Skip to main content
Microsoft Security

What Generation Z can teach us about cybersecurity

Girl Security National Security Fellows Program fellow Amulya, a 17-year-old interested in countering online disinformation, said she feels her sense of personal privacy has been largely nonexistent “growing up in a media-saturated world.” She believes her sense of privacy was stolen by a combination of mass media, access to tech without education, and an increasing divide among generations, government, and industry around responsible technology. With an online presence from a young age, members of Generation Z, like Amulya, bring personal insight to the cybersecurity conversation about online privacy.

Girl Security, the organization I founded in 2016, builds more equitable pathways through learning, training, and mentorship for girls, women, and female-identifying and non-binary young people interested in national security careers. Ann Johnson, Corporate Vice President of Security, Compliance, and Identity Business Development at Microsoft Security, and I recently spoke about the unique challenges, like privacy, that youth confront as digital natives—defined as “a person born or brought up during the age of digital technology.”

Insights from Generation Z supplement the insights we get from adults and people currently in the workforce.  When Ann and I talked about Generation Z, we considered a couple of big questions: 

Privacy expectations have changed

To get answers, I recently sat down with nine remarkable future national security leaders, ages 16 to 19, who completed the 15-week Girl Security National Security Fellows Program, to discuss the experiences of girls and women online and how those experiences shape their understanding of cybersecurity.

In discussing what the internet and technology are getting right and what can be improved, the fellows explained that technology provides an unprecedented level of access to information and resources and is an affordable method of communication. However, they emphasized the need to make technology and cybersecurity education more accessible to more communities across the United States and globally through in-school learning, financial support for educational opportunities, and training programs like Girl Security.

Preventing large-scale disruptions through responsible technology is also crucial, according to Prachi, a 17-year-old high school student interested in cybersecurity. She noted that prevention can also be personalized with the use of multifactor authentication and password protection. Advancing more robust user-friendly policies, laws, and regulations is also imperative to maintaining digital trust.

Gurman, a 19-year-old who is pursuing a career in cybersecurity, added that the first step to protecting personal privacy in a shifting digital landscape is to acknowledge “how little is in our control.”

“The invasion of privacy is so normalized that we have stopped worrying about it in a way,” Gurman said. “Social media detoxes are becoming more popular because on some level, we understand as a society that living through a digital world isn’t healthy because it detaches us from reality. Yet, in my opinion, all of these things have the underlying assumption that tech is so pervasive, it cannot be controlled so we have to rationalize and normalize it as a way to seemingly maintain some control over our reality.” 

There’s a growing sense of apathy among younger generations with respect to personal security online and the proliferation of user data, according to Rachel, a 16-year-old interested in economic security. She emphasized young people’s willingness to readily share locational data and other personal data.

Amanda, a 17-year-old who is particularly interested in human rights and technology, added that while adults can benefit from tech education, young people are normalizing bad online behaviors by prioritizing convenience (like saved passwords) over privacy and security.

Security protection and consent remain a challenge

As we discussed the impact of a growing reliance on technology to share information among friends and family, attend school during the pandemic, run businesses, and more, the group considered what exactly should society seek to prevent, protect, preserve, and advance with technology.

“The government and industry should do more to prepare digital citizens for breaches or attacks that may compromise personal data and privacy,” according to Sama, an 18-year-old pursuing an interest in geopolitics and counterterrorism. She began using social media in elementary school and signed various consent forms regarding the use of her data. While aggregation of user data is not all bad—information can feed technology innovation—there need to be enhanced protections for youth on social media platforms, particularly around consent.

“Women and girls are empowered and more secure when they can claim more agency in their lives, especially in settings when they are not given choices,” explained Jasmine, a 19-year-old who is pursuing a career in international relations. “On the internet, I feel I have lost that control.” 

The burden is often placed on parents to educate youth about online harms, such as cyberbullying, harassment, image sharing, and doxing (when people reveal private information about someone), according to Jasmine. However, many Generation Z parents were born before the widespread advent of the internet and email, and often lack access to training and learning tools about the types of cybersecurity threats their children may confront online. 

In fact, some parents contribute to the sharing of children’s personal information online—sharenting is the sharing of a minor’s information by a parent or caregiver.1 

Nicole, a 16-year-old interested in climate security and technology, said she believes user-friendly policies, laws, and regulations might lessen generational tensions around sharenting. Such measures would build greater trust and confidence in the technology many youths in the United States and other parts of the world use every day. 

Making cybersecurity more accessible

Achieving greater individual online privacy and security for future generations and advancing government and industry standards requires adopting approaches like the Zero Trust model as well as installing mandatory reporting and incident notification systems, according to Sravya, a 16-year-old interested in cybersecurity and the role of language in our cybersecurity understanding. The fellows also emphasized the need to create a shared discourse across generations about the interconnectedness of personal privacy, cybersecurity, and national security. 

Generation Z perspectives can inform cybersecurity policies

We hope you’ve enjoyed hearing these Generation Z perspectives from the Girl Security fellows. In addition to the Girl Security National Security Fellows Program, girls interested in security pathways can also be mentored through Girl Security’s nationwide e-mentoring program and learn from leading experts from Microsoft Security and across government, industry, and the social sectors. In addition, Girl Security hosts summer empowerment programs, learning and training webinars, and community-based programming, including the Girl Scout patch Finding Your Superpowers in Cybersecurity created in partnership with Microsoft and Girl Security.

The program was kicked off to help young students learn security fundamentals, but it turns out, we have as much to learn from them about the importance of online privacy when developing cybersecurity policies and programs. Happy Women’s History Month!

Next steps

Learn more about Girl Security initiatives and the Cybersecurity Superpowers program.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Sharenting: 5 Questions to Ask Before You Post, Claire McCarthy, MD, FAAP, American Academy of Pediatrics. November 20, 2019.

Disclaimer: The views expressed here are solely those of the author and do not represent the views of Microsoft Corporation.