They were raised on the glow of screens, lulled to sleep by the soft pulse of notifications. Gen Z (those of us roughly born between 1997-2012) came of age in an always-on world, FaceTiming cousins across continents, sketching futures in the comment sections, spinning identities out of pixels and Wi-Fi. Their fluency is instinctive; they navigate the internet like water. So it’s easy to assume they’re also safe in it, that digital natives are naturally digitally secure.
They aren’t.
Beneath the curated chaos of their online lives is a quiet vulnerability. Global data shows that 72% of Gen Z reuse the same password across multiple accounts. Nearly six in ten admit they’ll keep using an old password even after hearing about a data breach, and 38% say they just change a single character when forced to update credentials. Fewer than 43% regularly install software updates, and almost half of Gen Z and Millennials have had their social media accounts hacked at least once.
Perhaps most sobering: Gen Z are more than three times as likely as Boomers to fall for online scams.
They know this is risky. They just don’t stop.
Part of the reason is design. Security is still built like a locked door, but Gen Z grew up in glass houses. The internet trained them to see friction as failure, every pause a reason to click away. Software updates feel clunky, two-factor authentication feels boring, and password managers feel like chores. In a world engineered to make things seamless, they prefer to glide. And there’s a quiet faith in the platforms they’ve grown up with: the idea that big tech is a fortress, that nothing bad will happen to them. But trust can be a kind of sleep.
So they glide. They reuse passwords, they delay updates, they log into freelance work portals on the same phones they use for streaming, dating, banking. Their digital footprint is vast; their defences are thin. And when something does break, a hacked account, an emptied bank card, a sudden lockout from their entire online life, the shock is devastating. It’s not just financial. There’s the panic of losing control over your identity, the humiliation of being impersonated, the creeping sense of being watched.
This isn’t carelessness so much as exhaustion. Gen Z lives with too many passwords, too many platforms, too many places to guard. Security has been framed as a personal responsibility, not a cultural one. No one celebrates a friend for turning on two-factor authentication the way they might for buying a new serum. No one makes updating your phone feel like self-care. They are expected to be vigilant while living inside systems designed to make vigilance invisible.
And yet, there’s something hopeful about how this generation responds to danger. When they are hacked, they warn others. When they’re scammed, they turn the experience into a cautionary story on TikTok. They are quick to adapt, to share tools, to build soft networks of protection out of humour and solidarity. What they need now is for the platforms, the employers, the designers of their digital worlds to meet them halfway – to make safety beautiful, effortless, default.
Because Gen Z deserves better than being left to navigate an unstable digital future alone. They are entering adulthood in an age when identity is both currency and target, when their phones are at once passports, banks, diaries, stages. If they are to keep creating, connecting, dreaming at the speed they do, they need armour that moves as lightly as they do. They need protection that doesn’t make them slow down.
Fluency was never the same as immunity. And if the generation that shaped the internet is to survive it, the world will have to stop mistaking their confidence for invulnerability and start giving them the tools to be safe, not just seen.
Here are a few house keeping tips:
Digital Safety Tips
-
Enable automatic updates on phones, laptops, and apps – outdated software is the easiest entry point for attackers.
-
Use strong, unique passwords for every account, and store them in a secure password manager.
-
Turn on two-factor authentication (2FA) wherever possible, especially on email and social media.
-
Think before clicking: double-check the sender before opening attachments or links.
-
Log out from shared or public devices and avoid using public Wi-Fi without a VPN.
-
Regularly back up important data to an encrypted cloud service or offline drive.
For more stories of art and culture, visit our dedicated pages and stay across our Instagram.
