Study finds generational readiness gap widening as Gen Z and Millennials lack safe cyber practices
new york, May 6, 2024 /PRNewswire/ — There is growing widespread concern among U.S. employees about growing cybersecurity threats in the workplace, with 53% worried that their organization will be the target of a cyberattack; One-third (34%) are worried about leaving their job. New data from Ernst & Young LLP shows that organizations are being made more vulnerable by their actions (EY US). Notably, fear of exposing an organization to cyber-attacks is particularly high among younger generations, with Gen Z and Millennial employees identifying and responding to cyber threats better than their older colleagues. There's a good chance you don't feel ready.
The 2024 Human Risks in Cybersecurity Survey is a survey of 1,000 employed Americans in the public and private sectors. Initial analysis in 2022 Research by EY US explores the current state of cybersecurity and how it is changing over time, revealing key insights for business leaders about cybersecurity awareness and practice. This year, EY US expanded its research to analyze employee perceptions of the role of artificial intelligence (AI) in growing threats, and found that 85% of employees believe AI has made cybersecurity attacks more sophisticated. It was found that 78% of respondents are concerned about the use of AI in the cyber field. Moreover, his 39% of employees are not confident that he knows how to use AI responsibly.
“Geopolitical tensions, regulatory changes, and the rapid integration of new technologies, including AI, are making the risk landscape even more complex, with new threats emerging almost constantly,” he said. Jim Guinn II, EY America's cybersecurity leader. “Do you want to keep your organization secure now and in the future? Put people at the center of your cyber strategy, equip them with the knowledge, training, and healthy skepticism around all digital interactions, and empower your employees as their first-line guardians.” We will mobilize.”
Closing the cybersecurity preparedness gap for Gen Z
Similar to the 2022 survey findings, the latest EY US Cybersecurity Survey reveals deep gaps in generational preparedness, with younger employees less likely than older generations to practice safe cybersecurity practices. is highlighted.
In fact, Gen Z is losing confidence in their ability to recognize phishing attacks, one of the most common and successful tactics of social engineering attacks, and are the most likely to admit to opening a suspicious link. And now, the power of AI-generated phishing emails is making identifying malicious links and content even more difficult. Although they are a digital-first generation, only 31% of Gen Z are very confident in identifying phishing attacks, an astonishing 9-point drop from 40% in 2022. Additionally, 72% said they had opened an unfamiliar link at work that seemed suspicious. , significantly higher than Millennials (51%), Gen Xers (36%), and Baby Boomers (26%).
Nearly two in three Gen Z and Millennial employees are particularly concerned about the implications surrounding cybersecurity, including 64% of Gen Z and 58% of Millennials who fear their organization would be vulnerable to attack. I am concerned that I will lose my job if I remain vulnerable to this. Younger generations are also more likely to not fully understand what their organization's process is for reporting suspected cyber-attacks, even though their organization has one in place. (39% Gen Z and 29% Millennials vs. 19% Gen X and 15% Baby Boomers).
But it's not all doom and gloom. Despite concerns about their ability to prevent attacks, EY research shows that Gen Z workers increasingly perceive themselves to be knowledgeable about cybersecurity (86% vs. 75% in 2022). %), points to an opportunity for investment to enable young workers to turn this knowledge into confidence. We provide upskilling and training for the unique experience of being a true digital native.
Fostering a culture of cyber trust
The rapidly evolving nature of AI makes it imperative for organizations to regularly adapt their training protocols and continue to strive to frequently provide up-to-date training that addresses the latest AI threats and cybercrime trends. I am. A majority of employees (91%) say their organizations need to regularly update their training to keep up with AI, especially as its role in cyber threats evolves. However, only 62% of respondents said their employers have made it a priority to educate employees about the responsible use of AI.
“Cybersecurity training and attention from executive leaders contributes to building a strong security posture within an organization,” he said. Dan Mellen, Chief Technology Officer, Cybersecurity, EY Americas Consulting. “When security practices are ingrained in a company's culture, employees are more likely to prioritize security in their daily activities and proactively report potential security incidents.”
The EY Cybersecurity team advises executives and senior business leaders to incorporate the following key practices into their cyber agendas to foster a strong and confident security culture within their organizations.
- Build a robust training exercise that is reinforced throughout the year. An EY US study found that employees who are “accustomed” to cybersecurity training are the most fearful of using technology at work. Conversely, 94% of employees who have received training within the past year say cybersecurity is a priority for them.
- Boost employee engagement with gamification. Leaderboards and multiplayer features in gamified training programs foster healthy competition among employees and encourage improved employee performance. Gamification is particularly effective in anti-social engineering campaigns when it addresses the natural human curiosity that often leaves employees vulnerable.
- Partner, no police. Organizations testing whether their employees are adequately addressing cybersecurity threats may inadvertently turn cyber training into a “gotcha.”Positioning cybersecurity protocols to work in the following areas: partnership Instead, work with your employees, not the police, by adopting a “see something, say something” policy. Make the process of reporting potential attacks and vulnerabilities simple enough that employees of all generations can integrate it seamlessly into their daily lives.
- Incorporate practical AI training protocols. Including protocols that incorporate hands-on training for using AI in the workplace will expose employees to basic competencies and risks. Gaining first-hand experience with new technologies, such as generative AI, fosters new levels of understanding and fosters defensive thinking.
- Lead by example with responsible AI: According to EY US research, 39% of employees are not confident they know how to use AI responsibly. As stewards of organizations, executives and senior leaders need to ensure transparency into how AI is developed and deployed across the enterprise and demonstrate responsible AI practices themselves to reduce risk. there is.
methodology
EY US commissioned a third-party organization to conduct the 2024 Human Risks in Cybersecurity Study. Online survey of n=1,000 full-time and part-time U.S. employees (i.e., technology-enabled professionals) ages 18 and older whose current job requires the use of a workplace-issued laptop/computer . The sample was balanced across age, gender, household income, race and ethnicity, and region. The survey was conducted from March 7 to 15, 2024. The overall sample margin of error (MOE) is +/- 3 percentage points.
About EY
At EY, we exist to build a better working world, helping to create long-term value for customers, people and society and build trust in capital markets.
Powered by data and technology, our diverse EY teams in more than 150 countries deliver trust through assurance and help our clients grow, transform and operate.
EY teams work across assurance, consulting, law, strategy, tax and transactions to ask better questions to find new answers to the complex problems facing the world today.
EY refers to the global organization and may refer to one or more of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited is a UK company by guarantee and does not provide services to customers. Information about how EY collects and uses personal data, and an explanation of the rights individuals have under data protection law, is available at ey.com/privacy. EY member firms do not practice law where prohibited by local law. Learn more about our organization. ey.com.
Ernst & Young LLP is a client-servicing member firm of Ernst & Young Global Limited with operations in the United States.
Source EY
