Tech-savvy young workers might be the biggest cyber liability to your business

Millennials in a circle looking at phones.
Image credit: Pexels (Image credit: Rawpixel / Pexels)

New research from Ivanti has claimed workforce demographics can have a serious effect on your business’ cybersecurity.

The company surveyed over 6,500 employees across the world, with just over half (55%) aged 40 and below, and around 52% were female, giving a fairly even representation between demographics.

The study found younger office workers are more likely to disregard standard password safety guidelines, such as using birth dates, where 34% of those 40 or under admitted to violating this golden rule compared to just 19% of those over 40.

Boomers vs Millennials - who is more of a risk?

Elsewhere, using the same password across multiple devices saw greater admittance across both demographics, but younger workers pulled ahead once again with 38% compared to 28% in the older group.

Phishing scams were found to be greatly underreported by those 40 and under, with 23% saying that they did not report the last phishing attempt they received, with the most likely reason for this being “I didn’t think it was important”. Of the older demographic, just 12% failed to report.

In terms of concern for security threats against businesses, ransomware ranked as the greatest threat, with 23% of employees predicting it to be a critical threat in 2023. Phishing came in a close second, with 22% ranking it as a critical threat in 2023.

But what are the attitudes surrounding cybersecurity training and how do they reflect on these stats?

Of those surveyed, a staggering amount of them revealed that the organizations they worked for did NOT provide any mandatory cybersecurity training, with the US at 30%, UK at 17%, Netherlands at 32%, Japan at 35%, India at 31%, Germany at 22%, France at 43%, Australia at 29% and China at a whopping 65%.

As mandatory training is most likely to be given to younger new starters, can they be faulted as a security risk when companies are not providing the training needed to protect both themselves and their business? Cybersecurity has only recently become the leading concern among C-suites and executives, with cybersecurity budgets seeing new heights and greater investment in cyber literacy and security training.

Daniel Spicer, CSO at Ivanti, said, “Security leaders need to enable all employees to play defense against threat actors and proactively build an open and welcoming security culture.”

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.