Survey: 39% of US employees not confident they know how to use AI responsibly

10 / 05 / 2024

• Knowledge Bank
• news

A recent survey unveiled that 39% of US employees are not confident that they know how to use AI responsibly, while 85% of workers believe AI has made cybersecurity attacks more sophisticated, and 78% are concerned about the use of AI in cyber attacks.

The 2024 Human Risk in Cybersecurity Survey is a study of 1,000 employed Americans across public and private sectors that follows the initial 2022 analysis by EY US and explores the current state of cybersecurity and changes over time, revealing key insights for business leaders on cybersecurity awareness and practices. This year, EY US expanded the study to analyze employee perception of the role of artificial intelligence (AI) in escalating threats.

Similar to the 2022 findings, the latest EY US cybersecurity study highlights a persistent gap in preparedness across generations, with younger workers continuing to fall short of exercising safe cybersecurity practices more so than older generations. In fact, Gen Z is losing confidence in their ability to recognize phishing attempts — one of the most common and successful tactics of social engineering attacks — and is most likely to admit to opening a suspicious link. And now, with the power of AI-generated phishing emails, spotting malicious links and content is getting even harder. Although they are a digital-first generation, only 31% of Gen Z feel very confident identifying phishing attempts, marking an alarming nine percentage point drop from 40% in 2022, and 72% said they have opened an unfamiliar link that seemed suspicious at work, far higher than Millennials (51%), Gen X (36%) and Baby Boomers (26%).

Nearly two-in-three Gen Z and Millennial workers are particularly fearful about repercussions surrounding cybersecurity, including 64% of Gen Z and 58% of Millennials who fear they would lose their job if they ever left their organization vulnerable to an attack. Younger generations are also more likely to not fully understand what their organization’s process is to report suspected cyber attacks, even though their organization has a process in place (39% Gen Z and 29% Millennials vs. 19% Gen X and 15% Baby Boomers).

However, it’s not all doom and gloom. Despite concerns around their abilities to prevent an attack, EY research indicates that Gen Z workers increasingly consider themselves knowledgeable about cybersecurity (86% vs. 75% in 2022), pointing to opportunities to better equip younger workers to turn this knowledge into confidence by investing in upskilling and training that caters to their unique experience as true digital natives.

The rapidly evolving nature of AI has made it essential for organizations to adapt training protocols regularly and remain committed to providing frequent, up-to-date training that addresses the latest AI-driven threats and cybercrime trends.

A vast majority of employees (91%) say organizations should regularly update their training to keep pace with AI, especially as AI’s role evolves in cyber threats; but only 62% say their employer has made educating employees about responsible AI usage a priority.

“Cybersecurity training and attention from leaders across the C-suite contributes to the development of a strong security posture within an organization,” said Dan Mellen, EY Americas Consulting Cybersecurity Chief Technology Officer. “When security practices are ingrained in the company culture, employees are more likely to prioritize security in their day-to-day activities and proactively report potential security incidents.”