Despite their reputation as digital natives, Gen Z is pretty poor when it comes to cybersecurity practices.
Analysis from consumer insights platform GWI found that while many in this demographic have grown up online, only three-in-ten have made a habit of regularly changing their passwords compared to 42% of Baby Boomers.
They’re also the generation least likely to keep software and devices up to date, with only 43% bothering. Gen Z was found lacking in other basic cyber hygiene practices, the study noted.
Just 36% reported using any antivirus software, for example, but more than half (58%) at least use two-factor authentication (2FA).
Gen Zers also take more risks. Only 35% avoid using insecure public wifi, in contrast to 48% of Boomers. They’re also less likely to check their accounts for suspicious activity, with only 40% doing so, compared with 54% of Boomers.
When asked how concerned they are about the threats of cyber attacks, only 44% of Gen Zers said they were ‘very’ or ‘extremely’ concerned, compared with 49% of Boomers.
Gen Z is too trusting
In general, they're a pretty trusting lot - especially with technologies like AI.
They're more likely than Boomers to feel extremely or very comfortable with AI agents taking action on their behalf, at 18%, compared with just 4% of Boomers.
By contrast, only 8% of Gen Z say they’re not at all comfortable with AI agents, compared with 12% of Boomers.
Notably, many said they often rely on AI for important decision-making, with 24% using it for health-related information and 22% for financial advice.
At work, 24% said they are comfortable with AI completing tasks for them, more than twice as many Boomers.
Gen Z is keen on training
One positive takeaway from the study is that a significant majority are keen to improve their cybersecurity skills. For example, 91% said that training staff on data security should be a key workplace priority.
The researchers suggested that the reason for the disconnect is Gen Z’s overreliance on smartphones, where features like face ID, auto-login, and password managers are the norm.
“Gen Z has grown up in a world where convenience is the default. With devices auto-filling passwords, logging them in with a glance, and silently syncing their data, there’s little reason, or opportunity, for them to build good security habits," said Matt Smith, data journalist at.
"But that reliance on automation creates a false sense of safety. When something goes wrong, many Gen Zers don’t know how to react—because they’ve never had to think about it.”
The report aligns with similar research into Gen Z security habits from Bitwarden earlier this year. The company found this generation was the worst when it comes to password reuse, with 72% admitting they recycle credentials, compared with just 42% of Boomers.
Worse still, even when they do create a new one, 38% of Gen Z and 31% of Millennials said they only bothered to change a single character or reuse an existing one.
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Has password hygiene ever improved?
- Most passwords take a matter of minutes to crack
- How to create a secure password policy
-
HSBC partners with Mistral to fuel bank-wide generative AI adoptionNews The multi-year, strategic partnership will focus on transforming a range of services and tasks from customer-facing to fraud detection and more
-
Google drops cloud complaint against MicrosoftNews Anticompetitive concerns aren't gone, but Google is leaving the battle to the EC instead
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
