Business
Gen Z’s digital native status is a double-edged sword. They have cyber blind spots
Members of Gen Z are often referred to as “digital natives.” They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today’s increasingly digital working environments—but that isn’t always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm. For example, while Gen Zers often display an aptitude for AI and other emerging technologies, they are also more likely to fall for phishing scams than their parents or grandparents.
As Gen Z continues to enter the workforce, this is an important fact for organizations to consider. Different generations have different relationships with technology—and as Gen Zers arrive in greater numbers employers need to understand how they fit into the organization’s broader risk profile. By 2030, Gen Z will make up roughly 30% of U.S. workers, which means businesses can’t afford to wait. Smart, early career, and motivated employees can be an organization’s greatest asset, especially at a time when AI early adopters are in high demand—but it’s critical to understand and mitigate the risks each generation brings with them.
The Advantages (and Risks) of Different Generations
First, it’s important to understand that generations may have different risk tolerances, usually driven by their own experiences. Research has shown that Gen Zers are less concerned about traditional cybersecurity threats, in part because breaches have been making headlines their entire lives—making them feel inevitable. The fact that the consequences for being hacked are less extreme in the U.S. than they are elsewhere plays a role, too. For instance, if your credit card number is stolen and used in a fraudulent manner, chances are the bank will replace that money quickly and easily. That’s a good thing, but a relative lack of consequences makes it easier to brush off security concerns and adopt a more cavalier attitude.
That attitude of indifference can be a significant advantage in the workplace. While other generations can be averse to change, Gen Zers are often more willing to adopt new technologies—including AI. A recent report found that AI is “supercharging” Gen Z workers, significantly enhancing their productivity and allowing them to take on greater responsibilities. That’s a win-win for both Gen Z workers and their employers, reducing mundane, entry-level roles and streamlining operations while creating clear opportunities for advancement. But it’s also important to approach with caution—as helpful as AI can be, it also carries risks. While younger generations may have a higher risk tolerance when it comes to their own information, organizations need to ensure there are effective governance practices in place when it comes to sharing sensitive or confidential data with AI solutions.
It’s also important for IT teams to understand that different generations may approach technology in unique ways. In the workplace, most work is done on laptops or desktop computers, which older generations have likely been using for their entire lives. However, as marketers can attest, Gen Z is a famously “phone first” generation, often using mobile devices in ways other generations might balk at. On the one hand, this creates risk—it’s harder for IT and security teams to secure mobile devices, especially when “bring your own device” (BYOD) practices have become the norm. On the other hand, it means Gen Zers are often able to be more productive, even when they are on the move—they don’t need the comfort of a desk and a monitor to get things done. It’s all about finding the balance between advantages and risks.
Limiting Risk Without Introducing Friction
The good news is that addressing the unique risks posed by different generations isn’t rocket science—in fact, it starts with doubling down on measures most organizations should already be taking. Cybersecurity training is an important way to help employees recognize the signs of social engineering scams and other common attack vectors, but it’s also a good way to generate buy-in. It’s not enough for employees to understand what they should do—they need to understand why, too. While some generations tend to be more willing to adhere to policies, Gen Z often wants to understand the reasons behind them.
There are also simple steps that organizations should already be taking—such as implementing multifactor authentication (MFA), device authentication, and passkeys. While it can be difficult to prevent employees from reusing passwords across different accounts, the extra layer of controls can add meaningful defense between organizations and attackers. In the past, some employees have chafed against MFA solutions that require them to wait for an SMS code or plug in a USB drive, but modern, biometrics-based MFA provides a nearly frictionless experience—significantly improving security without frustrating employees. When security measures feel unnecessary or overly complex, employees will often attempt to circumvent them—so making them as frictionless as possible should be a priority.
On a similar note, implementing a zero-trust approach to access management can help reduce risk by limiting the potential blast radius of an attack. By ensuring employees only have access to the systems and data they need to perform their essential job functions, organizations can lessen the risk posed by any individual employee. Even if an employee reuses a compromised password, a hacker in a zero-trust environment will be limited in what they can do, making it much more difficult to escalate the attack. Incident monitoring and response play an important role here, too—organizations should regularly be flexing their incident response muscles with simulations and tabletop exercises to ensure they can quickly and effectively detect and mitigate an attack. Preventing every attack may not be possible, but limiting the damage is an attainable goal.
Positioning Every Employee for Success
Whenever a new generation enters the workforce, it’s up to organizations to identify, understand, and appropriately account for both the advantages they bring and the potential risks they pose. It’s a golden opportunity for IT and security teams to take steps to improve their approach to risk management in a comprehensive manner. After all, reducing friction makes life easier and better for all employees. Implementing zero trust improves security across the board. Limiting risk is often more about will than skill—and with a simple mindset shift, organizations can not only improve their approach to risk management, but ensure they are helping all employees adhere to security protocols and succeed in the workforce.
The opinions expressed in Fortune.com commentary pieces are solely the views of their authors and do not necessarily reflect the opinions and beliefs of Fortune.
