Young people are overconfident, unaware and uninterested in pursuing cybersecurity careers, largely because they don't know what it means to be a cybersecurity professional.
Today's young people are dubbed "tech-savvy" because they grew up with smartphones. Maybe the label doesn't fit.
A survey of nearly 4,000 young adults worldwide, commissioned by Raytheon and the National Cyber Security Alliance (NCSA), revealed a mix of misplaced confidence and startling ignorance among the 18- to 26 year-old respondents when it comes to their online security.
The survey, conducted by Zogby Analytics, polled young adults in a dozen countries. Results were similar across most regions, while the Middle East bucked some trends. In general, women were less savvy than men.
One big result: 65 percent of respondents said they believe they can stay safe online. But that confidence is coupled with apparent apathy and ignorance.
Fifty-eight percent of respondents said they were not taught how to stay safe online (or they weren't sure if they'd been taught Internet security) in school. Sixty-seven percent of respondents said they hadn't heard about any cyberattacks in the past year. The survey was conducted from July 29 to Aug. 10, in the wake of the Office of Personnel Management breach, the Target breach and many other high-profile cyber incidents.
It wasn't all bravado. Plenty of respondents said they weren't interested in pursuing a cybersecurity career because they didn't think they had the right skills. American women were three times as likely as men to say they weren't interested in cybersecurity work.
Much of that lack of interest might have to do with role models and education: 55 percent of U.S. men and 69 percent of U.S. women respondents said they'd never had a teacher or counselor mention cybersecurity as a career option.
"We need to change the language," NCSA Executive Director Michael Kaiser said, pointing out that respondents were more likely to respond positively when they were asked if they'd like to "help protect the Internet" than if they were asked if they'd like to work in cybersecurity.
Respondents also indicated that they weren't sure about career paths in cybersecurity, a response Ben Scribner, program director for national cybersecurity professionalization and workforce development at the Department of Homeland Security, chalked up to the fact that the current generation is on the bleeding edge of establishing the cybersecurity profession.
The developing National Cybersecurity Workforce Framework might be one tangible step toward defining the profession.
But Kaiser, Scribner and Business-Higher Education Forum CEO Brian Fitzgerald also pointed to the need to simply get the word out.
Not all cybersecurity professionals must be graduates of four-year colleges with science or engineering degrees, Fitzgerald said. Instead, the cybersecurity field will need people with diverse skill sets, and government and industry alike should be sending that message.
The rest of the world
The U.S. isn't exactly leading on cybersecurity education.
In the survey, respondents from the Middle East were much more likely to say they'd had cybersecurity education, had spoken with a practicing professional and had a teacher or counselor recommend the profession to them. The three countries that made up the survey's Middle East component were Saudi Arabia, the United Arab Emirates and Qatar, which are smaller and more tech-enabled than many other Middle Eastern nations.
Kaiser praised European countries, particularly Estonia, for building web-fluent societies that the U.S. could emulate.
Noticeably absent from the survey were Latin America and Africa, along with American cyber rivals Russia and China.
As the U.S. works to bolster cybersecurity awareness and education, Kaiser said the survey results demonstrate that the cyber challenge is a global issue.
"Our economies are interlocked," he said. "We need them to be secure in order to do business with them."
NEXT STORY: DHS banks on data repository for cyber insurance