While a common assumption is that older individuals are the most vulnerable to online scams, recent data suggests the opposite is true, with younger generations like Gen Z and millennials now being the most at-risk groups. According to an analysis of recent survey data, Gen Z’s digital fluency, online habits, and unique economic pressures make them significantly more susceptible to cyberattacks. A collection of recent studies highlights this trend, showing that younger people are falling victim to scams and hacks at a much higher rate than their older counterparts.
Digital fluency as a double-edged sword
Multiple data sources indicate a clear generational gap in cybersecurity vulnerability. According to a survey from Deloitte, Gen Z respondents were more than twice as likely to report having fallen for an online scam (17%) compared to baby boomers (7%). This disparity was consistent across several types of attacks, with Gen Z reporting higher rates of social media account takeovers (29% vs. 12%), stolen credentials (13% vs. 6%), and compromised devices (12% vs. 4%). Similarly, survey data from CyberArk found that only 20% of Gen Zers said they had never been hacked, half the rate reported by baby boomers (41%).
Experts suggest that this vulnerability stems ironically from Gen Z’s deep familiarity with technology. This digital fluency can lead to an inherent trust in platforms and devices, which in turn fosters riskier online behaviors. According to Anne Cutler, a cybersecurity evangelist at Keeper Security, these habits include faster clicking, password reuse, and using personal devices for professional work. Attackers are aware of this and now tailor phishing campaigns to mimic the platforms that younger employees use daily. This contrasts with older generations, who often exhibit more skepticism toward technology.
Younger people are also exposed to a greater volume of online threats simply because they spend more time online—by some measures, more than twice as much as older generations. Their tendency to experiment with emerging technologies, which often have less defined security standards, further increases their risk. This constant blending of personal and work life on a single device creates a significant risk not just for the individual, but for their employers as well. As David Matalon, CEO at Venn, explains, one phishing email on a personal laptop can expose an entire corporate network.
Economic pressures and the ‘side hustle’ economy
Beyond online habits, unique economic and workplace pressures are a major contributor to Gen Z’s vulnerability. As a result of growing economic inequality, nearly half of all millennials and Gen Zers have taken on multiple jobs or side hustles to make ends meet. According to security experts from Kaspersky Lab, this “polywork” lifestyle directly increases cyber risk. Managing multiple jobs means managing more online accounts with various software-as-a-service (SaaS) platforms, which expands a person’s digital footprint and creates a larger attack surface for cybercriminals.
This constant multitasking also creates a unique form of cognitive overload. Evgeny Kuskov, a security expert at Kaspersky, notes that this can increase the likelihood of making mistakes, such as overlooking a phishing email or misconfiguring access permissions. Scammers exploit this by impersonating well-known collaboration platforms like Zoom, Microsoft Excel, and Outlook, with Kaspersky recording six million such attempted attacks between mid-2024 and mid-2025. They also impersonate employers on freelance sites, where urgent language and file sharing are common, making scams harder to detect. A study from NordVPN showed that a quarter of its Gen Z respondents had fallen for one of these professional-looking job scams.
This new work reality also gives rise to shadow IT, where workers install unauthorized software or browser extensions to streamline their multitasking. While helpful for productivity, these unauthorized apps may have vulnerabilities or unclear data-sharing policies that can create security holes. The danger is compounded when credentials are reused across personal side projects and corporate systems, as a single compromised account can cascade into a much larger breach for an employer.
