author photo
By Cam Sivesind
Wed | Oct 19, 2022 | 9:48 AM PDT

A new survey from EY reveals it is not the assumed tech-challenged Gen X and Baby Boomers who put organizations at greater risk when it comes to cybersecurity; it's Gen Z and Millennial employees who take it less seriously.

In an October 18th news release, EY shared the results of its 2022 Human Risk in Cybersecurity Survey, in which it asked 1,000 Americans about their cybersecurity and awareness practices.

The two key bullets that lead off the release might surprise some:

  • Roughly half of Gen Z (48%) and about one-third of Millennial employees (39%) admit to taking cybersecurity protection on their personal devices more seriously than on their work devices, potentially putting companies at risk.
  • Gen Z and Millennial workers are significantly more likely than older generations to use the same password for both a professional account and personal account and to disregard mandatory IT updates.

The survey's timing comes in the middle of Cybersecurity Awareness Month and, and as one EY cybersecurity consulting leader says, the revelation "should be a wake-up call for security leaders, CEOs and boards."

Some other interesting statistics from the study:

  • 76% of workers across generations consider themselves knowledgeable about cybersecurity; but 58% of Gen Z and 42% of Millennials are significantly more likely to disregard mandatory IT updates (vs. 31% for Gen X and 15% for Baby Boomers)
  • 30% of Gen Z and 31% of Millennials are more likely to use the same password for professional and personal accounts (vs. 22% and 15% for Gen X and Baby Boomers, respectively)
  • 48% of Gen Z and 43% of Millennials are more likely to accept web browser cookies on their work-issued devices all the time or often (vs. 32% for Gen X and 18% for Baby Boomers)

EY recommends the following approaches for educating employees about being cybersecurity aware:

  • Use carrots, not sticks
  • Provide cybersecurity education and make it personal
  • Understand and interrupt human behaviors