Part one of a four-part series covering Ivanti’s latest research. Get the full series: 

According to new cybersecurity research by Ivanti, the employees who are the most tech-savvy aren’t necessarily the ones we’d presume, demographically speaking. Why is that? And what are the issues it creates for an enterprise?  

For a new report, Ivanti surveyed 6,500 executive leaders, cybersecurity professionals and office workers across the globe to get a better understanding of:  

  • Employees’ attitudes toward cybersecurity and their perceived role in defending organizations. 
  • Security professionals’ diagnoses of key challenges and vulnerabilities. 
  • Leaders’ tech behaviors, as well as their level of buy-in to cybersecurity strategy. 

Some of the results were, in a word, surprising. And that starts with what we’ll examine in this first article in a four-part series about the hidden threats facing even those organizations that have solid cybersecurity programs in place. 

Get the report: Hidden Threats: How workforce demographics impact your security posture 

The opposite of expectations 

Many assume older employees are less tech savvy — and therefore more likely to engage in risky behaviors. In fact, our research found that the opposite is true.  

Younger professionals (those under 40) are significantly more likely to disregard important security guidelines compared to Gen X and older. This is true about performing password hygiene, clicking on phishing links and sharing devices with family and friends.  

Why it matters

These oversights, lapses and shortcuts add up to significantly higher security vulnerabilities with younger employees. 

Stereotypes about age-based tech savviness may be leading organizations astray. And the problem isn't only related to cyberhygiene (e.g., password habits, sharing devices); the research shows younger professionals are also less likely to report red flags when they encounter them. 

Among those 40 and under, 77% said they reported the last phishing email or message they received, compared to 88% of those over 40. The most common reason for not reporting? “I didn’t think reporting was important.” 

Stereotypes about older workers are particularly insidious because tech workers skew younger — and so may be more likely to believe their older colleagues are uninformed or vulnerable. 

For example, a study of 2,250 professionals in the UK found tech workers viewed colleagues as “over the hill” and “too old for their job” when they reached 38 years old. (Keep in mind, this is in relation to their tech industry peers, not average employees, who are less likely to be tech savvy.) 

Solution? Automate cybersecurity “savvy”

These findings underline why organizations need to rely less on employees’ individual judgment and more on tech interventions that make rule-following effortless.

Even better: deploy automations that run behind the scenes such that your end users aren’t even aware they exist.

“Assuming that younger employees are more security-conscious and tech-savvy is outdated and even dangerous. Organizations should road test these assumptions by conducting internal research that captures their own employees' attitudes about security risk and their part in managing it.”

Daniel Spicer, Chief Security Officer, Ivanti

In the next post in this series, we’ll examine the hidden threat that comes from employee reluctance to raise red flags about cybersecurity dangers.