IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
CIOs
#
Cyber attacks
1/3 employees believe their actions don’t impact security
Wed, 11th Oct 2023
Author image
By Shannon Williams, Journalist
Follow us

Cybersecurity firm Ivanti has released a cybersecurity report on hidden threats as part of its Cybersecurity Report Series. 

Ivanti surveyed more than 6,500 executive leaders, cybersecurity professionals and office workers to uncover how workforce demographics impact an organisation's cybersecurity posture. The report finds that one in three employees believe their actions do not impact their organisation’s security.  

The research also shows that Millennial and Gen Z office workers are more likely to have unsafe cybersecurity habits when compared to Gen X and older (those above 40 years of age). This is true about performing password hygiene, clicking on phishing links and sharing devices with family and friends: 
·       38% of office workers under 40 use the same passwords on multiple devices, compared to 28% of office workers older than 40. 

·       34% of office workers under 40 shared work device(s) with family or friends, compared to 19% of office workers older than 40. 

·       34% of office workers under 40 use a birthdate in their password, compared to 19% of office workers older than 40. 

·       13% of office workers under 40 clicked on a phishing link when targeted, compared to 8% of office workers older than 40. 


In addition, gender, seniority and region can impact the collective strength of the organisation’s security as a whole. The report finds that men and leaders are more comfortable contacting a security employee with a question or concern – with leaders at an organisation the most likely to reach out with a question at 72%. 

The report also shows that there are regional variations in cybersecurity training and attitudes with 54% of employees in China and 43% in France reporting that their organisations do not provide mandatory cybersecurity training. That number drops to 17% for the United Kingdom, 30% in the United States and 22% in Germany respectively.  

“Employees don’t always understand that they’re valuable members of the extended security team despite organisations best attempts to train and educate,” says Daniel Spicer, Chief Security Officer at Ivanti. 

“There is also a dangerous assumption that since younger office workers are generally more tech savvy, they are also more security conscious," he says. 

"Security leaders need to enable all employees to play defence against threat actors and proactively build an open and welcoming security culture," Spicer says.

"Many organisations have a top-down approach to training and cybersecurity culture; however, the research shows it’s critical to build a collaborative and positive security culture at every organisation," he says. 

"Undertrained employees risk diluting the strength of the overall organisation's preparedness, which is why organisations need to design their tech stack to minimise end-user friction."

Related stories
GitHub's 2FA initiative helps secure software supply chain
AI tools linked to data exposure in 1 in 5 UK organisations
Pearcey Foundation reveals Australia 4.0 blueprint for net zero transition
Gen AI optimism high in ANZ but cybersecurity concerns loom
NetApp 2024 report uncovers 'disrupt or die' era powered by AI
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Australian emergency services struggle with mobile tech failures