Despite their reputation as digital natives, Gen Z is pretty poor when it comes to cybersecurity practices.
Analysis from consumer insights platform GWI found that while many in this demographic have grown up online, only three-in-ten have made a habit of regularly changing their passwords compared to 42% of Baby Boomers.
They’re also the generation least likely to keep software and devices up to date, with only 43% bothering. Gen Z was found lacking in other basic cyber hygiene practices, the study noted.
Just 36% reported using any antivirus software, for example, but more than half (58%) at least use two-factor authentication (2FA).
Gen Zers also take more risks. Only 35% avoid using insecure public wifi, in contrast to 48% of Boomers. They’re also less likely to check their accounts for suspicious activity, with only 40% doing so, compared with 54% of Boomers.
When asked how concerned they are about the threats of cyber attacks, only 44% of Gen Zers said they were ‘very’ or ‘extremely’ concerned, compared with 49% of Boomers.
Gen Z is too trusting
In general, they're a pretty trusting lot - especially with technologies like AI.
They're more likely than Boomers to feel extremely or very comfortable with AI agents taking action on their behalf, at 18%, compared with just 4% of Boomers.
By contrast, only 8% of Gen Z say they’re not at all comfortable with AI agents, compared with 12% of Boomers.
Notably, many said they often rely on AI for important decision-making, with 24% using it for health-related information and 22% for financial advice.
At work, 24% said they are comfortable with AI completing tasks for them, more than twice as many Boomers.
Gen Z is keen on training
One positive takeaway from the study is that a significant majority are keen to improve their cybersecurity skills. For example, 91% said that training staff on data security should be a key workplace priority.
The researchers suggested that the reason for the disconnect is Gen Z’s overreliance on smartphones, where features like face ID, auto-login, and password managers are the norm.
“Gen Z has grown up in a world where convenience is the default. With devices auto-filling passwords, logging them in with a glance, and silently syncing their data, there’s little reason, or opportunity, for them to build good security habits," said Matt Smith, data journalist at.
"But that reliance on automation creates a false sense of safety. When something goes wrong, many Gen Zers don’t know how to react—because they’ve never had to think about it.”
The report aligns with similar research into Gen Z security habits from Bitwarden earlier this year. The company found this generation was the worst when it comes to password reuse, with 72% admitting they recycle credentials, compared with just 42% of Boomers.
Worse still, even when they do create a new one, 38% of Gen Z and 31% of Millennials said they only bothered to change a single character or reuse an existing one.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Has password hygiene ever improved?
- Most passwords take a matter of minutes to crack
- How to create a secure password policy
-
Microsoft touts new Copilot features in Excel, but says you shouldn’t use them if you want accurate resultsNews Microsoft has warned against using new AI features in Excel for “tasks with legal, regulatory, or compliance implications” – so when can you use it?
-
Varonis snaps up AI email security specialist SlashNextNews The vendor will integrate SlashNext’s phishing and social engineering detection capabilities into its Data Security Platform
-
Cybersecurity experts issue urgent warning amid surge in Stealerium malware attacksNews Proofpoint said Stealerium has flown under the radar for some time now, but researchers have observed a huge spike in activity between May and August this year.
-
Hackers are using AI to dissect threat intelligence reports and ‘vibe code’ malwareNews TrendMicro has called for caution on how much detail is disclosed in security advisories
-
Security experts call for better 'offboarding' practices amid spate of insider attacks by outgoing staffNews Enterprises should act swiftly to revoke rights and access, regardless of the manner of an employee’s departure.
-
Jaguar Land Rover “did the right thing” shutting down systems to thwart cyber attackNews The attack on Jaguar Land Rover highlights the growing attractiveness of the automotive sector
-
The Salesloft Drift victim list keeps growing: Zscaler is the latest to confirm a breach, warning customers to remain wary of follow-up phishing attacksNews The company has warned customers that their data may have been accessed, saying it's implemented extra safeguards in response
-
Anthropic admits hackers have 'weaponized' its tools – and cyber experts warn it's a terrifying glimpse into 'how quickly AI is changing the threat landscape'News Security experts say Anthropic's recent admission that hackers have "weaponized" its AI tools gives us a terrifying glimpse into the future of cyber crime.
-
Google hits back at 'entirely false' reports of major Gmail security breachNews Reports of a massive Gmail hack affecting billions of users have been denied by Google
-
Ransomware attack on IT supplier disrupts hundreds of Swedish municipalitiesNews The attack on IT systems supplier Miljödata has impacted public sector services across the country
