Transforming cybersecurity in a multigenerational workforce

by Azeem Aleem

16 April 2020

A group of colleagues in a boardroom

With today’s workforce made up of Baby Boomers, Generation X, Millennials and Generation Z – each with unique needs and expectations – managing these groups is no easy task.

And this is especially true when you throw cybersecurity into the mix. New insights from NTT’s report into how different generations approach cybersecurity show that treating all employees the same is not the answer. In fact, it will ultimately create siloed problems.

Let’s take a closer look at the attitudes to security and privacy that are being brought into the workplace by a new generation of employees who have grown up with digital technology.

Make no assumptions

It’d be wrong to assume that digital natives are more cyber-secure. The reality is that those workers in the over-30s category are actually more likely to adopt good cybersecurity practice than their younger colleagues. It seems the longer they’ve spent in the workplace acquiring their ‘digital DNA’, the greater the advantage they have over their younger workers.

Three people collaborating

Security culture must include every generation and be supported by a diverse range of employee champions

On the flipside, the under 30s, those born into the digital age, take a far more laid-back approach to cybersecurity. They do not want to be restricted by cybersecurity, and expect to be productive, flexible and agile at work using their own tools and devices. This is something that needs careful consideration and why a tailored approach is essential when it comes to cybersecurity policies.

In order to ensure the creativity and energy of younger workers is harnessed, security practitioners need to rethink the way policies operate. They need to create more innovative ways to improve the fit between security and the tasks employees are required to undertake as part of their core work. For younger workers, this means policies that help them achieve their tasks rather than block them.

Additionally, it’s important that organizations recognize there is no ‘one size fits all’ approach to cybersecurity. Assuming this will only lead to problems in the long term.

Cybersecurity best practice in a multigenerational workforce

Here are some helpful reminders and tips for businesses when transforming their approach to security while engaging with all generations in their workplace.

  1. Security culture must include every generation and be supported by a diverse range of employee champions, which includes age.
  2. Create a security panel that is made up of younger employees and listen to their views on cybersecurity.
  3. Ensure security is seen as an enabler rather than a hinderance – keep in mind the younger workers who are the most motivated in an agile, productive, flexible workplace environment, where they are most likely to buy into the desired culture and behaviors.
  4. Embed cybersecurity into the company culture and make it everyone’s business. Security leaders should be approachable to employees, through one-to-one interaction and more formal company events and programmes.
  5. Identify any skills shortages in the organization and implement learning programmes and mentoring, bringing in external support if necessary.
  6. Always remember that education is vital but make it fun and interactive for all by, for example, gamifying security learning.
  7. Regularly conduct simulation and table-top exercises to continuously assess people’s defenses.

It’s clear that different generations use technology in very different ways, so it’s down to business leaders to develop strong cybersecurity practices for all generations within the organization. Similarly, security leaders also need to be more approachable and talk the language of business, avoiding technical speak. Education is integral to changing cybersecurity behavior, so make the learning process engaging and relevant to all generations in the workforce.

Azeem Aleem

Azeem Aleem

VP, Cybersecurity Consulting, NTT Ltd.