Cybersecurity Awareness Falls Behind as Global Workforce Engages in Risky AI Practices

The most recent Annual Cybersecurity Attitudes and Behaviours Report, which was published by the Australian Cyber Collaboration Centre, has unveiled that both Australian and worldwide workforces are displaying various alarming cybersecurity behaviors, including a significant inclination to share company data with AI tools.

By surveying 6,500 individuals of diverse age groups in eight countries, encompassing Australia and New Zealand, the report concluded that IT and cybersecurity leaders are progressing towards enhancing security through cybersecurity training. Nevertheless, they are still combatting several unfavorable cybersecurity attitudes and behaviors within their workforces that could impede this advancement.

Numerous Individuals and Employees Find Cybersecurity Frustrating

According to the report, Australians, much like others globally, are increasingly frustrated by the necessity for continuous online cybersecurity measures. In an Australian cybersecurity landscape characterized by widespread digitalization of business and services and a notable number of data breaches:

• 52% of respondents acknowledged finding online security “frustrating,” while 44% confessed feeling overwhelmed by the intricacies of maintaining online safety.
• There has been a notable decline in the perceived value of online security, with only 60% of Australians believing it is worth the effort, a decrease of 9% from the previous year.
• Generation Z and Millennials exhibit the most pessimism regarding their ability to stay secure online, with many scaling back their online activities due to these concerns.

The outcomes indicate a growing dissatisfaction with the challenges of the digital environment in which individuals operate. The complexities and obstacles of navigating cybersecurity to reduce risks might be leading to disengagement with security practices, posing a threat to employer data security protocols.

VIEW: APAC employees prioritize convenience and speed over cybersecurity

Individuals are Relinquishing Cybersecurity Responsibility

Increasingly, individuals are placing the responsibility for securing their information on others, including the tech industry and tech platforms. In Australia, a staggering 90% of respondents across all age brackets believe that apps and platforms should bear the responsibility for safeguarding their personal data. Additionally:

• IT and security departments are considered the most accountable for protecting data in the workplace; however, more employees are now assigning greater responsibility to the tech sector.
• The percentage of individuals who consider themselves primarily responsible for security decreased by 7% since 2023.
• The Australian Cyber Collaboration Centre identified a widespread complacency, with 43% presuming their devices were inherently secure, a figure higher among the younger generations.

Premium: Guide on establishing a cybersecurity awareness initiative

Matthew Salier, the CEO of the Australian Cyber Collaboration Centre, remarked in a statement, “Complacency and frustration pose significant risks in combating cybercrime in Australia. Greater vulnerability to cyber-attacks, particularly among younger generations, is worrisome as they fail to take adequate precautions, overly relying on others, or assuming their devices are secure.”

Essential Cybersecurity Behaviors Still Need Enhancement

The report highlighted that individuals continue to grapple with upholding cybersecurity best practices, which could impact employers:

Usage of Passwords: The utilization of personal information for passwords, like names of family members or pets, surged across all age groups, with Generation Z being the demographic most inclined (52%) to use such passwords. Among those with multiple online accounts, the most favored way to manage passwords is by jotting them down on a physical notepad (29%), while only 12% leverage a password manager.

Adoption of Multi-Factor Authentication: An overwhelming 81% of respondents are familiar with MFA, marking an 11% increase from the previous year, which should assist cybersecurity professionals in deploying the technology. Nevertheless, adoption remains inconsistent. The report indicated that MFA implementation could lead to frustration in user experience, with many younger users who tried implementing MFA on their devices in the past subsequently abandoning it.

Detection of Phishing: Survey participants displayed readiness in identifying phishing emails or malicious links, with 67% across different regions expressing confidence in their ability to do so. However, 10% noted a lack of confidence. The report suggested this stemmed from the increasing sophistication of phishing attempts, including the usage of AI by cybercriminals.

More than half of workers have not been trained for secure AI usage

Novelty AI tools are giving rise to fresh cybersecurity and data protection concerns in the workplace:

• A concerning 52% of employed individuals in Australia have yet to receive any instruction on secure AI utilization, notwithstanding worries like data breaches and excessive dependence on AI responses.
• An alarming 38% of global respondents from various jurisdictions confessed to sharing sensitive work-related data with AI without their employers’ awareness.
• The act of employees sharing data with AI was more prevalent among younger age cohorts, with 46% of Gen Z and 43% of Millennials engaging in such behavior compared to 26% of Gen Xers.

Lack of trust in organizations for responsible AI deployment

There is compelling evidence suggesting individuals have distrust in businesses and IT sectors regarding the responsible deployment of AI:

• The faith in companies responsibly integrating AI was at its lowest in Australia, with only 35% believing that companies were capable of executing AI ethically.
• Milennials in Australia fear that AI will further complicate scam detection efforts.

Academy: Enhance your skills with our exclusive 2024 cybersecurity mastermind training bundle

Globally, there are apprehensions that AI will impact employment. Nearly half of Gen Z (48%) and Millennials (49%) expressed concerns that AI could alter their job status, whereas Baby Boomers and the Silent Generation were less anxious about AI’s work implications (13% and 11% respectively).

Training in cybersecurity bringing hope to IT professionals

Despite concerning cybersecurity behaviors highlighted in the report, IT and cybersecurity experts have received positive indications that the cybersecurity training initiatives they have implemented are enhancing cybersecurity awareness among their employees:

• The majority (83%) of survey participants who received training at their workplace or educational institution found it beneficial.
• Notably, the highlighted impacts were on identifying and reporting phishing attempts (52%) and utilizing MFA (45%).
• Overall, the report indicated an uptick in the perceived effectiveness of training across all security practices compared to the findings from 2023.

“As AI keeps evolving the threat landscape,” Salier concluded, “it is crucial to equip individuals and businesses in Australia with the necessary tools to navigate this intricate terrain.”

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts