A lot of observations and research has come up in the past week during Data Privacy Week. One such observation was that tech-savviness does not guarantee safety online. Yubico’s latest Global State of Authentication Report touches on that, as it found that Gen Z is actually the most likely to experience phishing attacks.
62% of Gen Z respondents even admit that they’ve interacted with a phishing message such as opening links and attachments, or even just responding to suspicious messages, this past year.
On the other hand, the number for Boomers is a lot lower. Only 23% of them report having experienced the same thing.
How Exactly Do Individuals Treat Cybersecurity Across Generations?
71% of Gen Z use Multi Factor Authentication methods to protect their personal accounts, compared to 51% of Baby Boomers. But this doesn’t make Gen Z safer.
For example, when it comes to AI, we know that many of the tricks and scams used are becoming more sophisticated. In fact, 38% of Gen Z believed an AI-generated message was human written, compared to 1% of Boomers. This is a concerning number for Gen Z, and it goes to show that being more knowledgeable on technology won’t guarantee immunity from attacks.
Niall McConachie, regional director (UK & Ireland) at Yubico, discusses the generational cyber gap: “Now is the perfect time to debunk the myth that being tech-savvy equates to being cyber resilient and safe online. Our data shows a concerning disconnect: Gen Z is adopting the right tools, like MFA, but their comfort with digital communication makes them a prime target for social engineering and phishing attacks.
“When we look at why people are falling for these scams, the data tells a deeper story: Gen Z are most likely to be tricked because they are ‘in a rush’ or because the message offered a ‘valuable opportunity’ like a job or prize. In contrast, Baby Boomers are rarely tricked by opportunities but are more likely to fall for messages that appear to come from a ‘trusted source.’”
More from News
- Will Meta Make Users Start Paying A Subscription For WhatsApp?
- Confidence Gap Holds Back Gen Z Business Founders, Report Finds
- Google To Pay $68m After Lawsuit Over Google Assistant Recordings
- Big Tech Paid $7.8bn In Fines Last Year, Report Finds
- New Research Reveals What (Or Who) The Actual Risks To Businesses Are In The AI Age
- UK Government Invests £36m To Make Supercomputing Centre 6 Times More Powerful
- Experts Share: How Will The 2026 Global Memory Shortage And GPU Rise Impact Industries?
- Golden Visas Used To Be A Pathway To The World’s Best Passports…But Not Anymore
How Do Workers Treat Cybersecurity?
In the workplace, the report found that 4 in 10 employees actually do not get cybersecurity training, and another 44% wait 3-5 months to upgrade their policies.
This means that in the rise of all these new threats, almost half of the workers do not know how to stay protected, and if they do, they are doing so with outdated strategies.
62% of organisations only use standard username and password combinations to protect accounts. 44% uses OTPs that are sent via SMS, which also can be risky.
There seems to be a disconnect between what employees believe will protect them versus what actually will. The research found that 41% of respondents truly believe the SMS OTP method is the most secure. Another 33% believe app OTPs are the most secure. A shocking 26% believe that just passwords are the most secure.
Passkeys on devices were perceived as the most secure by 30% of them, and this actually is the most effective compared to the abovementioned.
Misconceptions like this definitely play a part in the failing company cybersecurity systems. The report says: “Despite these vulnerabilities, 84% of respondents whose companies’ security measures differ based on role still believe their company’s cybersecurity is as secure as it needs to be, showing misplaced confidence as all levels of an organisation need to be treated the same for cybersecurity tools to be effective.”
“The takeaway for 2026 is that no generation is immune, but that the vulnerabilities differ. True privacy and security require a combination of the right habits – scepticism of unexpected messages – and modern, phishing-resistant tools like hardware security keys that protect your personal information even when you do inevitably click on a fraudulent phishing link in emails or text messages,” concluded.
