A new survey shows Generation Z and millennials, younger workers who have grown up as digital natives, are surprisingly more careless about their employer's cybersecurity than their senior Gen X and baby boomer colleagues. 

According to Ernst & Young LLP's 2022 Human Risk in Cybersecurity survey, although 83% of workers in the US report they understand their company's cybersecurity policies, younger Gen Z and millennial workers are less likely to comply with them. 

For instance, 48% of Gen Z and 39% of millennial employees confessed to being more cautious with their own devices compared to their work-issued devices; they also admitted to widely disregarding IT updates; reusing passwords for personal and professional accounts; and accepting browser cookies in far greater numbers than Gen X or baby boomer workers. 

"This research should be a wake-up call for security leaders, CEOs and boards because the vast majority of cyber incidents trace back to a single individual," Tapan Shah, EY Americas' consulting cybersecurity leader, said in a statement. "There is an immediate need for organizations to restructure their security strategy with human behavior at the core. Human risk must be at the top of the security agenda, with a focus on understanding employee behaviors and then building proactive cybersecurity systems and a culture that educates, engages, and rewards everyone in the enterprise."