Global Study Shows Millennials and GDPR Are Driving the Need for a New IT Security Framework

55 percent of respondents believe Millennial employees may pose the biggest security risk says IT survey from Citrix and The Ponemon Institute

SANTA CLARA, Calif.--()--According to a recent survey by the Ponemon Institute and Citrix, there are two major IT security risks that enterprises need to prepare for – Millennials and the impending General Data Protection Regulations (GDPR). The global study of more than 4,000 IT, security, and business professionals found that Millennials bring a growing number of mobile apps, devices and new methods of information sharing and collaboration that pose new security risks for businesses. The study also found that most enterprises are skeptical of their ability to meet the stringent security and compliance requirements of the proposed GDPR.

Generational differences increase security risk

The modern workforce is composed of three different generations and each has different views on information sharing, collaboration, technology, and the role security plays in each. The global study shows that each generation is also susceptible to different kinds of security vulnerabilities:

  • 55% of security and business respondents said that Millennials, born 1981-1997, pose the greatest risk to circumventing IT security policies and use of unapproved apps in the workplace.
  • 33% said Baby Boomers, born 1946-1964, are most susceptible to phishing and social engineering scams.
  • 32% said Gen Xers, born 1965-1980, were most likely to circumvent security policies and use unapproved apps and devices in the workplace.

Regulations are forcing more security requirements

With the GDPR set to go into effect May 2018, the European Union (EU) has taken a step toward protecting business information and employee data as workers traverse digital and physical borders around the world. GDPR will impact businesses worldwide, including any organizations inside and outside the EU that share data or sell products or services in the region. As businesses prepare, a few hurdles need to be overcome. The study from Citrix and the Ponemon Institute found that 67% of global business respondents are aware of GDPR, but only about half have started to prepare for these new regulations. The most significant barriers are:

  • Companies who do business in Europe need to adapt: 74% of respondents say GDPR will have a significant and negative impact on business operations. 65% are worried about the new penalties of up to 100 million euros or 2 to 4% of annual worldwide revenue.
  • Technologies need to protect all information, everywhere: 52% of respondents do not feel that their security infrastructure facilitates compliance and regulatory enforcement with a centralized approach to controlling, monitoring and reporting of data.
  • Thinking globally: 53% are concerned with the increased global effects GDPR will bring, impacting more businesses, including many outside the EU.

Breaking down the barriers

Citrix CSO Stan Black and CMO Tim Minahan offer advice on how organizations can implement the right infrastructure for their business:

Stan Black, Citrix CSO

“Everyone is susceptible to a security breach. Organizations can’t afford to take their time when implementing smart security strategies. Security is a global concern and whether you’re a large government organization or a small business, the time to act is now. While these more strict regulations are being put into place, take a strategic approach, look at the big picture, educate your workforce to create a security-aware culture, and find comprehensive solutions that adhere to the unique needs of your business. The security architecture of the future is one that is predictive, adaptive, and embraces the benefits of emerging technologies to solve security business challenges.”

Tim Minahan, Citrix CMO

“As digital transformation has evolved the workplace to be everywhere, access is no longer limited to enterprise networks. And while the modern workforce is more flexible and productive, traditional security approaches also need to evolve. Data crosses digital borders every minute and security architectures need to take into account this blending of personal and professional lives. A smart security architecture also takes into account the needs of the workforce, including generational differences, to eliminate security threats that should be easy to control so businesses can focus on their business and customers.”

Survey Methodology

The report conducted by the Ponemon Institute and sponsored by Citrix, The Need for a New IT Security Architecture: Global Study looked at global trends in IT security risks and reasons why security practices and policies need to evolve in order to handle threats from disruptive technologies, cybercrime and compliance mandates. The research features insights from more than 4,200 IT and IT security practitioners in Australia/New Zealand, Brazil, Canada, China, Germany, France, India, Japan, Korea, Mexico, Netherlands, United Arab Emirates, United Kingdom and the United States.

Related Links

Follow Citrix

About Citrix

Citrix (NASDAQ:CTXS) aims to power a world where people, organizations and things are securely connected and accessible to make the extraordinary possible. Its technology makes the world’s apps and data secure and easy to access, empowering people to work anywhere and at any time. Citrix provides a complete and integrated portfolio of Workspace-as-a-Service, application delivery, virtualization, mobility, network delivery and file sharing solutions that enables IT to ensure critical systems are securely available to users via the cloud or on-premises and across any device or platform. With annual revenue in 2016 of $3.42 billion, Citrix solutions are in use by more than 400,000 organizations and 100 million users globally. Learn more at

For Citrix Investors

This release contains forward-looking statements which are made pursuant to the safe harbor provisions of Section 27A of the Securities Act of 1933 and of Section 21E of the Securities Exchange Act of 1934. The forward-looking statements in this release do not constitute guarantees of future performance. Those statements involve a number of factors that could cause actual results to differ materially, including risks associated with the impact of the global economy and uncertainty in the IT spending environment, revenue growth and recognition of revenue, products and services, their development and distribution, product demand and pipeline, economic and competitive factors, the Company's key strategic relationships, acquisition and related integration risks as well as other risks detailed in the Company's filings with the Securities and Exchange Commission. Citrix assumes no obligation to update any forward-looking information contained in this press release or with respect to the announcements described herein. The development, release and timing of any features or functionality described for our products remains at our sole discretion and is subject to change without notice or consultation. The information provided is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making purchasing decisions or incorporated into any contract.

© 2017 Citrix Systems, Inc. All rights reserved. Citrix is a trademark of Citrix Systems, Inc. and/or one or more of its subsidiaries, and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are property of their respective owners.


Citrix Systems, Inc.
Jamie Lasecke, +1-408-790-8775
Twitter: @CitrixPR


Citrix Systems, Inc.
Jamie Lasecke, +1-408-790-8775
Twitter: @CitrixPR