As cybersecurity threats continue to evolve in 2025, organisations must recognise the generational differences in digital safety habits to build stronger security cultures. While younger generations have grown up in a hyperconnected world, their overconfidence and relaxed approach to cybersecurity may be putting businesses at significant risk.
Gen Z’s Cybersecurity Paradox
A 2022 survey by Ernst & Young (EY) revealed that nearly half (48%) of Gen Z employees prioritise cybersecurity on personal devices over work devices. Additionally, they are more likely than older generations to reuse passwords across personal and professional accounts and ignore crucial IT updates.
Despite being digital natives, Gen Z (born between 1997 and 2012) and Gen Alpha (born after 2013) are more susceptible to cyber threats—especially AI-powered attacks. Shockingly, 72% of Gen Z employees admit to clicking on suspicious links at work, a significantly higher rate than older generations.
Why Are Younger Generations More Vulnerable?
Unlike millennials, who witnessed the rise of the internet and early cybercrime, Gen Z and Gen Alpha have never known a world without smartphones and social media. Their familiarity with technology leads to overconfidence—a classic example of the Dunning-Kruger effect, where individuals overestimate their skills while lacking deeper cybersecurity knowledge.
Key risk factors include:
- Increased Trust in Technology: They rely heavily on tech solutions like password managers but often overlook manual security precautions.
- Distraction and Multitasking: Their tendency to juggle multiple digital platforms makes them more susceptible to social engineering attacks.
- Phishing Vulnerability: Only 31% of Gen Z employees feel confident identifying phishing emails.
- Blurring of Personal and Professional Tech Use: Mixing work and personal devices increases security risks.
Bridging the Cybersecurity Awareness Gap
To create a strong cybersecurity culture, organisations must rethink their training strategies to align with how younger employees learn and engage.
- Gamification and Interactive Training: Standard compliance training may not resonate with Gen Z. Instead, gamified learning platforms can make cybersecurity education engaging and effective.
- Bite-Sized, Mobile-Friendly Content: Gen Z prefers short, visually engaging content—organisations can leverage TikTok-style videos or microlearning formats.
- Real-Life Case Studies: Demonstrating the real-world consequences of cyberattacks, such as financial losses or job terminations, can drive home the importance of cybersecurity.
- Intergenerational Collaboration: Encouraging mentorship and knowledge-sharing between older and younger employees can bridge the cybersecurity awareness gap.
By adapting cybersecurity training to fit the unique characteristics of Gen Z and Gen Alpha, organisations can create a culture of shared responsibility, ultimately reducing risks and strengthening digital security.
