A company's security is only as strong as its weakest link, which is often employees. In particular, millennial professionals are two times more likely prioritize simplicity over security, according to a Biscom 2018 report of more than 600 U.S. employees in roles handling sensitive data. And 20% of older generations, like baby boomers, are more likely to do something despite knowing it's wrong in security.
Nearly 80% of employees across generations agree with their company's security policies. Yet about three-fourths of them admit to sharing company data among coworkers in an unsecured manner, and 60% share such information with people outside of the company.
Millennials were three times more likely to avoid security policies because of laziness, contributing to the 60% of those surveyed who said they do what is easiest when handling sensitive documents, according to the report. About 74% of respondents use email to send sensitive data, despite the security risks.
The tech industry often shifts in its favoring of one generation over another for IT roles. Currently, 42% of the tech workforce are millennials. Within the tech space, most professionals are about five years younger than their non-tech counterparts, including managerial roles.
"It's easy to generalize behavior based on age, and millennials certainly get more than their fair share of negative stereotyping," said Bill Ho, CEO of Biscom, in an emailed statement to CIO Dive. This is in part self-infected for millennials, who have a tendency of oversharing on social media. However, Ho argues the more likely cause of millennials' laissez faire approach to cybersecurity is their comfort with technology.
Hiring younger generations in the tech field is relatively common, though it does raise concern over the management of legacy systems. Older tech professionals are retiring out of the industry, effectively threatening the ability to maintain outdated code and infrastructure.
But despite ageist hiring practices for tech-specific jobs, considering a generation's overall sense of cybersecurity may also impact hiring. Companies have to consider an employee's sense of responsibility while handling and accessing sensitive data.
Insider threats are just as dangerous as ones from the outside, and companies need protocols in place to address both threats. Negligent employee behavior resulting in a security incident costs about $280,000 per incident and represents about 64% of incidents. Employees with malicious intent or thieving purposes who steal credentials can raise nearly $650,000. But malicious insider incidents only account for 23% of incidents.
Trusting employees with protecting company data is vital to the organization's ability to stay secure and reputable. Cloud-based sharing methods and limited credential access are both easy ways to limit an employee's chances of compromising an organization's security.