In the report The Psychology of Human Error, Tessian gathered self-assessments about employees’ cybersecurity behaviors, noting differences among workers by age range. For example, half of younger workers admitted making a mistake with security implications for themselves or their company, compared to only 10% of workers over 51. Stanford University Professor Jeff Hancock said younger workers may be more aware of making a mistake and more willing to admit it, while older generations care more about self-presentation and respect in the workplace. Questions about phishing highlighted similar disconnects. While a quarter of employees overall report they have fallen for a phishing link, including 32% of those 31 to 40, only 8% of workers over 51 acknowledge doing so. Notably, this age group was also least likely to actually know what a phishing email was.
It is critical to understand the psychology of different employees and tailor cybersecurity education accordingly. “Younger employees have a thirst for knowledge, so teach them the techniques that hackers will use to target them,” said Hancock. Workers over 50 will not respond well to being told they do not understand something, so he advised that managers engage them in a conversation to help them recognize how their strengths and weaknesses can be used in an attack.