The last Annual Report on Cybersecurity Attitudes and Behaviorspublished by the Australian Cyber Collaboration Centre, found that Australian and global workers exhibit a variety of concerning cybersecurity behaviors, including a significant tendency to share company data with AI tools.
Surveying 6,500 people of varying ages across eight countries, including Australia and New Zealand, the report finds that IT and cybersecurity leaders are making progress toward improving security through cybersecurity training. However, they still face several poor cybersecurity attitudes and behaviors among their staff that could hinder this progress.
Cybersecurity is frustrating for many individuals and employees
The report reveals that Australians, like others around the world, are increasingly frustrated by the need for constant cyber security measures online. In an Australian cybersecurity environment that includes widespread digitalization of businesses and servicesas well as a a large number of data breaches:
- 52% of respondents said online safety is “frustrating” for them, and 44% admit they feel intimidated by the complexity of staying safe online.
- There has been a significant decline in the perceived value of online safety, with only 60% of Australians believing it is worth it, a drop of 9% since last year.
- Generation Z and millennials are the most pessimistic about their ability to stay safe online, with many having reduced their online activities due to these concerns.
The findings suggest growing dissatisfaction with the downsides of the digital environment in which individuals work. The complexities and friction of navigating cybersecurity to minimize risk could lead to disengagement from security practices, which could threaten employers’ data security measures.
SEE: APAC employees choose convenience and speed over cybersecurity
Individuals outsource responsibility for cybersecurity
Individuals increasingly expect others to be responsible for the security of their information, including the technology industry and technology platforms. In Australia, 90% of participants of all ages believe apps and platforms should be responsible for protecting their personal information. Furthermore:
- IT and security departments are seen as primarily responsible for protecting information in the workplace, although more employees are now assigning more responsibility to the technology sector.
- The percentage of people considering themselves primarily responsible for security fell by 7% compared to 2023.
- The Australian Cyber Collaboration Center found “widespread complacency”, with 43% of respondents assuming their devices were automatically secure. This percentage was higher for younger generations.
Prime: How to Create a Cybersecurity Awareness Program
“Complacency and frustration are dangerous combinations in the fight against cybercrime in Australia,” Matthew Salier, chief executive of the Australian Cyber Collaboration Centre, said in a statement. “Vulnerability to cyberattacks is particularly concerning for younger generations, as they do not take adequate precautions, rely too much on others, or assume their devices are secure. »
Key cybersecurity behaviors can still be improved
The report reveals that individuals still struggle to maintain cybersecurity hygiene, which could impact employers:
Using the password: The use of personal information for passwords, such as family members or pet names, has increased across all generations, with Gen Z being the group most likely to use these passwords (52%). The most preferred management method passwords among those who have more than one online account, it’s writing them down in a physical notebook (29%), while only 12% use a password manager.
Multi-factor authentication: 81% of respondents have heard of MFA, an increase of 11% from last year, which should help cybersecurity professionals implement this technology. However, adoption is inconsistent. The report reveals that adopting MFA could be frustrating for user experience, with many younger users who tried to implement MFA in the past on their devices having since abandoned it.
Phishing detection: Survey participants were willing to recognize phishing emails or malicious linkswith 67% across all geographies saying they are confident they can do so. However, 10% of those surveyed say they are unsure. The report suggests this is due to the increasing sophistication of phishing attempts, including those from criminals using AI.
More than half of employees have not received training to use AI safely
Artificial intelligence tools create new cybersecurity and data security challenges in the workplace:
- In Australia, more than half of employed participants (52%) have yet to receive training on the safe use of AI, despite concerns such as data leakage and over-reliance on answers.
- A shocking 38% of global respondents across all jurisdictions admitted to sharing sensitive work information with AI without their employer’s knowledge.
- The prevalence of employees sharing data with AI was higher among younger generations, with 46% of Gen Z and 43% of Millennials sharing data with AI, compared to 26% of Gen X.
Organizations are not trusted to implement AI responsibly
There is evidence that individuals may have little confidence in the ability of organizations and IT to implement AI:
- Confidence in companies implementing AI responsibly was lowest in Australia, where only 35% believed companies were up to the challenge of implementing AI ethically.
- Australian millennials fear AI will make spotting scams even harder.
Academy: Upskill yourself with our own 2024 Cybersecurity Mastermind Training Bundle
There are global concerns about the impact of AI on jobs. Nearly half of Gen Z (48%) and Millennials (49%) say it is likely that AI will lead to changes in their work situations, even though Baby Boomers and the Silent Generation were less concerned about the impact of AI on their work (13% and 11%, respectively).
Cybersecurity training offers a silver lining for IT professionals
Although the report reveals some concerning cybersecurity behaviors, IT and cybersecurity professionals have received an indication that the cybersecurity training programs they have deployed appear to be increasing cybersecurity awareness among their employees:
- The majority (83%) of respondents who had access to training at their workplace or place of study found it useful.
- The largest impacts reported were on recognizing and reporting phishing messages (52%) and using MFA (45%).
- Overall, the report reveals an increase in the perceived impact of training on all safety behaviors compared to 2023.
“As the threat landscape evolves with the introduction of AI,” concludes Salier, “we need to equip individuals and organizations in Australia with the tools they need to navigate this complex environment.”