Younger employees disregard safety rules

B2B Cyber ​​Security ShortNews

Share post

According to the German Association of Civil Servants, around a quarter of all public sector employees will resign in the next ten years for reasons of age. They are being replaced by young employees from Millennials and Generation "Z".

An example of this: a good third of Generation Z employees also use private passwords at work (35%). Among millennials, this behavior is still found in one in four respondents (26%). In contrast, just 8% of employees born before 1965 (baby boomers) use the same passwords for private and business use. Young employees are also more likely to use the same or similar passwords across multiple accounts or devices (Generation Z: 48%, Millennials: 40%, Generation X: 31%, Baby Boomers: 22%). Such behavior makes it much easier for threat actors to gain initial access to an administration's IT systems. There is also a widespread willingness among younger employees to allow third parties access to company devices. One in five Gen Z workers (22%) have family members work with these devices. This only applies to 10% of baby boomers.

German authorities ill-prepared

It is no coincidence that young employees neglect the basic rules of data security. In a country comparison, German authorities perform poorly in the prevention of IT threats. One example is security training. Only a little more than half (54%) of those surveyed in Germany undergo mandatory training. For comparison, 61% of government agencies around the world require their employees to have cyber training. This situation also affects the employees' perception of threats. In their own estimation, 77% feel adequately prepared to identify and report threats such as malware and phishing in the workplace. However, just one in five German employees (19%) believes that they are very well prepared. With this, too, Germany is lagging behind in the global average.

One in four receives phishing emails

In view of the increasingly sophisticated phishing e-mails, which thanks to generative AI will in future hardly be distinguishable from legitimate e-mails, comprehensive training would be advisable. And the danger is real: 24% of employees in Germany (30% worldwide) report that they have been affected by phishing emails in the last 12 months. 5% (in Germany and worldwide) clicked on a link in a phishing email or transferred money to a scammer. Interestingly, these values ​​also correspond to the information provided by employees from the private sector. In a comparative study from December 2022, Ivanti found that 23% of them had been affected by phishing in the last year (State of Cybersecurity Preparedness 2023). According to both studies, employees in administrations and companies are attacked less frequently than the global average.

Employee: “None of my business”

Overall, however, the basic attitude of many employees in the public sector is questionable: "IT security is none of my business." According to the study:

  • believe 53 percent of employees in Germany (worldwide: 34%) do not think that their actions affect the security of their agency
  • feel 11 percent (Global: 17%) feel uncomfortable reporting mistakes they made to the IT team
  • it´s 9 percent (worldwide: 17%) don't even care if their agency is hacked
More at


About Ivanti

The strength of unified IT. Ivanti connects IT with security operations in the company in order to better control and secure the digital workplace. We identify IT assets on PCs, mobile devices, virtualized infrastructures or in the data center - regardless of whether they are hidden on-premise or in the cloud. Ivanti improves the provision of IT services and reduces risks in the company on the basis of specialist knowledge and automated processes. By using modern technologies in the warehouse and across the entire supply chain, Ivanti helps companies improve their ability to deliver - without changing the backend systems.

More at


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more