Viral but Vulnerable: The Hidden Risks of Cybersecurity Misinformation on Social Media

It's no surprise that 18–29-year-olds are turning to social media for cybersecurity information. As digital natives, this age group naturally gravitates toward platforms where information is fast, accessible, and constantly updated.

But how effectively are they absorbing these short snippets—and are they likely to share it forward? More importantly, what happens if that cybersecurity information is inaccurate? 

How do people consume cybersecurity information? 

In our recent report, “Cybersecurity Information Sharing as an Element of Sustainable Security Culture”, Dr. William Seymour, Lecturer in Cybersecurity at King’s College London and I found that while employers remain a key source of cybersecurity information across all age groups, respondents also frequently relied on:

• social media (age group 18–29)
• websites (age group 30-39 and 60-69)
• direct sharing (age group 40-49)
• broadcasts and podcasts (age group 50-59) as additional sources of information

One conclusion from this research was that onward sharing of cyber information amongst colleagues, family and friends is a positive cyber habit that creates a strong security culture at work and at home. But one thing we do not address is what happens when even those with the best intentions end up spreading false or harmful advice.

Social Media Pitfalls: Misinformation at Your Fingertips

From the nature of the content to gaps in regulation, multiple factors contribute to cybersecurity misinformation on social media platforms like Instagram, TikTok, and even LinkedIn:

• Oversimplified Content: The complex nature of cybersecurity topics often requires detailed explanations. However, social media content tends to be brief and may oversimplify critical issues, leading to misunderstandings about essential security measures

• Echo Chambers and Algorithm Bias: Social media algorithms often curate content that aligns with a user's existing beliefs and interests. This can create echo chambers, limiting exposure to diverse viewpoints and comprehensive cybersecurity information

• Exposure to Fraudulent Schemes: The interactive nature of social media makes it a fertile ground for scams. Cybercriminals exploit these platforms to disseminate phishing attacks, impersonate trusted entities, and lure users into providing sensitive information

• Limited Source Credibility: Unlike established cybersecurity organizations, social media allows anyone to present themselves as experts. This lack of regulation can make it difficult for users to discern credible advice from unverified claims

• Absence of Oversight: Traditional media and official cybersecurity sources are subject to editorial standards and fact-checking. In contrast, social media lacks consistent oversight, allowing misinformation to spread with minimal repercussions for the originators
  
  
• Prioritization of Virality Over Accuracy: Social media trends can overshadow essential cybersecurity best practices. Users might adopt popular but ineffective security "hacks" instead of adhering to proven protective measures. A notable example of this in 2024 was the “Goodbye Meta AI” Copypasta, where over 600,000 Facebook and Instagram users shared a viral post claiming it would block Meta from using their data for AI training. Though harmless on the surface, engaging with such hoaxes can make users more visible to hackers, increasing the risk of targeted attacks.

Stay Informed, Stay Skeptical

However, this is not to say that social media should be avoided as a tool for sharing cybersecurity information completely. If used correctly, it is an effective platform that can help raise widespread awareness of critical incidents and events—but it must be treated with caution.

I would urge users to view everything with an element of skepticism. Question the source, question the intent, and always verify before sharing or acting on any information. If a video, story or article strikes a chord, I would even urge social media users to look for legitimate sources that offer differing perspectives on the topic. 

By acknowledging our own biases and approaching online information with a critical mindset, we can safeguard ourselves from unknowingly contributing to the spread of misinformation online. 

Empowering Employees Against Cyber Misinformation

Social media is here to stay, and as younger generations increasingly turn to these platforms for cybersecurity information, it’s essential they do so with a critical eye. Employers can play a vital role by providing training, tools, and trusted resources to help employees identify misinformation. By offering additional channels for accurate information such as workplace training, employers empower their workforce to navigate the digital landscape securely, making informed decisions and reducing the spread of harmful content.

The internet is full of surprises, but don’t let misinformation catch you off guard—remain vigilant and always verify.