A recent survey conducted by EY indicates that over half of U.S. workers harbor concerns about the possibility of their organizations falling victim to cyberattacks.
The 2024 Human Risk in Cybersecurity Report gathered insights from 1,000 U.S.-based workers, encompassing both full and part-time employees across various sectors, who rely on computers for their work.
EY identified widespread apprehension among workers regarding cyber threats, with particular concerns about the potential role of AI in exacerbating these risks.
Approximately one-third of respondents expressed worries that their own actions could inadvertently expose their employers to cyber threats.
Younger workers, particularly Gen Z and Millennials, exhibited heightened anxiety about their potential contribution to cybersecurity risks. Many admitted feeling ill-equipped to recognize and address cyber threats in the workplace.
The survey revealed widespread beliefs among respondents that AI is amplifying the sophistication of cyberattacks, with a significant portion expressing concerns about AI's role in facilitating more frequent attacks.
Jim Guinn II, EY America’s cybersecurity leader, emphasized the importance of prioritizing human involvement in cybersecurity strategies. He advocated for empowering employees with knowledge, training, and a critical mindset regarding digital interactions.
A notable 91% of surveyed individuals stressed the importance of regularly updated cybersecurity training provided by their employers. However, a significant portion admitted feeling rusty in their cybersecurity knowledge, particularly concerning the responsible use of technologies like AI.
EY's report suggests implementing gamified training programs to enhance the effectiveness of cybersecurity education and fostering hands-on experiences with technologies like generative AI to deepen employees' understanding and promote defensive thinking.
Dan Mellen, EY America’s consulting cybersecurity chief technology officer, underscored the significance of embedding cybersecurity practices within organizational culture. He highlighted the role of leadership and comprehensive training in cultivating a security-conscious workforce capable of proactively identifying and addressing security threats.