The Coming Generation-Z Impact on Cybersecurity
CIOREVIEW >> Conversational >>

The Coming Generation-Z Impact on Cybersecurity

Thomas Skill, Ph.D, Associate Provost & Chief Information Officer, University of Dayton
Thomas Skill, Ph.D, Associate Provost & Chief Information Officer, University of Dayton

Thomas Skill, Ph.D, Associate Provost & Chief Information Officer, University of Dayton

How nervous should your cybersecurity team be when the Gen-Z population joins the workforce over the next few years? The University of Dayton’s Center of Cybersecurity & Data Intelligence did a small study in March 2018 that explored how the different generations encounter cybersecurity awareness and practices. A key group that we analyzed was Generation Z (Gen-Z). These are the kids now in high school that will soon be entering college and the broader workforce. This study measured self-reported behaviors and attitudes toward cybersecurity across four generations - from Baby Boomers & Gen X’ers to Millennials and Gen Z. Using both our research findings and data from other sources, we were able to craft descriptive profiles of the generational differences regarding cybersecurity and data privacy. While our results revealed many interesting findings across the different generations, we were most struck by the extent to which the Gen-Z respondents revealed a very disruptive set of expectations and new behaviors with respect to technology, privacy, and cybersecurity.

In terms of the Gen-Z engagement with technology and cybersecurity, this is a generation that views their technology as totally and almost exclusively mobile! Their personally-owned smartphone reflects its “always connected” lifestyle. They expect to use these devices for personal and work activities and they strongly believe that their personally-owned and self-managed device allows them to be substantially more productive than any technology provided by their school or employer.

The "BYOD" world-view of the Gen-Z population will likely be very disruptive to traditional cybersecurity models and practices.

A critical finding is that traditional “rules-based” security practices that use the typical lecture-based training are not only ineffective, but it is viewed very negatively by the Gen-Z population. They interpret these approaches as similar to the “parental lecture” and hate it! The more effective way to engage Gen-Z’ers in good cybersecurity behaviors is to ground appropriate actions in a “values-based approach.” For example, educational outreach on cybersecurity should emphasize values such as “shared responsibility in protecting our community” whereby users are activated to think and act in a “mindful manner” when responding to requests to share information online.

As we explored the attitudes and behaviors of Millennials and Gen-Z, we applied our cyber-mindfulness model in terms of the three core elements—Awareness, Agency, and Action. The Agency role truly emerged as critical to good sustainable practices because it addresses the need for users to feel a sense of ownership for cybersecurity. Addressing this gap is a challenge with all generations. However, in building agency with Gen-Z, it is essential to drive that training around the concept of shared values and community engagement. With many of the other generations, pushing compliance with rules can be reasonably effective. Gen-Z does not accept rules very easily.

Finally, one of our interesting discoveries was the difference between Gen-Z high school students and Gen-Z college students. We found that 19-year-old college students have a much stronger sense of agency than 19-year-old high school students and they are much more concerned about the privacy of their information than 19-year-old high school students. Our interpretation of this result suggests that experience changes generational patterns. As students enter college, they are experiencing situations whereby concerns around privacy and shared responsibility (agency) are shifting attitudes. What this means is that Gen-Z high school students going into the workforce will be a substantially higher cybersecurity risk than those coming from college - even if they are the same age and of the same generation!

Read Also

Disrupt Your Legacy Application Portfolio to Improve Security And...

Jonathan Behnke, Chief Information Officer, City of San Diego

Why a Credentialing Strategy Must be Part of Your Digital Strategy

Jack Suess, CIO, Collin Mood, Senior Computer Engineering, University of Maryland Baltimore County

The Convergence of IT with the Internet of Things Innovation

Andy Shang, Vice President of Engineering, Gold Medal Products

It’s On People: The Undeniable Cultural Impact in a Digital...

Nuno Pedras, Chief Information & Digital Officer, Galp

A Promising Road Ahead for Insurtech

Chris Purcell, CIO, PEMCO

Bolloré Logistics Australia becomes a global leader in the use of...

Stuart Darby, Commercial Director - Pacific Region, Bolloré Logistics