Current FeaturesNews TickerRisk and Compliance

Cybersecurity Savvy

Amid escalating cyberattacks in the workplace, HR leaders can leverage three best practices to cull employee concerns.

By Maggie Mancini

Cyberattacks have nearly doubled since the onset of the pandemic, with organizations grappling with how to keep personal, proprietary information safe from hackers and threats. A recent survey from EY reveals escalating concerns about these cybersecurity threats in the workplace, with 53% of employees reporting they are worried that their organization will be the target of a future cyberattack and others concerned that their lack of knowledge about cybersecurity could open up their company to an attack.  

“The good news is that an increasing number of employees consider themselves to be knowledgeable about cybersecurity, and actively see it as part of their day-to-day professional responsibilities,” says Jonathan Sears, global people advisory services global technology leader at EY. “That knowledge is power, but it can also lead to increased levels of concern and worry about cybersecurity. That’s why it’s critical for organizations to have a plan on how to continually engage their employees throughout the year with hands-on exercises meant to build confidence in their use of technology.”  

EY research finds employees who are rusty on cybersecurity knowledge are most fearful of using technology at work. This, Sears says, is not good for the employee or the organization that is looking to streamline and modernize how it provides services. As more companies adopt AI, it’s no surprise that they include protocols that incorporate training for the responsible use of the technology in the workplace, he says.  

“This hands-on AI training offers employees exposure to fundamental capabilities and risks in various forms of AI,” Sears says. “Having firsthand experience using new and emerging technology unlocks a new level of understanding and drives defensive thinking in your workforce, which ultimately supports your cybersecurity defense.”  

The survey finds that Gen Z and millennials are less likely to feel fully equipped to identify and respond to cyber threats compared to their older colleagues. In fact, two in three Gen Z and millennial workers fear they would lose their job if they ever left their organization vulnerable to a cyberattack. 

“Especially for younger generations, cultivating a culture of cybersecurity confidence requires investments in robust upskilling,” Sears says. “In our research, 94% of employees who received instruction within the past year say cybersecurity is a priority to them. With their increased knowledge of technology, Gen Z and millennials are more concerned than older generations about their potential role in a cyberattack.”  

To cultivate a culture of cyber confidence among employees of all ages, Sears recommends that HR leaders consider the following.  

  • Training that is consistent and up-to-date gives employees more confidence in their cybersecurity preparedness. Organizations testing their employees to see if they handle threats appropriately can inadvertently turn cybersecurity education into a “gotcha” moment. 
  • Transparency surrounding how AI is developed and deployed across the organization eases employees’ concerns about using the technology responsibly. Make the process for reporting potential attacks and vulnerabilities simple enough that workers across all generations can seamlessly integrate it into their day-to-day lives.    
  • Trust needs to go both ways in the relationship between the organization and its employees. It’s important to position cybersecurity protocols as working in partnership with employees, not as police. 

Further, the U.S. Cybersecurity and Infrastructure Security Agency recommends implementing safe cybersecurity best practices like strong passwords, regularly updating work software, using caution when clicking suspicious links, and turning on multi-factor authentication to improve online safety.  

EY research finds that 78% of U.S. employees are concerned about the use of AI in cyberattacks, and 85% say they believe AI has made cybersecurity attacks more sophisticated. To help ease these concerns, Sears explains that HR leaders must embrace transparency surrounding how AI is being used and demonstrate responsible AI practices themselves to help mitigate risks.  

Only 62% of employees say their employer has made educating employees about ethical AI use a priority. EY’s AI Anxiety in Business survey finds that most employees would view their organization more positively if it offered education on AI ethics.  

Over 70% of the workforce—primarily Gen Z—are anxious that AI is going to take their jobs, so they’re starting from a position of fear with the new technology, Sears says. When coupled with the fact that nearly 40% of employees are not confident that they know how to use AI responsibly, it becomes a significant barrier for organizations looking to adopt the technology.  

“With emerging technologies continuing to evolve, it’s important to keep humans at the center of an organization’s strategy, and to implement programs that alleviate myths and fears, while demonstrating the value of the new technology to both the employee and the organization.”   

Tags: Current Features, Cybersecurity

Recent Articles