ANNA COLLARD: How tech-savvy youngsters are letting in the cyber threats

According to a 2022 EY survey, almost half of Gen Z respondents (48%) say they take cybersecurity protection on their personal devices more seriously than on their work devices.

The same survey found that Gen Z workers are far more likely than older employees to use the same password for professional and personal accounts and to ignore important IT updates.

Even though Gen Z (born between 1997 and 2012) and Gen Alpha (born after 2013) have grown up on a steady diet of tablets, smartphones and social media, their exposure to the digital world — and the confidence it’s brought about — makes them increasingly susceptible to cyber threats, particularly in the face of AI-powered attacks.

This vulnerability is evident from the fact that 72% admit to clicking on suspicious links at work, a figure that is far higher than among older generations.

Elevated risk profile

Unlike millennials and older generations, Gen Z and Gen Alpha have grown up in a fully connected world. Their awareness of technology is instinctive rather than learnt — but this has both negative and positive side-effects.

On the plus side, they may instinctively understand certain risks, but paradoxically are therefore less concerned about them, such as when it comes to sharing personal information. These younger adults exhibit a classic case of the Dunning-Kruger effect: they overestimate their cybersecurity knowledge, while lacking the overall competence needed to recognise that they are not proficient. This may make them resistant to training from older generations, who they feel know less about technology than they do.

Because they’re more comfortable sending messages via social media, Gen Z and Gen Alpha are also more vulnerable to phishing emails. The EY survey found that despite being digital natives, only 31% of Gen Z respondents actually feel confident in identifying phishing emails. In addition, their love of media multitasking makes them more distracted and therefore more susceptible to social engineering threats.

Another risk is that younger employees tend to mix personal and work devices, increasing organisations’ exposure to security vulnerabilities. Moreover, digital-first employees may resist traditional security systems at work, viewing them as inefficient or unnecessary.

The key differences relating to cybersecurity to be aware of among various generations in the workplace are:

• Millennials are more cautious, as they witnessed the rise of the internet and early cybercrime, and they tend to follow traditional cybersecurity protocols, like password rotation and antivirus usage; and
• Gens Z and Alpha exhibit more trust in tech solutions like password managers, but are less vigilant with manual precautions. They are more reliant on AI-based protections and quick fixes, leading to assumptions that systems are inherently secure.

Building an intergenerational cyberculture

Knowing younger generations’ different approaches to learning and technology can make it easier for cybersecurity training programmes to really work. Forget old-school compliance training: standardised cybersecurity training might not connect well with Gen Z employees.

If you want to grab their attention, use gamified learning platforms to make training interactive and fun. Not only will they be more engaged, but you’ll be aligning the training with their tech-savvy nature and familiarity with social media, making it more impactful.

Gen Z and Alpha thrive on bite-sized content, being far more likely to consult TikTok to learn something new than to consult their parents. Organisations can take advantage of this by creating short, engaging and mobile-friendly lessons that resonate with younger generations.

Another way to make cybersecurity risks hit home is by incorporating real-life examples into training sessions. Because younger employees may not fully understand the consequences of cyber risks, case studies are useful in pointing out the impact that cyberattacks can have on individuals and organisations, such as losing your job or costing the organisation millions of rand in damage.

Bridging this awareness gap can also be done by encouraging intergenerational collaboration at work. Younger employees can learn from the experience and insights of older workers while also providing great insights and wisdom by sharing their perspectives too. Mentorship and knowledge exchange programmes where experienced employees can guide, and listen and try to learn from the Gen Z workers will solidify your organisation’s cybersecurity culture.

This bridge can also be crossed by encouraging collaborative learning. Younger employees are far more likely to embrace cybersecurity initiatives when they feel involved and their input is actively welcomed.

By tailoring cybersecurity training to the unique characteristics and preferences of each generation, organisations can create more effective and engaging programmes. In this way, workplaces can cultivate a culture of shared responsibility and improvement by empowering Gen Z with a sense of ownership and autonomy.

• Collard is senior vice-president for content strategy & evangelist at KnowBe4 Africa.