The very same characteristics that make members of Gen Z who they are may also cause them to open up their workplace to cybersecurity risks.
The digital natives, known for their political consciousness and having grown up with ubiquitous internet access, are currently the youngest generation in the workforce.
However, a digital-first lifestyle does not exclude the youngest generation in the workforce from being susceptible to cybersecurity risks. José-Marie Griffiths, president of Dakota State University, said those in the generational cohort—currently ages 13 to 28—are used to forgoing privacy because of their early adoption of social media platforms.
“Their sense of privacy and the right to privacy is a little bit distorted, I would say,” Griffiths said, adding that this lack of awareness could make them vulnerable.
Unique risks. Recent reports have highlighted cybersecurity challenges associated with the younger generation. A July Kaspersky report, for instance, focused on the specific cybersecurity risks associated with employees who juggle multiple jobs at once, known as “polyworking.” Around one-third of Gen Z workers have a side-hustle, according to a Bankrate survey of over 2,000 people.
Kaspersky found that polyworking employees who use more work applications on a daily basis may have a more difficult time verifying the interactions that occur on these tools. This opens up the door for cybercriminals to share phishing emails through compromised accounts or hide malware in faux calendar invites to lure their next victim.
Between the second half of 2024 and the first half of 2025, Kaspersky tracked more than 6.1 million attacks masquerading as popular work tools such as Zoom, Outlook, and OneDrive.
“Basically, they will try to modify something in the middle between the…application and the user and then try to compromise them,” said Marc Rivero, lead security researcher on Kaspersky’s global research and analysis team.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
It doesn’t stop there. Young employees may also unintentionally be contributing to shadow AI. Cox Business data found, for example, that 47% of Gen Z and millennial employees have a fear that AI could replace their jobs, causing them to hide their usage of it at work.
Securing zoomers in the wild. IT Brew caught up with Jason Rebholz, co-founder and CEO of Evoke Security, to see if he has noticed any specific cybersecurity hurdles tied to Gen Z employees during his career. Despite the data, Rebholz said that he noticed many security challenges are “cross-generational” when he recently served as a CISO for a cyber insurance carrier.
“One of the biggest concerns that I had as a CISO was really around, ‘How do we secure the identities [and] the credentials that people were using?’” Rebholz said.
During his time in the role, Rebholz noticed that his Gen Z employees were avid travelers. While the log-ins from unfamiliar locations would trigger alerts to Rebholz’s security team, he noted that the young employees’ efforts to travel securely did not go unnoticed, a quality that highlighted the generation’s commitment to protecting organizations.
“The irony of this, or the coincidence of this, is what I also found was those employees were also more likely to use a VPN,” Rebholz said. “So, even though they were traveling, they were still leaning into what could be considered best practices for logging in.”
Tailored approach? Rebholz said it is important to place security controls that address the whole company rather than spending time creating guardrails and training for one generation.
“Forget the age, focus on the roles and what they’re doing, because you’re customizing it towards what their day looks like, not necessarily what their perceived tendencies are going to be as a generation.”