New research from T-Systems, the corporate IT and cyber-security arm of Deutsche Telekom, into cyber security behaviour and awareness finds Generation Y employees are much more likely to both over-estimate their knowledge while undertaking unsafe practices.
For instance, its research shows people in their twenties and early thirties are much more likely to consider themselves ‘very knowledgeable’ about cyber security than their older colleagues (about 50 per cent rate themselves as “very knowledgeable” compared to an average for all employees of 36 per cent).
But it turned out to be false confidence. On detailed questioning T-Systems found that Generation Y employees were often less knowledgeable than their colleagues and more likely to undertake unsafe cyber security practices at work and at home.
For instance, they are less likely to change their passwords every few months (about 73 per cent don’t do this, compared to about 65 per cent for older colleagues) and much more likely to reuse their email password for other online services (about 32% compared to an average of 21 per cent for all employees).
Much of the same also applies to many male employees too, who similarly over-estimate their cyber security knowledge compared with female colleagues, and consequently are unwittingly exposing their work and home computers to viruses, malware and hackers.
The findings are contained in a new report published today from T-Systems entitled In your hands or theirs? Tackling Cyber Security Threats to Corporate Networks. It includes research into a representative sample of over 2,000 UK employees conducted for T-Systems by research agency Censuswide.
Scott Cairns, the UK head of cyber security at T-Systems, says, ‘While no age group is exemplary when it comes to cyber security, whether at work or at home, the ‘digital natives’ of Generation Y, perhaps surprisingly, appear to be less security conscious than their middle-aged and baby boomer colleagues.
‘Our research strongly suggests the problem lies with an overconfidence that comes from their very familiarity with electronic devices and the digital world. Generation X and Baby Boomer employees, compared to those in their 20s and early 30s, are often more cautious about their knowledge of IT and seem much more willing to tread carefully and follow cyber security protocols.
‘It is easy for bosses to assume their younger, technologically literate colleagues know what they are doing – after all, they are typically very comfortable with the digital world, and generally lose no time in getting to grips with new apps and devices.
‘But there is a big difference between knowing how to use something and knowing what is going on ‘under the bonnet’, just as there is a big difference between being a good driver and being a mechanic.
‘Our message is cyber security education is essential for all employees, and employers should avoid making the mistake of overestimating security knowledge, especially in people who appear confident.’
Cairns adds, ‘Up-to-date and regular cyber security education for all employees is one of the most effective tactics an organisation can take. However, our research found that despite the pace at which cyber-attacks are evolving, 66% of employees had received no up-to-date education within the past twelve months. Nearly 30% of employees say they have never had cyber security education at any employer.’