Are millennials your biggest cyber security threat?

Millennials are typically described as the most tech-savvy generation, having grown up immersed in a world where smartphones, social media and the Internet of Things have become the norm.


But has this familiarity with technological innovation led to complacency when it comes to cyber security?


New research from T-Systems – the cyber security arm of Deutsche Telekom – suggests that millennials may be overestimating their digital skills, potentially putting their employers at risk.

Millennials confident in their capabilities

T-Systems found that millennials have confidence in abundance.


Approximately 50 per cent of people in their early 20s or 30s considered themselves ‘very knowledgeable’ about cyber security.


Other employees were more modest about their capabilities, with the average proportion of self-certified ‘very knowledgeable’ staff sitting at just 35 per cent.


Yet, Generation Y – as millennials are otherwise known – failed to meet expectations when further questioned about their cyber security habits. For example, only 27 per cent said they changed their passwords every few months. This figure jumped to 35 per cent for older workers.


Millennials are also more likely to reuse their email password for other accounts (32 per cent) than the average employee (21 per cent). According to T-Systems, men were particularly prone to overestimating their cyber skills.

Younger staff putting workplaces at risk

The research indicated that Generation Y’s sloppy approach to cyber security at work could expose employers to viruses, malware and hackers.


“It is easy for bosses to assume their younger, technologically literate colleagues know what they are doing – after all, they are typically very comfortable with the digital world, and generally lose no time in getting to grips with new apps and devices,” Scott Cairns, the UK head of cyber security at T-Systems, said.


“But there is a big difference between knowing how to use something and knowing what is going on ‘under the bonnet’. Just as there is a big difference between being a good driver and being a mechanic.”


Mr Cairns said cyber security education for all employees is paramount, especially as 66 per cent of respondents said they had not received any top-up training in this area within the last 12 months.


Nearly one-third (30 per cent) claimed they had never received cyber security education from any of their employers in the past.

Better training and more hiring needed

The T-Systems report echoed a similar survey from Hiscox earlier this year.


The firm’s 2017 Cyber Readiness Report found that 35 per cent of UK businesses admitted they had changed nothing about their cyber security set-up in the past 12 months, despite experiencing an attack on their systems.


However, it’s not all bad news. Some 47 per cent of firms across the UK, US and Germany said they would increase cyber security recruitment budgets by at least five per cent in the year ahead. Hiscox noted that organisations considered cyber security ‘experts’ had twice as many employees hired within the field than ‘novice’ enterprises.


As such, businesses may need to take a double-pronged approach to cyber security as attacks become more sophisticated.


Not only must they hire professionals with the right skills and experience, but they should also provide comprehensive training to existing employees to prevent staff leaving the back door open to corporate hackers.


Our 2017 Compensation and Market Trends Report combines our review of the prevailing conditions in the security & resilience recruitment market together with the results of our latest employer survey.