Are we stating the obvious? Either way: the answer is: “yes”, teens are over-confident. They’re not sufficiently aware of the online threats. Recent research shows that young people most often come into contact with phishing and are only able to recognise phishing messages in 41% of the cases. In other words, we have our work cut out to make young people more resilient in the field of cybersecurity.
Forms of cybercrime that affect young people
The Apestaartjaren survey shows that young people come into contact with different types of online scams. If we list the percentage of young people who’ve encountered cybercrime once or more, the top five look as follows:
- 38% Phishing
- 25% Pretexting and social media deception
- 17% Hacking
- 16% Unsolicited publication of photos and videos
- 13% Identity fraud
Most young people came into contact with phishing in the past year. It’s probably even more than indicated, but either they don't realise or they fall for it. In the performance test where young people were presented with eight situations involving phishing emails, text messages or social media posts, only 41% picked out the right answer.
Young people often receive messages intended for adults. Based on that content, they know a message is fake: they don't pay taxes yet, a fine can't be addressed to them. 'Context screening' is a strategy with an expiration date, of course.
When we ask young people what parents or teachers are afraid of, ‘scams’ scores highest. Followed by ‘talking to strangers’ and ‘nudes or sexting’. Young people find these concerns unnecessary. Cybersecurity seems to be a topic that concerns adults.
Digital armour: what online protection tools do young people use?
The tools or tricks they use to protect themselves online are certainly not wrong but there's room for improvement: 16% of young people say they don't use a specific strategy to protect themselves. The Apestaartjaren survey found that 65% say they choose a strong password themselves. 40% don't share sensitive information and 37% use different passwords. Less known or barely used are checking cookie and
spam
settings, two-step verification and surfing anonymously.
Safe password use should be put into perspective
More than two in three young people have already shared a password with someone else, usually parents (52%) but also friends (24%) or a sibling. 30% have never shared a password. From a security standpoint, sharing passwords is never a good idea, parents are able to monitor their children online in other ways.
Based on the percentage of young people using a strong password (65%), you'd think they have good ‘password hygiene’. Tests show otherwise:
- Young people overestimate the strength of passwords.
- They’re not always aware what makes a strong password: a large group struggles to generate or recognise a strong password.
- Two-factor authentication seems less used in practice (16% compared to 4%)
- Few young people use different passwords (37% in the survey). In practice, that only seems to involve a few different passwords.
2FA more important than strong passwords
Two-factor authentication is more important than a strong password. It simply provides more security in terms of cybersecurity. 2FA makes it more complex for hackers to hack your account.
75% of young people feels safe online
Teenagers generally feel safe online (75%, see chart) according to the quantitative research. Just as well because everyone should be able to surf carefree. When we asked about this that at the beginning of a workshop, they gave themselves 3.6/5. That number dropped at the end of the workshop. Young people seem less confident during a workshop on cybersecurity than when filling out a questionnaire on the same topic. The workshop shows that young people are sensitive to cybersecurity and we can make them even more resilient in that area.
In the making: cyber security workshop for teenagers
DNS Belgium is currently developing a cybersecurity training for secondary school students.
Are you interested in providing content for this or would your school like a test training in 2025?
Cybersecurity: part of the Apestaartjaren survey
- DNS Belgium has actively participated in the Apestaartjaren survey since 2023. We added an extra research section on ‘Cybersecurity’.
- This specific topic was surveyed among more than 1,000 secondary school students.
- In addition to extending the quantitative research, we also developed a field survey in collaboration with Mediaraven and Bibliothèques sans frontières. The reports of the French-language research will follow later this year.
- This qualitative research was done in workshop form. 20 classes and a total of 454 Flemish students were surveyed.
- Read the complete research report of Apestaartjaren (only available in Dutch) for more detailed information on both the quantitative and qualitative research.