We Need to Start Teaching Young Children About Cybersecurity

Cyberattacks are nothing new, but the extent to which children are increasingly being targeted is less understood.

This article first appeared in the World Economic Forum on March 2, 2020.

There are basic lessons children need to learn early in life to ensure their safety. Look both ways before crossing the street. Wear seatbelts. Avoid talking to strangers.

It’s time to add another to the list: Beware hackers and cyber creeps.

In this era of rapid technological advancement, children need to immerse themselves in technology at a young age in order to start learning the skills they will use throughout their lives.

But they also need to be warned about the risks that accompany all those cool smartphone and computer applications. All too often, that isn’t happening.

Elementary school teachers should include these cybersecurity basics in their everyday curricula. At a minimum, every young child should know how to keep their information private, to refrain from responding to strangers and to report anything unusual to an adult. Today, many don’t.

Cyberattacks are nothing new, of course. But what is less understood is the extent to which children increasingly are being targeted. About one in four youth in the US will experience identity theft or fraud before they reach the age of 18, according to a 2019 estimate by the consumer credit reporting company Experian. Fraudsters are targeting their clean credit histories and, increasingly, their virtual wallets.

What’s more, about one in five American young people experience unwanted online exposure to sexually explicit material, while one in nine experience online sexual solicitation, according to a recent study published in the Journal of Adolescent Health.

The main reason hackers and online fraudsters focus on youth is because children have easy access to the internet and smartphone apps and only minimal knowledge of the risks. Nearly half of American children ages three and four use the internet from their home, according to the National Center of Education Statistics.

Voluntary programmes in the US and elsewhere teach cyber literacy in greater depth than most national standards require. They range from cyber summer camps and national competitions to education modules for teachers to use in the classroom. But many are designed primarily for middle school and high school students. In Israel, for example, the Cyber Education Center’s Magshimim programme teaches high school students computer programming skills and how to mitigate different types of cyberattacks.

A handful of voluntary programmes provide online safety resources for elementary school students, beginning in kindergarten. Through its National Integrated Cyber Education Research Center (NICERC), the Department of Homeland Security offers free full-year K-12 STEM and cybersecurity courses to teachers and school districts. The Air Force Association’s national CyberPatriot education programme offers free teaching modules like “security showdown” to teach kindergarteners what information is safe to share with strangers online, and publishes children’s books like “Sarah the Cyber Hero.”

Kids can absorb this information like sponges. In just one day, through its CyberFirst initiative, the UK's National Cyber Security Centre teaches children as young as 11 how to avoid the most common passwords, what information is collected every time they use social media, and how to track down “patient zero” when a cyberattack hits.

But such programmes, helpful though they are, don’t reach millions of primary school students already at risk of becoming cyber victims.

As a cybersecurity expert, I prepare people for worst-case scenarios - and over the years, I have seen many of them materialize. Cyberattacks are today’s greatest threats to businesses, governments and societies. Every time technological innovations redefine what is possible, they simultaneously create new, unpredictable and interlinked vulnerabilities.

The combination of technological advances, higher interconnectivity and delays in cyber awareness permits global cyberattacks to spread like contagions. Targets are bigger than ever before and are leaving broader collateral damage.

Cyberattacks are no longer just concerns for companies and governments. Over the summer, a series of attacks on school district systems prompted Louisiana governor John Bel Edwards to declare a statewide emergency.

It doesn’t have to be this way. As teachers incorporate more online educational tools into their curricula and parents permit children to play with online apps, they can simultaneously teach students of all ages basic cybersecurity skills and encourage them to become cybersecurity experts themselves. Children can be equipped to protect themselves from cyberthreats automatically, just like they look both ways before crossing the street.

Kids can soak up basic cybersecurity skills as rapidly as they pick up new technologies. We owe it to them to make that possible.

Paul Mee

Partner, Oliver Wyman

Paul Mee is a partner at Oliver Wyman and the firm’s Cyber Platform lead. He leads the Oliver Wyman Forum’s team focused on enabling industries, governments, and societies to tackle increasingly unpredictable and escalating cyberattacks in a more digitized and interconnected world.