By Anna Collard, SVP Content Strategy&Evangelist at KnowBe4 Africa (www.KnowBe4.com)
With growing cybersecurity concerns top of mind for many organisations this year, recognising the varying approaches that different generations have to digital safety is an important component of effective security cultures. Even though younger generations grew up in a hyperconnected world, their overconfidence and lax approach to cybersecurity precautions are potentially putting organisations at great risk.
According to a 2022-survey by Ernst&Young (EY) (https://apo-opa.co/3Q4Wnbx), almost half of Gen Z respondents (48%) say they take cybersecurity protection on their personal devices more seriously than on their work devices. The same survey found that Gen Z workers are far more likely than older employees to use the same password for professional and personal accounts and to ignore important IT updates.
Even though Gen Z (born between 1997 and 2012) and Gen Alpha (born after 2013) (https://apo-opa.co/3XbQeOX) have grown up on a steady diet of tablets, smartphones, and social media, their vast exposure to the digital world – and the confidence it’s brought about – makes them increasingly susceptible to cyber threats, particularly in the face of AI-powered attacks.
This vulnerability is evident from the fact that 72% admit to clicking on suspicious links at work (https://apo-opa.co/3CEoWtc), a figure that is far higher than that among older generations.
Gen Z’s elevated risk profile
Unlike millennials and older generations, Gen Z and Gen Alpha have grown up in a fully connected world. Their awareness of technology is instinctive rather than learned – but this has both negative and positive side effects.
On the plus side, they may instinctively understand certain risks, but paradoxically are therefore less concerned about them, such as when it comes to sharing personal information. These younger adults exhibit a classic case of the Dunning-Kruger effect (https://apo-opa.co/3Ej2XIL): they overestimate their cybersecurity knowledge, while lacking the overall competence needed to recognise that they are, in fact, not proficient. This may make them resistant to training from older generations, whom they feel know less about technology than they do.
Because they’re more comfortable sending messages via social media, Gen Z and Gen Alpha are, for instance, more vulnerable to phishing emails. The EY survey found that despite being digital natives, only 31% of Gen Z-respondents actually feel confident in identifying phishing emails (https://apo-opa.co/3CEoWtc). In addition, their love of media-multitasking makes them more distracted and therefore more susceptible to social engineering threats.
Another risk is that younger employees tend to mix personal and work devices, increasing organisations’ exposure to security vulnerabilities. Moreover, digital-first employees may resist traditional security systems at work, viewing them as inefficient or unnecessary.
The key differences relating to cybersecurity to be aware of among various generations in the workplace are:
-
Millennials:
- More cautious, as they witnessed the rise of the internet and early cybercrime.
- Tend to follow traditional cybersecurity protocols, like password rotation and antivirus usage.
-
Gen Z/Alpha:
- Exhibit more trust in tech solutions like password managers, but are less vigilant with manual precautions.
- More reliant on AI-based protections and quick fixes, leading to assumptions that systems are inherently secure.
Building an intergenerational cybersecurity culture
Knowing younger generations’ different approaches to learning and technology can make it easier for cybersecurity training programmes to really work.
Forget old-school compliance training: standardised cybersecurity training might not connect well with Gen Z employees.
If you want to grab their attention, use gamified learning platforms to make training interactive and fun. Not only will they be more engaged, but you’ll be aligning the training with their tech-savvy nature and familiarity with social media, making it more impactful.
Gen Z and Alpha thrive on bite-sized content, being far more likely to consult TikTok to learn something new than consult their parents (https://apo-opa.co/3Er4exw). Organisations can take advantage of this by creating short, engaging, and mobile-friendly lessons that resonate with younger generations.
Another way to make cybersecurity risks hit home is by incorporating real-life examples into training sessions. Because younger employees may not fully understand the consequences of cyber risks, case studies are useful in pointing out the impact that cyberattacks can have on individuals and organisations, such as losing your job or costing the organisation millions of rands in damage.
Bridging this awareness gap can also be done by encouraging intergenerational collaboration at work. Younger employees can learn from the experience and insights of older workers while also providing great insights and wisdom by sharing their perspectives too. Mentorship and knowledge exchange programmes where experienced employees can guide but also listen and try to learn from the Gen Z workers will solidify your organisation’s cybersecurity culture. This bridge can also be crossed by encouraging collaborative learning. Younger employees are far more likely to embrace cybersecurity initiatives when they feel involved and their input is actively welcomed.
By tailoring cybersecurity training to the unique characteristics and preferences of each generation, organisations can create more effective and engaging programmes. In this way, workplaces can cultivate a culture of shared responsibility and ongoing improvement by empowering Gen Z with a sense of ownership and autonomy.
Distributed by APO Group on behalf of KnowBe4.