top of page

Who has the best IT behaviour?

According to a new report on behaviour and attitudes to cybersecurity among different age groups, employees over the age of 30 are more likely to adopt cybersecurity best practice than younger colleagues who have grown up around digital technology.  


The report – ‘Meeting the expectations of a new generation. How the under 30s expect new approaches to cybersecurity’ ( also indicates that the younger generation is more anxious about cybersecurity and their company’s ability to tackle the number of security threats.

Published by the Security division of NTT Ltd (, the report advises organizations to create an inclusive security culture that works across today's multi-generational workforce.  Researched as part of NTT’s Risk:Value 2019 report, it reveals that, on average, under-30s score 2.3 in terms of cybersecurity best practice, compared to 3.0 for over-30s.  In the UK, under-30s (4.3) and over-30s (5.5) are among the highest scores globally.
The data suggests that just because Millennials and Generation Z workers are born in the digital age, it does not necessarily mean they follow cybersecurity best practice.  In fact, employees who have spent longer in the workplace gaining knowledge and skills and have acquired ‘digital DNA’ during that time, sometimes have an advantage over younger workers who tend to be risk takers.  The report shows that over half (52%) of younger workers say they would consider paying a ransom demand to a hacker, compared to just 26% of over-30s.

Over half (58%) of under-30s believe their company does not have adequate skills and resources in-house to cope with the number of security threats.  This compares to quarter (26%) of over-30s, and may be the result of growing up in a technology skills crisis.

Commenting on the research, Azeem Aleem, VP Consulting (UK&I) Security, NTT, says “It’s clear from our research that a multi-generational workforce leads to very different attitudes to cybersecurity.  This is a challenge when organizations need to engage across all age groups, from the oldest employee to the youngest.  With technology constantly evolving and workers wanting to bring in and use their own devices, apps and tools, business leaders must ensure that security is an enabler and not a barrier to a productive workplace.

Adam Joinson, Professor of Information Systems, University of Bath, an expert on the intersection between technology and behaviour, adds: “There is no ‘one size fits all’ approach to cybersecurity.  The insights from the NTT study demonstrate that treating all employees as posing the same risk, or having the same skills, is problematic for organizations.  We do need to be careful not to assume that the under-30s simply don’t care so much about cybersecurity.  While this may be true in some cases, in others it is more likely that existing security policies and practices don’t meet their expectations about ‘stuff just working’.
“If we want to harness the fantastic creativity and energy of younger workers, we need to think about security as something that enables their work, not something that blocks them from achieving their tasks.  This is likely to mean security practitioners having to fundamentally rethink the way security policies operate, and finding ways to improve the fit between security and the tasks employees are required to undertake as part of their core work.”

A short video on the research can be found at

bottom of page