Millennials are more likely to be 'sloppy' when it comes to cyber security, according to research from T-Systems.
The research surveyed 2,050 people and found that while those in their 20s and early 30s are much more likely to consider themselves ‘very knowledgeable’ (50%) about cyber security than their older colleagues (an overall average of 36%), this is false confidence.
For instance, Millennials were found to be less likely to change their passwords every few months (about 73% do not do this, compared with about 65% for older colleagues), and much more likely to reuse their email password for other online services (about 32%, compared with an average of 21% for all employees).
Employers were also found not to be taking cyber security seriously. Two thirds (66%) of employees said they had received no up-to-date education within the past twelve months, and nearly 30% of employees reported that they'd never had cyber security education at any employer.
Scott Cairns, UK head of cyber security at T-Systems, said familiarity might be breeding contempt among younger employees. “Our research strongly suggests the problem lies with an overconfidence that comes from their very familiarity with electronic devices and the digital world,” he said. “Generation X and Baby Boomer employees, compared to those in their 20s and early 30s, are often more cautious about their knowledge of IT and seem much more willing to tread carefully and follow cyber security protocols.
“It is easy for bosses to assume their younger, technologically literate colleagues know what they are doing – after all, they are typically very comfortable with the digital world, and generally lose no time in getting to grips with new apps and devices. But there is a big difference between knowing how to use something and knowing what is going on ‘under the bonnet’, just as there is a big difference between being a good driver and being a mechanic."
Cairns added that firms need to consider how to teach their staff to better respond to threats. “Our message is cyber security education is essential for all employees, and employers should avoid making the mistake of overestimating security knowledge, especially in people who appear confident,” he said.
