A recent survey conducted by Yubico and OnePoll, which included 2,000 U.S. and U.K. consumers, found that the commonly held belief that Millennials and Generation Z are more cyber-savvy than baby boomers is not necessarily accurate. In fact, the survey revealed that younger Internet users are more likely to engage in poor cybersecurity practices, putting them at greater risk of falling victim to cyberattacks.
The survey discovered that a substantial percentage of Millennials and Generation Z individuals admitted to reusing passwords, failing to enable multifactor authentication, and not securing their payment information. Nearly half of Millennials, or 47%, reported reusing their passwords, while 37% admitted to saving their credit card information within their online accounts. Additionally, over half of both Millennials and baby boomers said that they don’t use multifactor authentication, don’t know what it is, or aren’t sure if they have it turned on.
The failure of younger users to implement different passwords across their digital accounts creates vulnerabilities that can be exploited by cybercriminals. This can result in malware infections, information theft, ransomware attacks, and other disruptive activities. Andrew Newman, the founder and CTO of ReasonLabs, emphasized that password reuse also allows cybercriminals to break into systems via credential stuffing.
Another survey conducted by the National Cybersecurity Alliance (NCA) across the U.S., the U.K., Canada, Germany, France, and New Zealand found that more than 50% of Millennials and over 56% of Generation Z respondents had access to cybersecurity training. However, a smaller proportion of the Silent Generation and baby boomers had access to cybersecurity training. Despite this, fewer than half of Generation Z and Millennials said they had experienced cybercrimes, despite being more likely to receive cybersecurity awareness training.
Given these findings, experts are emphasizing the need for tailored cybersecurity education programs. Lisa Plaggemier, executive director at the NCA, stated that traditional cybersecurity training often involves instilling fear through cautionary tales and pictures of hackers. However, this approach may not resonate with younger users, prompting the need for more engaging and creative training materials.
One example of an alternative approach is the NCA’s video series called “Kubikle,” which is a workplace comedy aimed at capturing the attention of younger viewers. Additionally, companies are encouraged to incorporate dynamic and interactive elements into their cybersecurity training to improve engagement and retention of the information.
Jason Nurse, an associate professor and senior lecturer in cybersecurity at the University of Kent, suggested that companies should personalize cybersecurity training to suit viewers across generations. He mentioned the potential effectiveness of using shorter-format videos or intra-communications platforms like Slack to convey cybersecurity awareness messages to younger employees.
Positive reinforcement was also highlighted as a key element in encouraging better cybersecurity practices among employees. Jason Nurse suggested acknowledging and praising individuals who successfully identify and report phishing emails as a way to reinforce good cybersecurity habits.
In conclusion, the research findings underscore the importance of customizing cybersecurity education programs to address the specific needs and preferences of different demographic groups. By tailoring training materials for younger audiences, promoting engagement through creative content, and implementing positive reinforcement, organizations can effectively combat poor cybersecurity practices among Millennials and Generation Z.