At this year's ALERT cybersecurity conference, hosted by ASEE and powered by our incredible partners, I had the opportunity to present “Gen Z and Cybersecurity – Digitally Native or Digitally Naive?”. We explored the unique challenges this generation faces, discussed key statistics, and highlighted how tailored education can make a real difference.
When it comes to cybersecurity, the question of preparedness is often raised regarding generations that have learned to adapt their lives and live with technology at a later age. This causes one key issue: what about the generation that grew up surrounded by it?
Generation Z, born between 1997 and 2012, is thought to be the first generation to have grown up fully surrounded by technology from a young age. They are typically associated with a very short attention span (~8 seconds) and a strong sense of independence and freedom. With the rise of social media, they are always in contact, always connected with their smartphones, which serves as an extension of their mind and bodies. They are also very big on convenience and ease of use, putting it before everything else, which also causes them to naturally become AI enthusiasts. When combined with all of these factors, a general distrust towards authority arises, and a big problem arises: Generation Z seems to have a very weak grasp on cybersecurity.
61% of Gen Z-ers believe that cybersecurity incidents cannot happen to them out of all people, but reports show otherwise. When compared to previous generations – Millenials (born from 1981 to 1996) and Gen X-ers (1965-1980), they seem to have the highest rate of victimization with the lowest tendency to report security incidents (mostly due to the fact that they aren't trusting of authority) and are unlikely to want to educate themselves on the topic of cybersecurity.
On the other hand, Millennials are both eager incident reporters and lovers of education. Generation X seems like a balance between the two: even though they greatly respect authority, they are less motivated for education and more sensitive to identity theft.
Even the so-called „Internet generation“ feels the consequences of neglecting cybersecurity practices. 34% of Gen Z-ers claim to have lost financial resources due to various scams, while almost half of them (47%) claim they have been victims of password theft on their social media accounts. A further 40% have been taken advantage of via AI-assisted phishing scams.
But how did this happen in the first place? As it turns out, Gen Z-ers keep repeating very basic security mistakes. A staggering 79% of them recycle old, simple passwords across multiple channels and online services. 63% of them share their personal information on social media, and 55% of Gen Z-ers share that same information with various AI chatbots. Not only do they share their personal information with AI chatbots, but business data as well: 59% of them rely on AI when making decisions in the workplace. Another workplace-related mistake is disregarding mandatory IT updates on their work devices, which 58% of Gen Z-ers admitted to doing.
Gen Z-ers are big lovers of working remotely, which brings in a set of possible security compromises, as they often work from unsecured networks and rely on their personal (often unprotected) smartphones to access company data and solve various work-related tasks. As they are big lovers of convenience, with little regard for their own online safety, they rarely, if at all, enhance the security of their devices. Rarely do they implement security practices like MFA on their personal and business accounts.
This, coupled with the reusing of weak passwords, leads to a very large gap in their security. Their business information is also not spared from being shared on their increasingly public social media. Combine this with their short attention span, preference for multitasking, and constant need for entertainment, issues like social engineering are bound to arise.
Lastly, Gen Z's independence and self-assuredness make them less likely to report incidents. They are far more likely to handle them themselves or sweep them under the rug. Given all of this information, it's not surprising that 55% of Gen Z-ers consider traditional workplace security policies too complicated or inconvenient for daily use.
Even though Gen Z-ers don't appreciate traditional methods of education, they enjoy alternative ways of staying informed. 72% of Gen Z-ers claim that combining education with games and interactive, competitive quizzes makes education more immersive and fun. Another good tool is using channels that they already know and use, such as memes and pop culture (60% claimed they would prefer this). Additionally, using short video formats akin to TikTok or Instagram Reels (backed by 57% of Gen Z-ers). Lastly, over half of Gen Z-ers (52%) think that storytelling and having someone speak from their own experiences make education more relatable and significant, which leaves a bigger impact on them.
In short, Gen Z-ers, the so-called „Internet generation, “ are always online and never careful enough, with the highest victimization rate of all generations. They are also repeat offenders of basic security mistakes, which also translates into the workplace. Still, it's become more important now to provide them with the proper education and tools to secure themselves and their workplace.
Generation Alpha, born in 2013 and later, will inevitably enter the workplace in a few short years. What happens then, and who will teach them to have cybersecurity in mind, if not Gen Z? This especially becomes important with the advent of AI and various new ways to harm companies and their clients. The best time to have started educating Gen Z on the topic of cybersecurity was ten or fifteen years ago. The second-best time is right now.
To find out more about our security solutions, contact us or visit our blog section.
