Generation Y Won’t Listen To IT

The latest generation of desk-jockey’s admitted in a recent CISCO study that they frequently ignore and/or circumvent the information technology (IT) policies of their employers, heightening corporate risk.

The latest generation of desk-jockey’s admitted in a recent CISCO study that they frequently ignore and/or circumvent the information technology (IT) policies of their employers, heightening corporate risk.

The CISCO Connected World Technology Report surveyed some 2,800 college students and young professionals in 14 of the world’s fastest growing economies. The report found that two thirds of young employees worldwide admitted to breaking a number of IT policies with regularity, with many saying they didn’t believe they were doing anything wrong.

The report found that breaking IT rules was often necessary to do their work. A fifth of participants claimed that they need access to restricted programs and applications in order to get their job done. Firms that did a poor or inconsisent job enforcing IT rules also were a common complaint. Slightly less than a fifth of respondents surveyed said that policies aren’t being enforced. Still other younger workers seemed comfortable sidestepping IT rules just because they could. Respondents said that they didn’t even think about the policies at work, that adhering to the rules was inconvenient, that they forget to follow policies, or that their bosses aren’t watching.

Unfortunately for employers, younger workers’ cavalier attitude towards following the rules isn’t offset by a deep sense of personal responsibility. Three of every five employees said they aren’t responsible for protecting information and devices, and respondents seemed unconcerned about the security implications of letting others use their devices without supervision, or even leaving their devices unattended, the survey found.

Numerous studies have found that individual behavior plays an important role in ensuring enterprise security, and that social engineering attacks are a common element in many sophisticated hacks.

“The next-generation workforce is looking for more open access to information and social media,” said CISCO’s chief security officer, John N. Stewart. “The findings outlined in the Cisco Connected World Technology Report provide valuable insights into how we must adapt IT and security policies to enable mobility and productivity while still managing risk. Done well, security enables mobility and social media access to provide the necessary productivity boost.”

Suggested articles


  • Anonymous on

    Create a strict policy and fire a couple of offenders and this will stop. Generation Y is a bunch of spoiled brats that have been told "yes you can" ever since the whole "stop spanking your children meme hit the world". They need to be disciplined, not pleased, if you want to protect your company's intellectual property.

  • Anonymous on

    It's such a pain to use IE6 though, even if it is the company's official browser (FROM WHAT DECADE?!). This is before tabbed browsing, social media, and the year 2011, although I'm sure most corporate IT policies are a bit more current.

  • Michael on

    As a network administrator of (25 years) it gets to be frustrating having to deal with the new threats, malware, spoof AV software.  Typically when I clean it up on a machine I find that that user is the one that downloads screen savers, personal pictures, and does not care that they are using a work computer to do it.  Of course when it takes IT 4 hours to rebuild the machine, they are happily sitting at home sending out more information on facebook, twitter, or their favorite blog site. 

    - the old guard

  • Randy Grein on

    Solid response from those that are part of the problem:

    Anonymous, a clear reference to Dr. Spock - and wrong. He noted that hitting children rarely elicited the desired response and that it might not be necessary, at least in many cases. In any case, this view is remote pop psycoanalysis, completely worthless and beside the point anyway.

    Michael, while your point is valid regarding existing threats, why are you allowing users to install software - and why does it take 4 hours to rebuild a machine? Proper policies coupled with procedures would prevent installation of inappropriate software and punish those who fail to abide by policy. And of course it shouldn't take more than 20 minutes to reimage a machine. If you're not using imaging (or virtualization) your organization is woefully behind and wasting money.

    IT is a service disipline, and from the responses above it seems we could do a better job of customer service. The end user is not the ONLY customer and we sometimes have to say no - but there are better ways to do it than with venom and punishment. Do you have policies in place that are understandable and enforced? Do you try to provide reasonable support for new technologies, or do you drag your feet because 'it's just social media, it's not business'? What kind of education do you provide to explain WHY security is shaped the way it is and how computers work?

    While this disrgard for workplace rules exists it is hardly a unique property of gen y. It does, however provide a useful lever to educate users as to the realities of networking and IT if framed correctly. The proper frame is, of course from their perspective, that security prevents errors that cost them dearly.


  • Anonymous on


    Speaking as a generation Y in IT, at a company that poorly enforces/doesn't have security policies, I understand both the problem and the frustration on both sides.


    More often than not, new employees (generation y) are being asked to do a job that requires them to use a certain amount of their own equipment (laptops, phones, tablets,) and they have the attitude that it’s their equipment, they can do what they want with it, and to a certain amount their right. I think there was an article here a little ways back talking about the blurring of the work/personal line. Where do you draw that line? Even if the equipment is owned by the company, most of us have to look to management to enforce policy, and usually they don’t really understand the risk, and resist efforts to be educated. I’ve also found that older employees in management are worse offenders at downloading that people in my own generation.


    On the IT side of things, yes, most people my age are brats. They have a tendency to look at any one who is not “THE boss” as ignorable. Yes, IT needs to be looked at as a service profession, but you are serving the company, not the individual. Most do not respond to a professional attitude and you a reduced to turning into a nagging mother figure. Sadly, this seems to get the most results.


    As a side note, Randy, yes, not having imaging or the ability to block users from loading their own problems is horribly behind the time, it’s also very common. Especially at smaller companies where the management is ignorant of the issues, you don’t have the funds or the time to get all the software and hardware that you need to run a full set up. Yes it costs more money in the long run to not have them, but try telling accounting that while you’re begging for the annual budget, which barely covers the changes in the equipment and software they ask for, much less anything else. And god forbid anything breaks or becomes infected, and you have to spend the time and money to fix it.


Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.