NTT report finds 'digital natives' don’t prioritize cybersecurity

Oct. 29, 2019
Research recently conducted by the Security division of NTT Ltd. finds that professionals age 30 and under are concerned by the cybersecurity skills shortages in their organizations -- and are more likely to pay hackers' ransom demands.

In today’s multigenerational workforce, professionals over the age of 30 are more likely to adopt cybersecurity best practices than their younger colleagues who have grown up with technology. This insight comes from research recently conducted by the Security division of NTT Ltd., a leading global technology services company, regarding generational attitudes toward cybersecurity. Among the more than 2,000 professionals surveyed, nearly 700 respondents – all under 30 – worked outside of IT in management and decision-making positions.

NTT’s report, Meeting the Expectations of a New Generation, identified good and bad cybersecurity practices for organizations surveyed as part of its Risk:Value 2019 report, scored across 17 key criteria. From the responses to the research, NTT assigned each business a score of between -41 and +27. The average organization scored +3. The report revealed that under-30s scored 2.3 in terms of cybersecurity best practices, compared to 2.9 for 30- to 45-year-olds and 3.0 for 46- to 60-year-olds.

This data suggests that those born and raised in the digital age don’t necessarily follow cybersecurity best practices. In fact, employees who have spent more time in the workplace gaining knowledge, skills and acquired ‘digital DNA,’ tend to have a stronger security posture than younger workers.

Under-30s, on the other hand, are more laid back about cybersecurity responsibilities. They adopt different working styles and prefer to be more productive, flexible and agile at work using their own tools and devices. Moreover, half of under-30 respondents think that responsibility for cybersecurity rests solely with the IT department. This is 6% higher than respondents in the older age categories.

Top generational differences in attitudes toward cybersecurity, according to the research, are as follows:

  • Under-30s are more likely to consider paying a hacker’s ransom demand (39%) than over-30s (30%). This may be due to an impatience to get systems back up and running, or a greater knowledge of bitcoin and other cryptocurrencies.
  • Growing up in a technology skills crisis, 46% of under-30s are worried their company doesn’t have the right cybersecurity skills and resources in-house. This is 4% higher than for over-30s.
  • The desire for flexibility and agility could be affecting attitudes to incident response. Under-30s estimate that a company could recover from a cybersecurity breach in just 62 days – six days less than the time estimated by older age groups (68 days).
  • Younger workers are more accepting of personal devices at work than their older counterparts; 8% fewer consider them a security risk. However, they’re more concerned about the Internet of Things (IoT) as a potential risk (61% compared to 59%).
  • Eighty one percent believe cybersecurity should be an item on the boardroom agenda, compared to 85% of over-30s.

The NTT data cited in the cited report was collected through global research commissioned in 2019 involving 2,256 organizations in 17 sectors across 20 countries and conducted by Jigsaw Research. Respondents were senior decision-makers outside of the IT department, with 20% holding a C-level position. Overall results were published in the Risk:Value 2019 Report and related content. From the responses to the research, NTT identified good practice and bad practice in cybersecurity, with each business being accordingly given a score of between -41 and +27. The average organization scored +3. NTT then considered the score of the organization by age of respondent.

Matt Gyde, CEO, Security, NTT Ltd., comments: “NTT’s research has uncovered contrasting attitudes and behaviors on cybersecurity from different generations. It’s clear from the research that the workforce has a very different approach and attitude to cybersecurity, depending on age. Businesses must transform their approach to security if they are to engage all generations. Most important is ensuring that employees understand that security is everyone’s business, and isn’t simply a role for IT, as has been the case in the past. Different generations use technology in very different ways and business leaders need to recognize that strong cybersecurity practices for all generations within the business is an enabler and not a barrier. Security leaders should make themselves more approachable and talk the language of business, not IT. Education is also fundamental to change in cybersecurity behavior, so make the learning process interesting and relevant to all generations in the workforce.”

More information is available at:

Sponsored Recommendations

imVision® - Industry's Leading Automated Infrastructure Management (AIM) Solution

May 29, 2024
It's hard to manage what you can't see. Read more about how you can get visiability into your connected environment.

Global support of Copper networks

May 29, 2024
CommScope designs, manufactures, installs and supports networks around the world. Take a look at CommScope’s copper operations, the products we support, our manufacturing locations...

Adapt to higher fiber counts

May 29, 2024
Learn more on how new innovations help Data Centers adapt to higher fiber counts.

Going the Distance with Copper

May 29, 2024
CommScopes newest SYSTIMAX 2.0 copper solution is ready to run the distanceand then some.