Why don’t business leaders trust Gen Z?

Get perspective-changing insights and exclusive cybersecurity interviews in your inbox every week. 

This week we’re focused on…

Gen Z. 

Let us be clear…

We know that digital spaces are full of generational tensions. And at Black Hat MEA, we’re committed to inclusivity. We see cybersecurity practitioners of all ages bring incredible value to the field, and we’re not here to put anyone down. 

But according to a new survey from PasswordManager, almost half of business leaders believe that their youngest employees (Gen Z) are a higher security risk than older colleagues. 

It made us curious – what’s behind this mistrust, and is it backed up by data? 

The survey found that…

• 52% of leaders said Gen Z employees pose a security risk.
• 47% believe Gen Z would intentionally leak company secrets for social media attention.
• 18% said they’ve already experienced such a leak.

The case for concern 

We did some more digging, and found the numbers aren’t completely baseless. A 2024 ethical culture report by education firm LRN found that 22% of Gen Z workers admitted engaging in unethical workplace conduct in the past year – compared with just 9% of Boomers. ‘Unethical conduct’ is a broad (and subjective) category, but the gap is significant.

And as organisations adapt to hybrid and digital-first workplaces, the opportunities for leaks (accidental or intentional) multiply. A screenshot here, a casual comment there, a TikTok filmed in the wrong environment – data can spill far more easily than in the past.

The survey also highlights that younger employees may not have been trained on what counts as sensitive. Gunnar Kallstrom (security expert, quoted in the report) argued that “companies often fail to clearly define and contextualise” confidential information for digital-native staff. And when the rules are vague, mistakes happen.

But the mistrust may be misplaced 

At the same time, other research tells a different story. 

• Deloitte’s 2025 Gen Z and Millennial Survey shows that younger workers care deeply about authenticity, well-being, and purpose at work – they’re not interested in short-term fame or reckless behaviour.
• Research from Stanford highlights that Gen Z places a premium on trust and integrity. They expect employers’ actions to align with their words.
• A Traliant report found that more than half of Gen Z employees doubt their company would protect them from retaliation if they spoke up about problems. That mistrust flows both ways. 

So Gen Z may not be inherently less trustworthy. They might simply be working in environments that haven’t adapted to their norms, communication habits, and their expectations of clarity.

The gap really lies in communication and context 

The generational clash isn’t about ethics in the abstract. It’s about context and communication.

• Training hasn’t kept up. Many companies still teach confidentiality in terms that work for email and documents – but not for livestreams, collaborative platforms, or consumer apps that blend personal and professional life.
• Policies are vague. If an organisation hasn’t clearly defined what’s sensitive, employees are left to guess. And guesses aren’t a security strategy.
• Culture is inconsistent. When young workers see leaders bending rules or hear mixed messages about integrity, they don’t buy into the system.

So if we’re being honest, we think blaming a generation misses the point. The real issue is whether organisations have built cultures and processes that translate security into the world their employees actually live in.

If you’re a business leader, what can you do? 

Take mistrust (in both directions) as a call to action. Starting now, organisations can: 

• Define confidentiality clearly, with examples relevant to social platforms and remote work.
• Invest in training that speaks Gen Z’s language – short, contextual, digital-first.
• Build trust through consistency. You have to model the behaviours you expect.
• Address culture as much as controls: show that security isn’t about blame, but about collective responsibility.

Because the real risk is the gap between expectations and reality. And it has to be the leaders that step up and close that gap. 

We want to know what you think 

Has the field of cybersecurity adapted to include new generations of talent? And if not, what do we need to change to make sure Gen Z security practitioners can work to their full potential? 

Open this newsletter on LinkedIn and share your perspective in the comments. We’ll see you there.