Why Multi-Generational Offices Need Cybersecurity Training

When Andres Carnegie famously observed that “it is only but three generations from shirtsleeves to shirtsleeves”, he was opining on the frequent pattern that sees one generation starting a business, the second making it a success, and the third destroying it. Carnegie was not concerned with cybersecurity when he made this observation, but with some variation, his words are prescient in describing the attitudes of different generations and age groups toward cybersecurity.

A recent survey suggests that Baby Boomers, who are generally in the 55+ age group, take a more intelligent and savvy approach to using strong passwords for logins, and conduct themselves with greater care in online transactions and communications. In contrast, the “Generation Z” age group (13 to 22 years old) is least concerned with online security and is most likely to act as if they are invulnerable to cyberattacks. In between these two extremes, Millennials (ages 23-34) are very proactive, and members of “Generation X” (ages 35-54) are concerned about cybersecurity but are less likely to do anything about it. Given these different attitudes among different generations, a one-size-fits-all approach toward cybersecurity will fail to connect with at least a portion of a multi-generational workforce in any business.

Generation Z and Millennials are the most blasé about cybersecurity. To accommodate this attitude, businesses will need to address the relationship between members of that generation and technology. Online technology has been omnipresent in their lives. The youngest generation of employees places great faith in the latest and greatest versions of software and desktop and mobile hardware. A Millennial employee, for example, might prefer his or her own computer or mobile device over an older one provided by an employer, but businesses have less control over personal devices and those devices are often a pathway for cyberattacks. Businesses will need to make greater investments in new technology to combat this attitude, but that technology will give them the best chance to instill greater cybersecurity awareness in Generation Z employees.

Baby Boomers and Generation X employees might pay more attention to cybersecurity, but there are still gaps in their attitudes and practices that can open an employer’s network to cyberattacks. Boomers, for example, are more apt to open infected attachments in emails from unknown sources or to fall prey to other phishing attacks that expose passwords and other critical network information. Gen Xers tend to install unapproved apps on mobile devices, or fail to heed corporate training on good cybersecurity practices. Attacking these failings can require a business to train employees regularly and to monitor their conduct and compliance with training. Again, this requires greater investment in training and a larger cybersecurity budget.

At the end of the day, not even the most current hardware and software or extensive training of all generations of employees can stop every attempted cyberattack from infiltrating a network. Hackers have become very adept at staying one step ahead of the cyber defense technology. Moreover, mistakes made by careless or uninformed employees in every age group are responsible for up to half of all successful cyberattacks. With the risk of a successful cyberattack being so high, cyber risk insurance is the best tool to manage and control that risk.

A good cyber risk insurance carrier will help a client to assess risk levels and will recommend the most appropriate cybersecurity training for the client’s multi-generational work force. In many cases, cyber risk insurance premiums will be lower than some of the technology defenses that a business might erect in an attempt to thwart cyberattacks. Including cyber risk insurance premiums as part of an overall cybersecurity budget is a rational response to the challenges presented by employees in different age groups. Further, that insurance will protest the business against direct losses and third-party liabilities that arise when training and technology are not enough to prevent a hacking attack.

No comments:

Post a Comment