Employees who have grown up with digital technology and are now entering the workforce take cybersecurity more seriously on their personal devices than on their work devices, according to a new Ernst & Young survey. (Photo by George Frey/Getty Images)

Millennials and Gen Z employees are more relaxed about cybersecurity on their work devices than on their personal devices, according to a new survey from Ernst & Young Consulting.

While a large majority of U.S. employees (83%) understand cybersecurity protocols for their jobs, digital natives Gen Z and Millennials, who make up a significant portion of the workforce, are less likely to prioritize and adhere to them, according to Ernst & Jeune SENCRL.

Nearly half of Gen Z employees (48%) and 39% of Gen Y employees admitted to taking cybersecurity protections on their personal devices more seriously than on their work devices, putting their employers at risk. according to the EY 2022 Human Risk in Cybersecurity Survey released on Tuesday.

But that’s not the only example where younger employees differ from their older peers when it comes to cybersecurity and their work devices.

Gen Z and Millennials are also more likely to skip mandatory IT updates for as long as possible compared to their Gen X and Boomer counterparts (58% for Gen Z; 42% for generation Y compared to 31% for generation X; 15% for the baby-boom generation). baby boomers).

Younger generations are also more likely to use the same password for a work account and for a personal account (30% for Gen Z; 31% for Gen Y vs. 22% for Gen X; 18% for baby boomers).

Gen Z and Millennials are also more likely to accept web browser cookies on their work devices all the time or often (48% Gen Z; 43% Gen Y vs. 31% Gen X; 18% for baby boomers).

“This research should be a wake-up call to security leaders, CEOs and boards, as the vast majority of cyber incidents can be traced back to a single individual,” said Tapan Shah, EY Americas Consulting Cybersecurity Leader, in a press release. “Organizations must immediately restructure their security strategy by putting human behavior at the heart. Human risk must be at the top of the security agenda, with an emphasis on understanding employee behaviors and then creating proactive cybersecurity systems and a culture that educates, engages and rewards everyone in the company.”

As noted in the statement, role and risk-based education can help improve security practices, such as using strong passwords, keeping software up-to-date, and identifying phishing attempts. .

“Companies are investing to embed cybersecurity into every business unit as they digitally transform, but software, controls, processes and protocols are only part of the equation to minimize IT risk,” Shah said. “Increasing enterprise-wide security also requires a holistic approach to people, engaging every employee and embedding security controls and protocols that make risks tangible in their work and personal lives. .”


Cybersecurity depends on everyone | University of Nevada, Reno


Trade group calls on lawmakers to focus on cloud migration, cybersecurity and procurement reform in NDAA discussions

Check Also