Menu Menu

Study finds Gen Z most apathetic about cybersecurity at work

A new research piece by services firm EY found that while young employees fully understand privacy breaches and potential threats, they largely aren’t fussed. Will businesses need to evolve their practices to cater to changing behaviours?

We’re all used to cybersecurity measures by now. You can’t browse the internet for more than a few minutes without being asked about cookies, data collection, privacy settings, and a whole bunch more.

Couple this with the large number of online accounts we’re expected to have across multiple different services and you’ve a perfect storm for digital burnout and apathy.

A new study by research firm EY has found that younger employees and Gen Z internet users are largely unfussed about their privacy settings online. Over 1,000 employees using devices provided by their employer were surveyed. Overall, Gen Zers were less likely to take their workplace safety policies seriously, showing a general lack of care compared to older peers.

This isn’t due to ignorance, however. 83% of participants said they knew and understood their employer security protocol.

How does this data translate to real world behaviour? According to EY, 58% of Gen Zers disregard security and IT updates on their work computers for as long as possible. By comparison, only 15% of baby boomers said they do the same.

In addition, roughly 30% of Gen Z said they reuse private passwords on business accounts. Less than a quarter of all Gen Xers and boomers admitted to recycling passwords in this way.

Just under half of all young people surveyed also said they were ‘likely to accept web browser cookies on their work-issued devices all the time of often’, compared to only 18% of boomers.

It’s a markable difference in attitude. Considering more Gen Zers are entering workforces each year, new measures and approaches need to be introduced in order to shake the overwhelming apathy of younger tech users. EY notes that most ‘cyber incidents trace back to a single individual’, emphasising the important for all employees to be aware of their data and to protect company activity.

So, why are younger people less bothered about protecting themselves on the internet?

Most Gen Zers are completely fluent with digital spaces, so much so that their identity is equally balanced between real life interaction and online platforms. Given that most have seen cyber breaches and privacy incidents from a very young age, they likely recognise the risks and feel adequately equipped to avoid them, even if this may not be the case.

In fact, security emergencies are on the rise. Thanks to a changed work place environment that is balanced between working from home and the office, data is now shared across many more devices, servers, and networks.

US cyber incidents led to $7 billion USD in potential losses in 2021, according to the FBI, putting many valuable company assets at risk. While not a national security threat, one of the most headline-grabbing incidents recently was Rockstar’s GTA 6 leaks, where tons of developer video and images were released to the public via a Slack account breach.

High-profile examples such as this highlight how security mistakes can happen to any company, regardless of size or profit.

What should happen moving forward?

EY recommends role and risk-based education to improve company practices. It says that workers who undertook training in the past year were ‘significantly more likely to implement cyber-safe practices at work’, compared to those without any such teaching.

EY also notes that teaching employees about cybersecurity should be ‘personal’, with a focus on living day-to-day digitally in a safe manner both at home and the office. It’s not simply a technical, human resource issue, or a mandatory box-ticking exercise.

Instead, lessons on cybersecurity should be tailored toward Gen Zers who’ve become disillusioned with the consequences of internet use. Crucially, employers should interrupt human behaviours that are a potential risk, as this is where harm is most likely to stem from.

EY says that companies should ‘understand employees workflows, identify the moments of highest human risk.’ This can be realised with screen takeovers, or a simple discussion with workers about their routines and most visited websites.

Either way, the security risk will continue to grow as younger people become larger influences in big business. Bosses will need to adapt to ensure they don’t end up leaking all their content to the internet accidentally, or losing personal data in a breach. That’s not fun for anyone, right?