According to the German Association of Civil Servants, around a quarter of all public sector employees will resign in the next ten years for reasons of age. They are being replaced by young employees from Millennials and Generation "Z".
An example of this: a good third of Generation Z employees also use private passwords at work (35%). Among millennials, this behavior is still found in one in four respondents (26%). In contrast, just 8% of employees born before 1965 (baby boomers) use the same passwords for private and business use. Young employees are also more likely to use the same or similar passwords across multiple accounts or devices (Generation Z: 48%, Millennials: 40%, Generation X: 31%, Baby Boomers: 22%). Such behavior makes it much easier for threat actors to gain initial access to an administration's IT systems. There is also a widespread willingness among younger employees to allow third parties access to company devices. One in five Gen Z workers (22%) have family members work with these devices. This only applies to 10% of baby boomers.
German authorities ill-prepared
It is no coincidence that young employees neglect the basic rules of data security. In a country comparison, German authorities perform poorly in the prevention of IT threats. One example is security training. Only a little more than half (54%) of those surveyed in Germany undergo mandatory training. For comparison, 61% of government agencies around the world require their employees to have cyber training. This situation also affects the employees' perception of threats. In their own estimation, 77% feel adequately prepared to identify and report threats such as malware and phishing in the workplace. However, just one in five German employees (19%) believes that they are very well prepared. With this, too, Germany is lagging behind in the global average.
One in four receives phishing emails
In view of the increasingly sophisticated phishing e-mails, which thanks to generative AI will in future hardly be distinguishable from legitimate e-mails, comprehensive training would be advisable. And the danger is real: 24% of employees in Germany (30% worldwide) report that they have been affected by phishing emails in the last 12 months. 5% (in Germany and worldwide) clicked on a link in a phishing email or transferred money to a scammer. Interestingly, these values also correspond to the information provided by employees from the private sector. In a comparative study from December 2022, Ivanti found that 23% of them had been affected by phishing in the last year (State of Cybersecurity Preparedness 2023). According to both studies, employees in administrations and companies are attacked less frequently than the global average.
Employee: “None of my business”
Overall, however, the basic attitude of many employees in the public sector is questionable: "IT security is none of my business." According to the study:
- believe 53 percent of employees in Germany (worldwide: 34%) do not think that their actions affect the security of their agency
- feel 11 percent (Global: 17%) feel uncomfortable reporting mistakes they made to the IT team
- it´s 9 percent (worldwide: 17%) don't even care if their agency is hacked
About Ivanti The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.
More at Sophos.com