What drives generation Z to behave security compliant? An extended analysis using the theory of planned behaviour

Cyber security remains a relevant topic for organisations. While companies invest in expensive security tools security awareness training often is neglected, even though human error still accounts for a large part of cyber incidents (Gartner, 2022). At the same time there is currently an important generational shift, as Generation Z (Gen Z) is starting to enter the workforce and is said to be soon overtaking millennials. However, Gen Z is said to experience a lot more security related issues compared to older generations. This paper aims to understand and analyse security behaviour for Gen Z by using the theory of planned behaviour to understand what influences the security behaviour of this generation. The theory of planned behaviour has been often utilised in previous research to understand how security behaviour is formed and how it can be influenced, however, it has not yet been researched in the context of Gen Z. The results conclude that Gen Z has a rather indifferent attitude towards security and generally values convenience much more than security. This can be led back to the lack of security awareness education as opposed to older generations that often experienced a training in the work environment. Gen Z is highly influenced by their environment; therefore, a company should strive to create a security culture. Lastly, Gen Z experiences a low perceived behavioural control, as they feel a lack of control regarding to the internet and lack education how to behave more secure. This gap could be closed by providing a suitable security awareness training.