Arkadin

Arkadin is one of 28 remarkable companies coming together to create a leading global technology services company. From 1 October 2019, Arkadin will start its journey to fully rebrand to NTT. For more information about our transition to the NTT brand, visit hello.global.ntt
Together we do great things!

Why under 30 year olds require a new approach to enterprise cybersecurity

“It’s not that under 30s don’t care about cybersecurity…it’s more that enterprise cybersecurity often doesn’t meet their expectations”

In this guest post Richard Thurston, Global Market Insights Manager, Cybersecurity at NTT Ltd. looks at the key motivations and concerns of the next generation.


We have just released an in-depth focus on the preferences of under 30 year olds regarding cybersecurity. Those preferences – identified through our Risk:Value global research – are profoundly different to other generations in the workplace.

Our Meeting the Expectations of a New Generation Report identifies drivers, challenges and concerns of the under 30s in businesses around the world. We also find in which countries and sectors the under 30s show the most good practice.

Laidback but not complacent

While millennials care deeply about their productivity, and can be laid back about cybersecurity, what is readily apparent is that they get cybersecurity. In conducting our qualitative research, every one of the under 30s we spoke to was readily able to articulate their views on the subject.

Having different preferences across generations poses challenges for organizations. Treating all employees with the same risk profile, or assuming the same level of skills or attitudes/behavior is too simplistic. As well as increasing organizational risk, adopting a one-size-fits-all culture hurts talent retention.

So what are the key takeaways from our work? There’s more in the report, but here are three to consider:

Under 30s are less diligent about cybersecurity…

1. Given that under 30s have spent the highest percentage of their lives in the digital era, you might expect they demonstrate the most cybersecurity good practice. However, this is not the case. Indeed, greater business experience – and the acquisition in more recent times of digital DNA – means that those between the ages of 30 and 60 demonstrate more cybersecurity good practice, on average.

…but they do have concerns.

2. Skills really worry the under 30s. We know there’s a skills shortage in cybersecurity, but the younger generation is more acutely aware. As much as 42% of over 30s believe their organizations don’t have adequate skills or resources in-house to cope with the number of security threats. For under 30s, the figure is four percentage points higher. This just plays to the point that cybersecurity is top of mind for the younger demographic.

Productivity is the prize – but at what cost?

3. We know some companies pay ransoms to cybercriminals, as they consider the loss of data and time are a worse outcome than paying the ransom. But it’s striking that the propensity to pay is 30% higher among the under 30s. We think this is related to their continued thirst for productivity, and to get back online and operational as soon as possible. Of course, payment of a ransom to a cyber criminal guarantees nothing.

Meeting millennial expectations about cybersecurity

We have been working with Adam Joinson, professor of information systems at the University of Bath, who – writing in the report – is absolutely right to say that it’s not that under 30s don’t care about cybersecurity in the main. It’s more that enterprise cybersecurity often doesn’t meet their expectations.

So, as part of this report, we propose six key actions that can improve your security posture by taking into account the needs of this important age group.

Culture and inclusion is key. Far too many of the individuals we spoke to felt cybersecurity was the responsibility of the IT department, and not themselves. Several under 30s told us quite unassumingly that they felt confident that when cybersecurity incidents occurred, it would be resolved by others.

Reducing organizational risk

At NTT, we encourage businesses to focus on speed, execution and teamwork. This might involve setting the expectations of the younger generation early on, conducting simulation exercises involving all company employees in order to test the organization’s cyber resiliency and of course embracing the whole workforce with an inclusive cybersecurity culture.

Cybersecurity threats are becoming more complex but, with the right approach encompassing all generations, organizational risk can be reduced.


Richard Thurston is Global Market Insights Manager, Cybersecurity at NTT Ltd. and plays a key role in NTT Security’s thought leadership, untangling and articulating the complex web of cyber security and related business trends that affect and influence organizations around the world.

About the author

Richard Thurston is Global Market Insights Manager at NTT Security, and is responsible for untangling and articulating the complex web of cyber security and related business trends that affect and influence organizations around the world. He plays a key role in NTT Security's thought leadership. A prolific consumer of qualitative and quantitative insight, Richard is passionate about how the latest changes to the cyber security landscape drive business decisions and behaviours. Richard has worked in insight, market intelligence and as a journalist and industry analyst in B2B technology for nearly two decades.

Leave a Reply

Together we do great things