A key priority of the Biden-Harris Administration has been marketing Federal jobs to younger workers as nearly one-third of current civil servants get ready to age out of government.  While younger generations of workers figure to be more tech-savvy, the coming influx begs another question in the age of cybersecurity: do Gen Z’ers and Millennials have good cyber hygiene while on the job?

Recent data from Ernst & Young (EY) found is not encouraging on that front: the two generations of digital natives – who make up a significant portion of the workforce – are least likely to prioritize or adhere to their employer’s cybersecurity protocols.

While seventy-six percent of respondents of all ages consider themselves knowledgeable about cybersecurity, those under the age of 41 – who grew up online and have lived with cyber risks most of their lives – are significantly more likely to disregard mandatory IT updates for as long as possible; 58 percent for Gen Z and 42 percent for millennials.

“This research should be a wake-up call for security leaders, CEOs and boards because the vast majority of cyber incidents trace back to a single individual,” said Tapan Shah, EY Americas Consulting Cybersecurity Leader.

“There is an immediate need for organizations to restructure their security strategy with human behavior at the core,” he said. “Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then building proactive cybersecurity systems and a culture that educates, engages and rewards everyone in the enterprise.”

Innovation Unleashed
Engage with government and industry leaders as we spotlight critical cybersecurity topics. Learn more.

The 2022 EY Human Risk in Cybersecurity Survey of 1,000 adult Americans found that roughly half of Gen Z and almost one-third of Millennials admit to taking cybersecurity on their personal devices more seriously than their work phones or computers. At the same time, the younger generations are significantly more likely to use the same password for all devices, potentially putting their companies at risk.

Half or fewer of the respondents were very confident in practicing good cybersecurity hygiene at work, such as using strong passwords (50 percent); keeping their work devices up to date with cyber protection (43 percent); identifying phishing attempts (41 percent); avoiding ransomware (38 percent); and encrypting their data (32 percent).

EY made three recommendations for leaders to help guide their employees through practicing smart cyber:

  • Nurture a positive, human-centric security culture that rewards cyber-safe practices and uses mistakes as teaching moments;
  • Provide cybersecurity education and make it personal; and
  • Understand and interrupt human behaviors.

“Companies are investing to embed cybersecurity in every business unit as they digitally transform, but software, controls, processes and protocols are only part of the equation for minimizing cyber risk,” Shah said. “Increasing enterprise-wide security also requires a holistic focus on the human, engaging every employee and embedding safety checks and protocols that make the risks tangible in their professional and personal lives.”

Read More About
More Topics
Cate Burgan
Cate Burgan
Cate Burgan is a MeriTalk Senior Technology Reporter covering the intersection of government and technology.