Are younger workers exposing businesses to greater IT security risk?


A recent report from the United States has collected data which shows that, contrary to popular belief, younger workers are more likely to have a flippant or casual attitude toward cybersecurity rules at work, potentially creating a greater risk of cyber breaches and putting their employers in greater jeopardy when it comes to the security of their IT and their finances.

Generation Z (born between the mid 1990s and early 2010s) and Millennials (born 1980s to mid 1990s) grew up with the internet and greater use of digital technology and should therefore have a better grasp of cybersecurity and understanding of the perils of cyber incidents.

However, in a series of questions focusing on flippant or naïve uses of computer systems within the workplace, it was shown that Millennials and Gen Z employees were far less likely to be conscious of the consequences for IT Security of their actions in the business workspace.

Research by global professional services group Ernst & Young shows Gen Z and Millennials are more likely to disregard IT updates for as long as possible than older workers (58% for Gen Z and 42% for millennials vs. 31% for Gen X and 15% for baby boomers).  They are also more likely to accept cookies on their work devices all the time or often (48% for Gen Z and 43% for Millennials vs. 31% for Gen X and 18% for baby boomers).

Younger workers are also more likely to use the same password for personal and work devices than their older colleagues (30% for Gen Z and 31% for Millennials vs. 22% for Gen X and 15% for baby boomers). The report concluded that almost half of Gen Z employees and 40% of Millennials were happy to admit that they took security more seriously on their personal devices than in the workplace.

Tapan Shah, EY Americas Consulting Cybersecurity Leader, further emphasized the need to focus on the people using the systems, as much as the systems themselves; “There is an immediate need for organizations to restructure their security strategy with human behaviour at the core. Human risk must be at the top of the security agenda, with a focus on understanding employee behaviours and then building proactive cybersecurity systems and a culture that educates, engages, and rewards everyone in the enterprise.”

Harry Bush, Associate Director of Brunel Professions said: “It has long been understood within the cybersecurity industry, that the biggest weakness to any system is the human component. Therefore, whilst younger employees may have a better base understanding of the types of cybersecurity which should be in place, it is also necessary for employers to ensure that each employee is taking the threats to the business seriously. When cyber incidences and attacks are increasing at a seemingly exponential rate, it cannot be understated how important training, vigilance and protocols are to individual businesses.”

EY has published a press release about the research on its website. is owned by Brunel Professions, which is a leading professional indemnity insurance broker in the UK.  Click here to get a quote or call 0345 450 1074 to speak to a broker.