Gen Z has a cyber hygiene problem
A new survey shows Gen Z is far less concerned about cybersecurity than older generations
Despite their reputation as digital natives, Gen Z is pretty poor when it comes to cybersecurity practices.
Analysis from consumer insights platform GWI found that while many in this demographic have grown up online, only three-in-ten have made a habit of regularly changing their passwords compared to 42% of Baby Boomers.
They’re also the generation least likely to keep software and devices up to date, with only 43% bothering. Gen Z was found lacking in other basic cyber hygiene practices, the study noted.
Just 36% reported using any antivirus software, for example, but more than half (58%) at least use two-factor authentication (2FA).
Gen Zers also take more risks. Only 35% avoid using insecure public wifi, in contrast to 48% of Boomers. They’re also less likely to check their accounts for suspicious activity, with only 40% doing so, compared with 54% of Boomers.
When asked how concerned they are about the threats of cyber attacks, only 44% of Gen Zers said they were ‘very’ or ‘extremely’ concerned, compared with 49% of Boomers.
Gen Z is too trusting
In general, they're a pretty trusting lot - especially with technologies like AI.
They're more likely than Boomers to feel extremely or very comfortable with AI agents taking action on their behalf, at 18%, compared with just 4% of Boomers.
By contrast, only 8% of Gen Z say they’re not at all comfortable with AI agents, compared with 12% of Boomers.
Notably, many said they often rely on AI for important decision-making, with 24% using it for health-related information and 22% for financial advice.
At work, 24% said they are comfortable with AI completing tasks for them, more than twice as many Boomers.
Gen Z is keen on training
One positive takeaway from the study is that a significant majority are keen to improve their cybersecurity skills. For example, 91% said that training staff on data security should be a key workplace priority.
The researchers suggested that the reason for the disconnect is Gen Z’s overreliance on smartphones, where features like face ID, auto-login, and password managers are the norm.
“Gen Z has grown up in a world where convenience is the default. With devices auto-filling passwords, logging them in with a glance, and silently syncing their data, there’s little reason, or opportunity, for them to build good security habits," said Matt Smith, data journalist at.
"But that reliance on automation creates a false sense of safety. When something goes wrong, many Gen Zers don’t know how to react—because they’ve never had to think about it.”
The report aligns with similar research into Gen Z security habits from Bitwarden earlier this year. The company found this generation was the worst when it comes to password reuse, with 72% admitting they recycle credentials, compared with just 42% of Boomers.
Worse still, even when they do create a new one, 38% of Gen Z and 31% of Millennials said they only bothered to change a single character or reuse an existing one.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Has password hygiene ever improved?
- Most passwords take a matter of minutes to crack
- How to create a secure password policy
-
The UK AI revolution: navigating the future of the intelligent enterpriseAs AI reshapes industries and societies, decision-makers in the UK face a critical choice: build a sovereign future or merely import it.
-
Turning the UK AI revolution into a sovereign realityThe UK AI Revolution documentary series posed difficult questions about AI’s hype, control, and future. Now, IT leaders must find the architectural answers
-
There’s a dangerous new ransomware variant on the block – and cyber experts warn it’s flying under the radarNews The new DeadLock ransomware family is taking off in the wild, researchers warn
-
Supply chain and AI security in the spotlight for cyber leaders in 2026News Organizations are sharpening their focus on supply chain security and shoring up AI systems
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
NHS supplier DXS International confirms cyber attack – here’s what we know so farNews The NHS supplier says front-line clinical services are unaffected
-
LastPass hit with ICO fine after 2022 data breach exposed 1.6 million users – here’s how the incident unfoldedNews The impact of the LastPass breach was felt by customers as late as December 2024
-
Researchers claim Salt Typhoon masterminds learned their trade at Cisco Network AcademyNews The Salt Typhoon hacker group has targeted telecoms operators and US National Guard networks in recent years
-
Trend Micro issues warning over rise of 'vibe crime' as cyber criminals turn to agentic AI to automate attacksNews Trend Micro is warning of a boom in 'vibe crime' - the use of agentic AI to support fully-automated cyber criminal operations and accelerate attacks.
-
Cyber budget cuts are slowing down, but that doesn't mean there's light on the horizon for security teamsNews A new ISC2 survey indicates that both layoffs and budget cuts are on the decline
