered, report finds

Scammers
(Image credit: Pixabay)

When it comes to cybersecurity in the workplace, younger employees don’t really seem to care that much, which is putting their organizations in serious harm’s way, new research has claimed.

Surveying approximately 1,000 workers using devices issued by their employers, professional services firm EY found Gen Z enterprise employees were more apathetic about cybersecurity than their Boomer counterparts in adhering to their employer's safety policies.

This is despite the fact that four in five (83%) of all those surveyed claimed to understand their employer’s security protocol.

Recycling passwords

When it comes to implementing mandatory IT updates, for example, 58% of Gen Z’ers and 42% of millennials would disregard them for as long as possible. Less than a third (31%) of Gen X’ers, and just 15% of baby boomers said they do the same. 

Apathy in the young extends to password reuse between private and business accounts. A third of Gen Z and millennial workers surveyed admitted to this, compared to less than a quarter of all Gen X’ers and baby boomers. 

Almost half of Gen Z and millennials were "likely to accept web browser cookies on their work-issued devices all the time or often," compared to 31% of Gen X workers, and 18% of baby boomers. 

Read more

> Here's our pick of the best ransomware protection tools available right now

> Generational differences in collaboration at work

> Securing remote workers in the age of uncertainty

"There is an immediate need for organizations to restructure their security strategy with human behavior at the core," said EY America's Consulting Cybersecurity Leader Tapan Shah. 

Some say the apathy of young people towards technology is down to their over-familiarity with technology, and never having been without it.

Being too comfortable with tech undoubtedly makes an enterprise's younger employees a major target for cybercriminals looking to exploit any hole in security.  

If an organization's cybersecurity practices aren't upheld strongly, threat actors can compromise huge networks with simple social engineering attacks.

As demonstrated by recent attacks on Uber and Rockstar Games, a good social engineer doesn't have to be technically minded to leak sensitive company and customer data, causing hundreds of thousands of dollars of damages in mitigations and fines.

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.