enterprisesecuritymag

Generation Z and Cybersecurity - Are we ready for their Disruptive Expectations?

By Thomas Skill, Ph.D., Associate Provost & CIO, University of Dayton

Thomas Skill, Ph.D., Associate Provost & CIO, University of Dayton

How nervous should your cybersecurity team be when the Gen-Z population joins the workforce over the next few years? 

The University of Dayton’s Center of Cybersecurity & Data Intelligence executed a study in 2018 that explored how the different generations encounter cybersecurity awareness and practices.  A key group that we analyzed was Generation Z (Gen-Z). These are the kids now in high school that will soon be entering college and the broader workforce. This study applied our Cyber-Mindfulness model to the analysis of the various generations—from Baby Boomers & Gen Xers to Millennials and Gen-Z.  Using both our original data and existing data sources, we were able to craft descriptive profiles of the generational differences with regard to cybersecurity attitudes and behaviors. It is really interesting to notice the differences in generations and how these Gen-Z students are going to bring a very disruptive set of expectations and new behaviors to both college and career!

"The more effective way to engage Gen-Zers in good cybersecurity behaviors is to ground them in a ‘values-based approach’"

In terms of the Gen-Z engagement with technology and cybersecurity, this is a generation that views their technology as totally and almost exclusively mobile! Their personally-owned smartphone reflects their “always connected" lifestyle.” They expect to use these devices for personal and work activities—and strongly believe that their personally-owned and self-managed device allows them to be substantially more productive than any technology provided by their school or employer.

The "BYOD" world-view of the Gen-Z population will likely be very disruptive to traditional cybersecurity models and practices.   

A critical finding is that traditional “rules-based” security practices that use the typical lecture-based training are not only ineffective, but are viewed very negatively by the Gen-Z population. They interpret these approaches as similar to the “parental lecture” and hate it! The more effective way to engage Gen-Zers in good cybersecurity behaviors is to ground them in a “values-based approach.” For example, educational outreach on cybersecurity should emphasize values such as “shared responsibility in protecting our community” (thereby engaging in “cyber-mindful” actions when entering personal data in a website).  

As we explored the attitudes and behaviors of Millennials and Gen-Z, we applied our cyber-mindfulness model in terms of the three core elements—Awareness, Agency and Action. The Agency role truly emerged as critical to sustainable good practices because it addresses the need for users to feel a sense of ownership for cybersecurity. Addressing this gap is a challenge with all generations. However, in building agency with Gen-Z, it is very important to drive that training around the concept of shared values and community engagement. While focusing on “compliance to rules” can be reasonably effective with other generations, our study suggests that Gen-Z does not accept rules very easily.

Finally, one of our interesting discoveries was the difference between Gen-Z high school students and Gen-Z college students. We found that 19-year-old college students have a much stronger sense of agency with respect to cybersecurity than 19-year-old high school students.  And 19-year-old college students are much more concerned about the privacy of their information than 19-year-old high school students. Our interpretation of this result suggests that experience likely changes generational patterns. As students enter college, they are experiencing situations whereby concerns around privacy and shared responsibility (agency) are shifting attitudes. What this really means is that Gen-Z high school students going into the workforce will be a substantially higher cybersecurity risk than those coming from college—even if they are the same age and of the same generation! 

Check out: Top Cybersecurity Solution Companies

Weekly Brief

Read Also

Managed Security Services - A Business Partnership

Managed Security Services - A Business Partnership

Peter Stevens, Head of Security Operations, Royal London Group
Automate, Orchestrate, and Delegate

Automate, Orchestrate, and Delegate

Ian Hill, Global Director of Cyber Security, BAM
Becoming a Leader in Enterprise Security

Becoming a Leader in Enterprise Security

RANDY RAW, VP of Information Security, Veterans United Home Loans
How Blockchain can Support Future Industrial Evolution

How Blockchain can Support Future Industrial Evolution

Odile PANCIATICI, Blockchain Project VP, Groupe Renault
How Modernized Encryption Standards and TLS 1.3May Impact Your Security Strategy

How Modernized Encryption Standards and TLS 1.3May Impact Your...

Ben Schoenecker, CISSP, Director of Information Security, Hendrick Automotive Group
IT Security: A Practical Approach

IT Security: A Practical Approach

Christopher McCarey, Director of IT Security for Gila River Hotels & Casinos – Wild Horse Pass, Lone Butte and Vee Quiva