
The biggest risk isn’t your tech stack
CISOs Nikk Gilbert (RWE) and Stefan Baldus (HUGO BOSS) explain why human fallibility and awareness matter more than any tech stack.
Read MoreGet perspective-changing insights and exclusive cybersecurity interviews in your inbox every week.
Gen Z.
We know that digital spaces are full of generational tensions. And at Black Hat MEA, we’re committed to inclusivity. We see cybersecurity practitioners of all ages bring incredible value to the field, and we’re not here to put anyone down.
But according to a new survey from PasswordManager, almost half of business leaders believe that their youngest employees (Gen Z) are a higher security risk than older colleagues.
It made us curious – what’s behind this mistrust, and is it backed up by data?
We did some more digging, and found the numbers aren’t completely baseless. A 2024 ethical culture report by education firm LRN found that 22% of Gen Z workers admitted engaging in unethical workplace conduct in the past year – compared with just 9% of Boomers. ‘Unethical conduct’ is a broad (and subjective) category, but the gap is significant.
And as organisations adapt to hybrid and digital-first workplaces, the opportunities for leaks (accidental or intentional) multiply. A screenshot here, a casual comment there, a TikTok filmed in the wrong environment – data can spill far more easily than in the past.
The survey also highlights that younger employees may not have been trained on what counts as sensitive. Gunnar Kallstrom (security expert, quoted in the report) argued that “companies often fail to clearly define and contextualise” confidential information for digital-native staff. And when the rules are vague, mistakes happen.
At the same time, other research tells a different story.
So Gen Z may not be inherently less trustworthy. They might simply be working in environments that haven’t adapted to their norms, communication habits, and their expectations of clarity.
The generational clash isn’t about ethics in the abstract. It’s about context and communication.
So if we’re being honest, we think blaming a generation misses the point. The real issue is whether organisations have built cultures and processes that translate security into the world their employees actually live in.
Take mistrust (in both directions) as a call to action. Starting now, organisations can:
Because the real risk is the gap between expectations and reality. And it has to be the leaders that step up and close that gap.
Has the field of cybersecurity adapted to include new generations of talent? And if not, what do we need to change to make sure Gen Z security practitioners can work to their full potential?
Open this newsletter on LinkedIn and share your perspective in the comments. We’ll see you there.
Join the newsletter to receive the latest updates in your inbox.
CISOs Nikk Gilbert (RWE) and Stefan Baldus (HUGO BOSS) explain why human fallibility and awareness matter more than any tech stack.
Read MoreEvery breach leaves a trail. Learn why digital forensics training at BHMEA 2025 is about connecting the dots and telling the story of an attack.
Read MoreFind out why internships need to give students the opportunity to do real, meaningful work.
Read More