Baby Boomers, Generation X, Millennials and Gen Z combine to make today’s working environment a multigenerational place and it stands to reason that each group will come with their own very different work expectations. Managing people from different generations is not an easy task and this is particularly the case when you throw cybersecurity into the mix.
New insights from NTT’s study into how different generations approach cybersecurity show that treating all employees the same is not the answer and will ultimately create siloed problems. Not all workers pose the same risk, or have the same skills or attitudes/ aptitude, to cyber risk. Let’s take a closer look at the attitudes to security and privacy that are being brought into to the workplace by this new generation of employees.
Make no assumptions
It would be wrong to assume that growing up with technology makes you more cyber-secure and the report reinforces this. In fact, those workers in the over-30s category are more likely to adopt cybersecurity good practice than their younger colleagues who have grown up with digital technology. It seems that the longer they have spent in the workplace acquiring their ‘digital DNA’ along with their combined knowledge and skills can sometimes give them the advantage over younger workers.
On the flipside workers that were born into the digital age, the Under-30s, take a far more laid-back approach to cybersecurity responsibilities. They do not want to be restricted by cybersecurity, they expect to be productive, flexible and agile at work using their own tools and devices. This is something that needs careful consideration and why a tailored approach is essential when it comes to cybersecurity policies.
In order to ensure that the fantastic creativity and energy of younger workers is harnessed security practitioners need to rethink the way policies operate and create more innovative ways to improve the fit between security and the tasks employees are required to undertake are part of their core work. For younger workers that means policies that help them achieve their tasks rather than block them.
So, what are the key generational differences when it comes to cybersecurity? 39 per cent of Under-30s are more likely to consider paying a ransom demand to a hacker than over-30s (30 per cent) which could be attributed to impatience in a bid to get systems back up and running,
In-house cybersecurity skills and resources are a concern to the Under 30s with almost half (46 per cent) worried that their company is not adequately equipped. This is 4 per cent higher than for over-30s.
Additionally, an eagerness to be flexible and agile could be hampering attitudes to incident response among the Under-30s who estimate that a company could recover from a cybersecurity breach in just 62 days. On the other hand, the older groups have a more conservative approach estimating six days more.
The younger workers appear to be far more accepting of personal devices at work and consider them to be less of a security risk (71 per cent) than their older counterparts (79 per cent). Unsurprisingly everyone is in agreement that cybersecurity should be an item on the boardroom agenda at 81 per cent for younger workers and 85 per cent for the over-30s.
One size doesn’t fit all
There is no ‘one size fits all’ approach to cybersecurity and assuming this is only going to lead to problems in the long term. This research shows us that age is a huge contributing factor in approach and attitudes to cybersecurity. Businesses must transform their approach to security if they are to engage all generations. Below are some helpful tips on cybersecurity best practice in a multigenerational workforce:
- Security culture must include all generations and be supported by a diverse range of employee champions, which includes age.
- Create a security panel that is made up of younger employees and listen to their views on cybersecurity.
- Ensure that security is designed to be an enabler rather than hinderance particularly with younger workers in mind who are at their best and most motivated in an agile, productive, flexible workplace environment, where they are most likely to buy into the desired culture and behaviours.
- Embed cybersecurity into the company culture and make it everyone’s business. Security leaders should be approachable to employees, through one-to-one interaction and more formal company events.
- Identify where the skills shortages lay and implement learning programmes and mentoring, bringing in external support if necessary.
- Always remember that education is vital but make it fun for all and interactive by gamifying security learning.
- Regularly conduct simulation and table-top exercise to continuously assess your people defence
It’s clear that different generations use technology in very different ways so it’s down to business leaders to develop strong cybersecurity practices for all generations within the business that enable rather that put up barriers. Security leaders need to be more approachable and talk the language of business, not IT. Education is integral to changing cybersecurity behaviour, so make the learning process engaging and relevant to all generations in the workforce.