A study conducted by Ivanti underscores the prevalence of poor cybersecurity habits among employees, particularly the perception among one in three that their actions do not affect their organization’s security.
Notably, the research reveals that younger employees from the Millennial and Gen Z demographics exhibit riskier cybersecurity behaviors compared to their older counterparts (Gen X and above 40 years of age). These habits encompass issues like password hygiene, susceptibility to phishing links, and sharing work devices with friends and family. Startlingly, the under-40 demographic is more likely to reuse passwords across multiple devices (38%), share work devices (34%), incorporate birthdates in passwords (34%), and click on phishing links when targeted (13%).
Additionally, the study highlights the influence of factors such as gender, seniority, and regional variations on the overall cybersecurity strength of an organization. The report suggests that men and leaders tend to be more comfortable reaching out to security personnel with questions or concerns, with leaders being the most proactive, reaching out at a rate of 72%.
Regional disparities in cybersecurity training and attitudes are also evident, with 54% of employees in China and 43% in France reporting a lack of mandatory cybersecurity training in their organizations. In contrast, the United Kingdom, the United States, and Germany show significantly lower percentages of organizations that do not provide such training (17%, 30%, and 22%, respectively).
Daniel Spicer, Chief Security Officer at Ivanti, emphasizes the need for organizations to recognize that employees are valuable members of the extended security team, irrespective of age or assumed tech-savviness. The study challenges the misconception that younger employees, often seen as more tech-savvy, are inherently more security-conscious. Instead, it calls for security leaders to empower all employees to actively contribute to defense against threat actors and foster an open and welcoming security culture. The research underscores the importance of building a collaborative and positive security culture within organizations, moving away from a top-down approach to cybersecurity training.
Failing to adequately train employees risks compromising an organization’s overall preparedness, emphasizing the need to design tech stacks that minimize friction for end-users.