Go back

Are Your Youngest Employees Your Biggest Security Risk?

Research suggests that digital natives are surprisingly more susceptible to online scams than older generations, highlighting a need for updated security strategies.

Industry Insights
September 30, 2025
4m read
4m read
4m listen
4m watch
4m watch
Are Your Youngest Employees Your Biggest Security Risk? ThumbnailAre Your Youngest Employees Your Biggest Security Risk? Thumbnail
speakers
speakers
speakers
authors
Nate Abbott
participants
No items found.
share

Research suggests that digital natives are surprisingly more susceptible to online scams than older generations, highlighting a need for updated security strategies.

Picture the typical victim of a cybersecurity scam… what popped into your head? If you’re like most people, you probably pictured someone older, someone less familiar with technology. Someone who didn’t grow up immersed in the internet, who’s perhaps a bit too trusting of a pop-up window or a suspicious email. It’s a comfortable stereotype.

The data, however, suggests that it may also be wrong. Gen Z appears to be more susceptible than you’d expect. 

A 2023 Deloitte survey was the first to find that kids these days may not be as savvy as we think. Recent CyberArk research surfaced by Dark Reading found that Gen Z–the digital natives who grew up with smartphones in hand–are twice as likely to fall for online scams as Boomers. Similar results by NordVPN suggest it may flag a growing trend.

This isn’t about blaming a generation–Gen Z has been unfairly blamed for enough cultural uncertainty in the last few years. Rather, it’s about understanding the workflows of the younger generation, and adjusting defenses accordingly.

A digital footprint from birth

For older generations, the concept of IT-sanctioned software and devices was an accepted norm: you just use what the company gives you. Millennials were coming of age when “there’s an app for that” entered the popular parlance, but it wasn’t second nature yet.

But Gen Z has grown up surrounded by a mature ecosystem of apps and websites and devices for everything and anything they could possibly think of… and quite a bit more.

Signing up for a new SaaS tool is second nature to many younger workers: a project management app your friend likes, an AI transcription service a podcast said was more accurate, a niche design tool. Using their work email for it likely may not raise the same alarm bells as it would for someone older. There’s nothing nefarious about it: they see it simply as improving productivity, not creating risk.

The result, however, is a potentially vast constellation of unsanctioned accounts and applications, all tied to a corporate identity, but completely outside of IT’s visibility and control. Each of these accounts is a potential liability. A breach of a “free” third-party application can expose employee credentials, which can then be used to attack your core systems. 

The perimeter is an illusion

The traditional boundaries of trusted office networks are long gone–and Gen Z certainly isn’t responsible for that, as they’re even less likely to be working remotely than their Millennial peers

But younger workers do tend to operate with more fluidity across devices and networks, blending work and personal life in ways that existing security models simply weren’t built for.

All of these trends give yet more evidence to the unavoidable conclusion that we’ve seen reinforced again and again: the perimeter is no longer the primary battlefield for protecting the cloud office.

Your most sensitive data–the product roadmaps, financial projections, customer lists–doesn’t just live on a secure file server anymore. It lives in your cloud office, being accessed, shared, and integrated in ways your security team often doesn’t have visibility into, let alone control over. 

Toward a resilient workspace

Regardless of the intrusion method–scams targeted at younger workers, token theft, MFA bombing–we can’t solve the problem by writing more policies or running more training sessions alone. Those methods can certainly help, but at the end of the day, humans are going to be human. A shift in strategy is needed.

Guarding against modern threats requires a fundamental shift to focus on gaining visibility and control over what’s inside your cloud office. It starts with asking three questions:

  • What is our most sensitive data? You can’t protect what you don’t know you have. The first step is gaining visibility into the sensitive data sitting in your email, documents, and cloud storage.
  • Who–and what–has access to that data? This means understanding which accounts have sensitive data sitting in their inboxes and file sharing platforms, but that’s only the start. It also demands understanding the web of third-party apps, service accounts, and sharing links that can also touch that data.
  • How can we respond to access changes at machine speed? The goal is to de-risk the entire environment from the inside out. This means creating automated controls that can, for example, require an MFA step-up in order to access a financial report sitting in an inbox, or alert your security team when an employee uses a work account to sign up for an unsanctioned application.

These are precisely the questions Material was built to answer. Material delivers the visibility and control needed to protect your cloud workspace against threats coming from the outside in, while securing the files and accounts from the inside out. 

By analyzing the data within your Google Workspace or Microsoft 365 environment, Material helps you identify and secure your most sensitive threats, tame third-party app risk, and apply the principle of least privilege at scale.

The Gen Z statistic isn’t a fluke: it's a sign of what’s to come. It’s time to build a security architecture that’s ready for it. 

Frequently Asked Questions

Find answers to common questions and get the details you need.

No items found.

Related posts

Our blog is your destination for expert insights, practical tips, and the latest news in technology. Stay informed with our regular updates and in-depth articles. Join the conversation and enhance your understanding of the tech landscape.

blog post

Hack Week 2025 Recap

Our annual Hack Week brings together cross-functional teams to rapidly prototype creative ideas, inspired by customer insights, that improve our product and foster collaboration, innovation, and team bonding.

Abhishek Agrawal
3
m read
Read post
Podcast

Hack Week 2025 Recap

Our annual Hack Week brings together cross-functional teams to rapidly prototype creative ideas, inspired by customer insights, that improve our product and foster collaboration, innovation, and team bonding.

3
m listen
Listen to episode
Video

Hack Week 2025 Recap

Our annual Hack Week brings together cross-functional teams to rapidly prototype creative ideas, inspired by customer insights, that improve our product and foster collaboration, innovation, and team bonding.

3
m watch
Watch video
Downloads

Hack Week 2025 Recap

Our annual Hack Week brings together cross-functional teams to rapidly prototype creative ideas, inspired by customer insights, that improve our product and foster collaboration, innovation, and team bonding.

3
m listen
Watch video
Webinar

Hack Week 2025 Recap

Our annual Hack Week brings together cross-functional teams to rapidly prototype creative ideas, inspired by customer insights, that improve our product and foster collaboration, innovation, and team bonding.

3
m listen
Listen episode
blog post

Solidifying Security Culture Empowers Your First Line of Defense

A strong security culture is easy to talk about but hard to achieve. Making sure your tech stack and your processes support your people is a critical first step.

Nate Abbott
4
m read
Read post
Podcast

Solidifying Security Culture Empowers Your First Line of Defense

A strong security culture is easy to talk about but hard to achieve. Making sure your tech stack and your processes support your people is a critical first step.

4
m listen
Listen to episode
Video

Solidifying Security Culture Empowers Your First Line of Defense

A strong security culture is easy to talk about but hard to achieve. Making sure your tech stack and your processes support your people is a critical first step.

4
m watch
Watch video
Downloads

Solidifying Security Culture Empowers Your First Line of Defense

A strong security culture is easy to talk about but hard to achieve. Making sure your tech stack and your processes support your people is a critical first step.

4
m listen
Watch video
Webinar

Solidifying Security Culture Empowers Your First Line of Defense

A strong security culture is easy to talk about but hard to achieve. Making sure your tech stack and your processes support your people is a critical first step.

4
m listen
Listen episode
blog post

Beyond the Inbox: Unifying Cloud Workspace Security

Material offers a modern, comprehensive strategy that unifies cloud workspace protection across email, files, and user accounts. The platform leverages the rich APIs and audit logs available in Google Workspace and Microsoft 365 to create a cohesive security solution that connects the dots between what traditional point solutions often miss.

Material Security Team
12
m read
Read post
Podcast

Beyond the Inbox: Unifying Cloud Workspace Security

Material offers a modern, comprehensive strategy that unifies cloud workspace protection across email, files, and user accounts. The platform leverages the rich APIs and audit logs available in Google Workspace and Microsoft 365 to create a cohesive security solution that connects the dots between what traditional point solutions often miss.

12
m listen
Listen to episode
Video

Beyond the Inbox: Unifying Cloud Workspace Security

Material offers a modern, comprehensive strategy that unifies cloud workspace protection across email, files, and user accounts. The platform leverages the rich APIs and audit logs available in Google Workspace and Microsoft 365 to create a cohesive security solution that connects the dots between what traditional point solutions often miss.

12
m watch
Watch video
Downloads

Beyond the Inbox: Unifying Cloud Workspace Security

Material offers a modern, comprehensive strategy that unifies cloud workspace protection across email, files, and user accounts. The platform leverages the rich APIs and audit logs available in Google Workspace and Microsoft 365 to create a cohesive security solution that connects the dots between what traditional point solutions often miss.

12
m listen
Watch video
Webinar

Beyond the Inbox: Unifying Cloud Workspace Security

Material offers a modern, comprehensive strategy that unifies cloud workspace protection across email, files, and user accounts. The platform leverages the rich APIs and audit logs available in Google Workspace and Microsoft 365 to create a cohesive security solution that connects the dots between what traditional point solutions often miss.

12
m listen
Listen episode
blog post

Defusing Email Bomb Attacks with Material Security

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

Nate Abbott
5
m read
Read post
Podcast

Defusing Email Bomb Attacks with Material Security

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Listen to episode
Video

Defusing Email Bomb Attacks with Material Security

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m watch
Watch video
Downloads

Defusing Email Bomb Attacks with Material Security

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Watch video
Webinar

Defusing Email Bomb Attacks with Material Security

Material delivers a new solution to a resurgent threat: automated remediations to email flooding attacks.

5
m listen
Listen episode
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.