For instance, its research found people in their twenties and early thirties are much more likely to consider themselves ‘very knowledgeable’ about cyber security than their older colleagues (about 50% rate themselves as “very knowledgeable” compared to an average for all employees of 36%).
But it turned out to be false confidence. On detailed questioning T-Systems found that Generation Y employees were often less knowledgeable than their colleagues and more likely to undertake unsafe cyber security practices at work and at home.
For instance, they are less likely to change their passwords every few months (about 73% don’t do this, compared to about 65% for older colleagues) and much more likely to reuse their email password for other online services (about 32% compared to an average of 21% for all employees). {See charts at the end of the press release}
Much of the same also applies to many male employees too, who similarly over-estimate their cyber security knowledge compared with female colleagues, and consequently are unwittingly exposing their work and home computers to viruses, malware and hackers.
The findings are contained in a new report published today from T-Systems entitled In your hands or theirs? Tackling Cyber Security Threats to Corporate Networks. Complimentary copies are available here. It includes research into a representative sample of over 2,000 UK employees conducted for T-Systems by research agency Censuswide.
Scott Cairns, the UK head of cyber security at T-Systems, said: “While no age group is exemplary when it comes to cyber security, whether at work or at home, the ‘digital natives’ of Generation Y, perhaps surprisingly, appear to be less security conscious than their middle-aged and baby boomer colleagues.
“Our research strongly suggests the problem lies with an overconfidence that comes from their very familiarity with electronic devices and the digital world. Generation X and Baby Boomer employees, compared to those in their 20s and early 30s, are often more cautious about their knowledge of IT and seem much more willing to tread carefully and follow cyber security protocols.
“It is easy for bosses to assume their younger, technologically literate colleagues know what they are doing – after all, they are typically very comfortable with the digital world, and generally lose no time in getting to grips with new apps and devices.
“But there is a big difference between knowing how to use something and knowing what is going on ‘under the bonnet’, just as there is a big difference between being a good driver and being a mechanic.
“Our message is cyber security education is essential for all employees, and employers should avoid making the mistake of overestimating security knowledge, especially in people who appear confident.”
Scott Cairns added: “Up-to-date and regular cyber security education for all employees is one of the most effective tactics an organisation can take. However, our research found that despite the pace at which cyber-attacks are evolving, 66% of employees had received no up-to-date education within the past twelve months. Nearly 30% of employees say they have never had cyber security education at any employer.”