The latest Annual Cybersecurity Attitudes and Behaviours Report, released by the Australian Cyber Collaboration Centre in Australia, has revealed both Australian and global workforces are exhibiting various concerning cybersecurity behaviours, including significant tendency to share company data with AI tools.

Surveying 6,500 individuals of varying ages in eight countries, including Australia and New Zealand, the report found IT and cybersecurity leaders are making headway toward improving security with cybersecurity training. However, they are still battling a number of poor cybersecurity attitudes and behaviours in their workforces.

Cybersecurity is frustrating to many individuals and employees

The report found that Australians, like others around the world, are increasingly frustrated by the need for constant online cybersecurity measures. In an Australian cybersecurity environment that has included pervasive digitisation of business and services, as well as a large number of data breaches:

• 52% of respondents reported that online security is “frustrating” for them, with 44% admitting they feel intimidated by the complexities of staying safe online.
• There has been a significant decline in the perceived value of online security, with only 60% of Australians believing it is worth the effort, a drop of 9% since last year.
• Gen Z and Millennials are the most pessimistic about their ability to stay safe online, with many having reduced their online activities due to these concerns.

The results suggest a rising discontent with the downsides of the digital environment in which individuals work. The complexities and friction of navigating cybersecurity to minimise risks could be causing disengagement with security practices, which could be a threat to employer data security measures.

SEE: APAC employees are choosing convenience, speed over cybersecurity

Individuals are outsourcing responsibility for cybersecurity

Individuals increasingly expect others to be responsible for the security of their information, including the tech industry and tech platforms. In Australia, 90% of participants across all age groups believe that apps and platforms should be responsible for protecting their personal information. In addition:

• IT and security departments are viewed as most responsible for safeguarding information in the workplace, though more employees now attribute more responsibility to the tech industry.
• The percentage of individuals who view themselves as primarily responsible for security dropped by 7% from 2023, bringing the total to 59%. Personal responsibility in the workplace came in at just 36%.
• The Australian Cyber Collaboration Centre found “widespread complacency,” with 43% assuming their devices were automatically secure. That percentage was higher for younger generations.

Premium: How to create a cybersecurity awareness program

“Complacency and frustration are dangerous combinations in the fight against cybercrime in Australia,” Matthew Salier, chief executive officer at the Australian Cyber Collaboration Centre, said in a statement. “Vulnerability to cyber-attacks is of particular concern across younger generations because they’re not taking adequate precautions, relying too heavily on others or assuming their devices are secure.”

Key cybersecurity behaviours still have room for improvement

The report found individuals still trip up on cybersecurity hygiene, which could impact employers:

Password usage: The use of personal information for passwords, such as family members or pet names, rose across all generations, with Gen Z the group most likely to use these passwords (52%). Organisations should take note that the most preferred method for managing passwords among those with more than one online account is to write them down in a physical notebook (29%), while just 12% use a password manager.

Multi-factor authentication: A huge 81% of respondents have heard of MFA, up 11% on last year, which should help cybersecurity pros implementing the technology. However, adoption is inconsistent. The report found MMA adoption could be frustrating for the user experience, with many younger users who have tried to implement MFA in the past on their devices having since abandoned it.

Phishing detection: The survey participants were on the whole ready to recognise phishing emails or malicious links, with 67% across geographies saying they felt confident they could do so. However, 10% of respondents said they were not confident; analysis in the report suggested this was because of the increasing sophistication of phishing attempts, including criminals using AI.

AI tools should be a concern for cyber and data professionals

Artificial intelligence tools are creating new cybersecurity and data security issues in the workplace:

• In Australia, more than half of employed participants (52%) have not yet received any training on safe AI use, despite concerns such as data leakage and over-reliance on responses.
• A shocking 38% of global respondents across all jurisdictions surveyed admitted to sharing sensitive work information with AI without their employer’s knowledge.
• The prevalence of employees sharing data with AI was higher among younger generations, with 46% of Gen Z and 43% of Millennials sharing data with AI, compared with 26% of Gen Xers.

Organisations not trusted to implement AI responsibly

There is evidence individuals may have low trust in the ability of organisations and IT to implement AI:

• Trust in companies responsibly implementing AI was lowest in Australia, where just 35% believed that companies were up to the challenge of implementing AI ethically.
• Millennials in Australia are worried AI will make detecting scams even more challenging.

Academy: Skill up with our very own 2024 cybersecurity mastermind training bundle

There are some global concerns that AI will impact jobs. Almost half of Gen Z (48%) and Millennials (49%) felt it was likely AI will cause changes to their employment status, though the Baby Boomers and Silent Generation were less concerned about the impact of AI on their work (13% and 11%, respectively).

Cybersecurity training provides silver lining for IT professionals

Despite the report revealing some concerning cybersecurity behaviours, IT and cybersecurity professionals have been given an indication the cybersecurity training programs they have rolled out appear to be increasing cybersecurity awareness among individuals who are their employees:

• The majority (83%) of those surveyed who accessed training at their workplace or place of education found it useful.
• The biggest impacts reported were on recognising and reporting phishing messages (52%) and using MFA (45%).
• Overall, the report found there were increases in the perceived impact of training on all security behaviors compared with 2023.

“As the threat landscape evolves with the introduction of AI,” Salier concluded, “we must equip individuals and organisations in Australia with the tools they need to navigate this complex environment.”