Cybersecurity: Younger employees are often more careless

Cybersecurity: Younger employees are often more careless

Share post

Younger employees in companies in particular are often more careless when dealing with passwords or phishing links. A study reveals hidden dangers in corporate security.

In a recent study, Ivanti took a closer look at the risk exposure of companies worldwide - from risky employee behavior to inconsistencies in safety culture. The study shows that standardized corporate security imposed from above tends to ignore specific risks. These go hand in hand with demographics, gender and function in the company, among other things. A key finding of the study: One in three employees is of the opinion that their actions have no influence on company security. Younger employees in particular display a worrying lack of concern.

Password Hygiene & Malicious Links

(Image: Ivanti)

🔎 Employees under 40 are much more careless when creating passwords (Image: Ivanti)

Many companies assume that older workers are less tech-savvy and therefore more likely to engage in risky behavior. In reality, the opposite is true. Younger professionals (under 40) are significantly more likely to ignore basic cybersecurity guidelines than Generation X and older. This applies to password hygiene, dealing with phishing links, and sharing devices with family and friends:

  • For example, while 38 percent of those under 40 use the same passwords on multiple devices, this is only 28 percent of the older workforce.
  • A date of birth can be found in the passwords of 34 percent of younger employees, while this is significantly less common among the older generation (19%).
  • One in three younger employees shares their digital work devices with friends or family members. Among the older workforce, this figure drops to just one in five.
  • 13 percent of office workers under the age of 40 click on a phishing link when specifically pointed out to them. For older people, this figure is a good 8 percent.

Younger employees are less likely to report dangers

So stereotypes about age-related technical knowledge can mislead companies. And the problem is not just related to cyber hygiene. The study also shows that younger professionals are less willing to report hazards. Of workers under 40, 23 percent said they did not report the last phishing email they received. For comparison: among those over 40, only 12 percent had not made a report. The most common reason for the behavior: “I didn’t realize this was important.”

“The assumption that younger employees are more security-conscious and tech-savvy is outdated and even dangerous. “Companies should test these assumptions by conducting internal research that assesses their own employees’ attitudes toward security risks and their role in addressing them,” said Daniel Spicer, Chief Security Officer at Ivanti.

Be afraid of the SecOps teams

(Image: Ivanti)

🔎 The study shows that many employees are afraid of the SecOps team (Image: Ivanti).

To ensure the security of an organization, information about security incidents or breaches must be available in near real time. However, the study shows that certain segments of the workforce are reluctant to report hazards - a fact that must be taken into account when developing information and training programs:

Seniority: The biggest variable in incident reporting is seniority. Seventy-two percent of executives surveyed said they had contacted a cybersecurity employee with a question or concern, compared to just 28 percent of office workers.

Gender: Women are less likely to report incidents than men. 28 percent have contacted a cybersecurity employee with a question or concern, compared to 36 percent of men.

All employees are important to cybersecurity

There are also differences in cybersecurity training and attitudes across countries: 43 percent of respondents in France say their companies do not offer mandatory cybersecurity training. At just 22 percent, German companies are very well positioned in this regard.

“Employees don’t always understand that they are valuable members of the extended security team, even when companies try to train and educate them,” adds Daniel Spicer. “Security leaders must empower all employees to defend themselves against threat actors and proactively build an open and approachable security culture.”

Many companies take a top-down approach to training and company-wide safety culture. However, the study shows that a cooperative and positive safety culture is much more effective. Insufficiently trained employees and cyber laissez-faire weaken the security posture of the company as a whole. Companies must therefore design their technical stack in such a way that friction for the end user remains as low as possible.

About the Study

Ivanti surveyed over 4 executives, cybersecurity professionals and office workers in Q2022 6.500 - 650 of them from Germany. (Office workers ≤40 years: 3.609, office workers >40 years: 2.769)

Go directly to the study on


About Ivanti

The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.


Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more