Governments can rewrite cyber risk narratives by turning primary schools into cost-effective incubators of resilient, skilled defenders and AI-resilient workforces.

In today’s digital age, children and teenagers spend considerable time online — whether on social media platforms, streaming services, or multiplayer gaming. Although these activities offer connectivity and entertainment, they also expose young users to cybersecurity risks such as phishing, malware, identity theft, and privacy invasions.

With such digital natives already exposed to the entire spectrum of digital benefits and risks, would it be appropriate for them to be formally schooled about cybersecurity from the outset?

The CybersecAsia.net team recently interviewed Mick Baccio, Global Security Strategist, Splunk, who took the opportunity to share his thoughts and ideas on why cybersecurity education in schools is a vital long-term strategy that governments should urgently adopt to strengthen national defenses.

Inculcating lifelong cyber awareness

Baccio stressed that early education on digital safety is essential, highlighting that the way young people consume and interact with information today is vastly different from that of the previous generations, making tailored cybersecurity education critical.

He advocates introducing cybersecurity concepts starting in primary school:

  • Students can begin with simple yet powerful lessons such as creating strong, unique passwords, enabling multi-factor authentication (MFA) on their accounts, recognizing suspicious emails or messages, and understanding how to protect their personal data.
  • By instilling these habits early, educators can train children to form a security-conscious mindset that they carry into adulthood, potentially spreading the benefits to their families and communities.

Comparing the cultivation of  good cyber hygiene to adopting a healthy lifestyle, Baccio noted: “You start eating better at home. You start working out. The same applies for a good cyber life.” Just as repeated healthy choices build physical resilience, consistent cybersecurity practices create digital resilience.

Once cybersecurity habits become second nature, the young digerati are much harder targets for cybercriminals.

Reinforcing cyber-awareness at the national level
In addition to integrating cybersecurity awareness into early educational curriculums, governments can reinforce the training by supporting year-round national cyber literacy campaigns. This is a proactive approach that addresses vulnerabilities at the root: by empowering the population with knowledge and practical skills from an early age.

Baccio cited some public-awareness initiatives by National Cybersecurity Alliance in the USA. “The theme is to be more secure online and to be stronger online. For example, educating citizens on basic aspects like using multi-factor authentication and strong password hygiene would make individuals phishing resistant. In the long term there would be no more account take over or at least it would be reduced drastically.”

Addressing human capital and resource constraints

While the urgency for cybersecurity talent pools is universal, governments worldwide face varying budget constraints and resource challenges. Baccio likened cybersecurity investment to personal health: “You’re supposed to drink water, eat green, exercise — if you don’t, your body reflects that,” he said. “Similarly, neglecting core cybersecurity basics leaves systems exposed and vulnerable to attack.”

So, governments can prioritize affordable, high-impact practices first — such as enforcing MFA usage, regularly patching software and operating systems, and segmenting networks to limit potential breaches — before investing in highly specialized or expensive solutions. These foundational measures are proven, accessible, and form the backbone of any strong security posture, he said.

Investing in human capital is equally important. An educated population trained in cybersecurity fundamentals reduces preventable security incidents and lessens government response burdens. “An educated population means fewer basic errors that lead to large-scale compromises. The long-term benefits include lower incident costs, reduced downtime, and enhanced public trust in digital government services.”

Recognizing that one size does not fit all, Baccio is urging governments to build flexible strategies tailored to their maturity level and local conditions. “The basics are the same everywhere,” he observed, “but after that, each environment requires customized solutions that best fit their threat landscape and operational needs.”

Technical defenses benefit from cyber-educated workers

Among the many cyber threats governments face, Baccio singles out ransomware as a particularly insidious and underestimated scourge. Often dismissed as a typical business email compromise, ransomware generates billions in fraudulent payments annually and disrupts critical services worldwide — from local governments to healthcare providers, Baccio said.

The ever-growing ransomware landscape demands a comprehensive approach rooted in both technology and human cyber awareness. Baccio emphasized that technical defenses such as regular data backups, network segmentation, and detection systems must be paired with extensive user education to recognize suspicious activity and avoid falling victim. This cyber education, when started from early schooling years, will prepare people even more effectively. More broadly, Baccio stressed that no cyber threat should be ignored or deprioritized. Every attack vector — from phishing to insider threats — poses risks that compound the overall threat landscape.

Governments need to adopt multi-layered defense strategies supported by an informed populace to effectively safeguard digital infrastructure. Education, he argued, is the first line of defense and the foundation upon which technical defenses rely. “Empowered citizens make stronger governments. By embedding cybersecurity knowledge deeply into societies starting from school curriculums, governments take an important step toward a safer digital future.”