As cyber threats grow in scale and sophistication, one principle remains constant: prevention is better than the cure. In the tech world, “secure by design” means integrating security from the beginning of software development. The same approach should apply to people. Rather than waiting until new hire orientation or after a data breach, cybersecurity education should begin in kindergarten.
Why Human Risk Management Isn’t Enough
Human Risk Management (HRM) is a rising trend in cybersecurity. It aims to proactively understand, measure, and reduce risk stemming from human behavior. Unlike traditional one-size-fits-all security awareness programs, HRM recognizes that people, not just systems, are a leading cause of cyber incidents.
But while HRM is more advanced than its predecessors, it remains fundamentally reactive. It addresses the reality that employees often enter the workforce with years of poor digital habits, personal exposure, and limited cybersecurity awareness. By the time formal training occurs, risky behaviors like clicking on phishing links, using weak passwords, failing to protect one’s digital privacy are already ingrained. In this light, HRM is like closing the barn door after the horse is out.
The Case for Early Cyber Education
Digital habits form early and carry lifelong consequences. Yet K–12 education in the U.S. still largely overlooks cybersecurity, particularly from the perspectives of digital resilience and digital wellness. As a result, children remain vulnerable to risks such as identity theft, cyberbullying, phishing, and online exploitation that can lead to long-term consequences including reputational damage, emotional distress, financial fraud, and increased vulnerability to future cyber threats.
A strong foundation in cyber resilience equips students with the ability to identify digital risks, respond calmly and effectively to online challenges, and adapt to a rapidly evolving digital landscape with confidence. Cyber wellness, by contrast, focuses on helping students develop safe, responsible, and emotionally healthy behaviors online. This includes understanding how to protect personal information, maintain healthy boundaries, make ethical choices, and navigate social interactions in ways that support their mental well-being.
Adam Levin, Founder, CyberScout and author of Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves, argues that both “cyber resilience” and “cyber wellness” should be foundational in childhood education. “Bullying, human trafficking, online exploitation, scams, and the collection of personal data can happen to young people the moment they go online,” says Levin. “As their digital footprint grows, their aggregated data can be found in countless databases and because breaches have become the third certainty in life behind death and taxes, their attackable surface expands exponentially.”
Even at age five, today’s digital natives are using tablets, educational apps, and interacting on social platforms. This is the perfect time to introduce basic cybersecurity concepts, setting the stage for deeper digital literacy and long-term resilience throughout their school years.
The Cost of Inaction
Cybersecurity experts consistently identify human behavior as one of the greatest vulnerabilities in any organization. While most employees want to do the right thing, many lack the knowledge or awareness to act securely. That’s because they were never taught or fully understand the ramifications of getting their data swiped.
Global cybercrime is expected to cost $10.5 trillion annually by 2025, according to Cybersecurity Ventures. The International Monetary Fund (IMF) estimates that figure will balloon to $23 trillion by 2027. These staggering sums don’t even factor in the emotional toll of cyberbullying, online exploitation, and digital manipulation.
What if the next generation entered the workforce with strong cyber instincts already in place? What if “cyber wellness” became muscle memory?
Early education in cybersecurity would help to reduce cybercrime, lower security spending, and create safer online environments for everyone.
Making Early Cyber Education a Reality
Turning this vision into reality requires three core elements:
- Age-appropriate, dynamic content – Curriculum should evolve with students, be engaging, and reflect current risks. Teachers and parents must also be equipped to reinforce these lessons.
- Ongoing delivery – A once-a-quarter class can be like firehose treatment and quickly forgotten. Consistent, bite-sized lessons throughout the year delivered via videos, games, team projects, or competitions help build lasting habits. Gamification can make learning fun and memorable.
- Curriculum integration – Given the constraints on school time and budgets, embedding cyber lessons into existing subjects is a practical solution. For example, students could learn safe AI use in a history project or explore online privacy in a health class.
Some communities are already leading the charge, working across school, district, and state levels to embed cyber education into the classroom.
A Model in Motion: Hackersjack and Belmont University
One promising initiative is Hackersjack, an EdTech company that is championing cybersecurity education in the U.S. and Australia. Hackersjack partners with schools and parents through an engaging online platform and curriculum built around four pillars:
- Cyber Safety – Protecting kids from threats like online exploitation, trafficking, and bullying.
- Cybersecurity & Privacy – Defending against malware, phishing, and data theft.
- Cyber Hygiene – Teaching secure online behavior, like strong passwords and device safety.
- Cyber Wellbeing – Promoting mental health and healthy digital habits.
Belmont University in Nashville, TN is also supporting early cyber education through community outreach, K-12 partnerships, and partnerships with innovators like Hackersjack to expand cybersecurity learning across Tennessee.
How You Can Help
Everyone has a role to play in this movement:
- Parents can use existing resources to teach their kids and advocate for school-based cyber education.
- Businesses can educate employees on personal cyber wellness and sponsor school programs as an investment in the future workforce.
- Cybersecurity professionals can volunteer to help schools develop and deliver curriculum.
- Policymakers can support legislation and funding for early cyber education.
- Entrepreneurs can create new tools, games, and platforms that teach kids how to stay safe online.
A national investment in early cybersecurity education could create a ripple effect of cyber resilience and cyber wellness that spans from classrooms to boardrooms, and would strengthen individuals, communities, businesses, and even national security.
So, what will you do to help the next generation grow up “secure by design?”
About the Authors
Paul Connelly is a Professor of Practice in Business Systems & Analytics at Belmont University and has more than twenty-eight years in the Chief Security Officer role at a Fortune 100 healthcare provider and at the White House.
Dr. Gary Garrison is a Professor and Department Chair for Business Systems & Analytics at the Jack C. Massey School of Business at Belmont University.
This article originally appeared on Paul Connelly’s Substack and was syndicated by MediaFeed.
