The Issue of Generational Cyber-Risk: Millennials Versus Baby Boomers


Over the past decade, businesses have been puzzling over how to successfully attract and retain a millennial workforce. Now accounting for the majority of the workplace globally, businesses are looking how to they can evolve to compete in a digital age and, importantly, engage this digitally-native generation.

In contrast to their parents’ generation, the baby boomers, technology plays a huge role in attracting millennial talent. New research this month shows nearly three quarters (71%) of millennials said that the extent to which an organisation embraces technology influences where they decide to work.

While millennials are considered far more tech-savvy than their baby boomer counterparts, recent research has in identified that they may be far more likely to fall for cyber scams despite, and indeed because of, their affinity with technology.

While millennials grew up learning cybersecurity essentials alongside their times tables, Wombat Security’s latest State of the Phish report revealed that being born surrounded by technology has actually made them overly comfortable with technology, which has bred complacency when it comes to security. In fact, the study found that baby boomers are 11% more likely to define phishing correctly in contrast to their millennial counterparts. The same report found that only just over half of respondents aged 18 to 29 could correctly define phishing, for example.

Further research from Get Safe Online identified that young people are particularly vulnerable to so-called “family and friends” scams. These scams involve fraudsters tricking victims into sending money to cybercriminals posing as loved ones after hacking into their social media accounts. Experian has also identified that people in their mid to late 20s are now more likely to fall for financial fraud than those who are over 60 years old, who are seen as the typical fraud victim.

Get Safe Online says that there are a few reasons why young people are more frequently falling for fraud. Firstly, they are online more, so are generating more opportunities for cybercriminals to attack them. In essence, it’s a numbers game where young people are losing. Finally, many young people prescribe to the outdated idea that phishing emails aren’t targeted (think the easy-to-spot Nigerian prince type scam), so smarter social engineering attacks that make use of personalised details are more likely to be successful.

As these findings show, millennials’ use of technology has impacted their overall attitude to cybersecurity, in contrast to their baby boomer counterparts. While the millennial generation has a stronger understanding than prior generations of online scams, stalkers, and the value of a social security number, there’s more of an innate disregard for photos, activities, and other details prior generations might view as highly secure. So how should organisations manage this divide in attitude?

Organisations need to address millennials’ lax approach to technology when structuring their cybersecurity awareness and training campaigns. Regular and continuous training is key for all generations, but for millennial employees this will be key in changing bad behaviours that may have been entrenched from a very young age. It’s also important to ensure that training is targeted to topics more pertinent to millennials such as mobile device security, mobile app security, safe social networking and safer web browsing.

Finally, to appeal to and engage the digital generation, training needs to be focused, interactive and “bite-sized”, ideally not lasting more than 15 minutes. Gamifying training can also act as a great way to motivate millennials to improve their skills.

While the digital fluency of millennials undoubtedly offers of organisations a multitude of advantages in a tech-driven world, they need to ensure that the resulting over-confident attitude to technology from younger employees doesn’t result in a disruptive cybercrime event. Security awareness training is clearly useful for all generations, and creating a deeper understanding of the issues is essential to mitigating the issues.


Tim Bentley is Vice President of APJ, Proofpoint.