Phone call scams targeting grandma are almost a cliché in security circles. But what about the college student who clicks on a smishing text? Stats collected by the National Cybersecurity Alliance (NCA) and CybSafe say 64% of Gen Z is online almost nonstop, falling prey to more instances of cybercrime, including identity theft, romance scams, and cyberbullying than older generations. 34% of the younger generation have provided sensitive information through a phishing scam.
Is Gen Z the most insecure generation?
Security’s intersection with culture is important to note, but I’d also avoid painting with too broad a brush here. The results of recent studies like the NCA’s point to some underlying differences in behavior, but as we all know, people have many reasons for the ways that they behave. At the same time, several factors may contribute to these results:
1: Gen Z has many tools and identities at their fingertips.
The sheer number of different apps, tools, services, and accounts that younger people rely on to live their daily lives is remarkable. Decision fatigue could contribute to poor cyber hygiene. I would wager that adoption of password managers and other security solutions has not kept pace with the ever-expanding universe of apps requiring individual identities. Why should teenagers create multi-character and symbol passwords for TikTok and Instagram when it’s easier to memorize something simple and familiar and use it more than once? Convenience often comes at the expense of security.
2: Gen Z grew up trading personal data for experience or ease of use.
Nearly every online service provider uses “freemium offerings” to up subscription. Users gain access to a tool, app, or experience. In exchange, they provide companies troves of personal data. It’s so normal to give up your email address and phone number, most Gen Z are desensitized to the cyber risks of those transactions. It seems impossible to expect users (Gen Z or otherwise) to stay on top of the myriad privacy policies and data use agreements we are constantly presented with. Afterall, privacy policies are only a check box to click before signing up for something free or entertaining. Organizations and governments are taking steps to regulate some of these issues, but we have a long way to go.
3: Gen Z are digital natives.
Technology and apps developed alongside Gen Z as they’ve moved from childhood to young adulthood. Apps gathering digital data points, behavior trends, and providing convenience and entertainment hasn’t been something to question because it’s normal like water is wet. Gen Z’s level of technology saturation reminds me of the 2005 David Foster Wallace speech including this parable:
There are these two young fish swimming along, and they happen to meet an older fish swimming the other way, who nods at them and says, “Morning, boys. How’s the water?” And the two young fish swim on for a bit, and then eventually one of them looks over at the other and goes, “What the [expletive] is water?”
Gen Z is the first digital native generation. The “water” is the connected world they grew up in.
So how should we respond?
39% of Gen Z survey participants reported they found cybersecurity confusing. Cut through the noise and provide real examples of the risks associated with cyber incidents. Given how much of our lives are online, the lines between personal and work continue to blur. Cyber criminals capitalize on that confusion.
For businesses, cybersecurity awareness and training should be relevant, interactive, and continuous. 51% of Gen Z reported they had access to cyber training, but companies can’t expect semi-annual e-learning modules to be effective strategies for impacting user behavior year after year.
Advocate for cyber awareness
That’s why we’re passionate about people over process over technology change. Ascent’s Advisory team partners with our consultants. We provide support for your people so cybersecurity awareness isn’t a set-it-and-forget-it measure. If you’re interested in partnering with our experts, reach out to firstname.lastname@example.org for more information.