How the living room became cybersecurity's front line

Cybersecurity strategies are today more sophisticated than ever, yet organizations continue to overlook a crucial exposure: employees' families. As generative AI makes digital deception cheaper, faster and more convincing, the attack surface has expanded well beyond corporate networks into homes, kitchens and living rooms.

This matters urgently right now. The rapid adoption of generative AI has lowered the barrier to highly personalized attacks: cloned voices, realistic deepfake video messages, hyper-targeted phishing.

Generative AI-enabled fraud losses in the US alone could reach $40 billion by 2027, up from $12.3 billion in 2023, a compound annual growth rate of 32%, according to the Deloitte Center for Financial Services. At the same time, hybrid work has dissolved the boundary between corporate and home environments. A phishing link opened on a personal device, or sensitive information shared unknowingly within a household, can quickly become an organizational breach. Two groups sit at the heart of this vulnerability: children and older adults.

For children, cyber threats rarely resemble traditional attacks. They arrive as game invitations, peer-shared links or social media interactions, moments that test not just technical awareness but emotional judgment: curiosity, trust, the desire to belong. Yet structured digital safety education remains inconsistent, and children are accessing connected devices earlier than ever.

For older adults, the risks are largely financial and deeply personal. Phishing emails, fake tech-support calls, romance scams and AI-generated voice impersonations exploit trust and urgency. In 2025, losses reported to the FBI's Internet Crime Complaint Center from elder fraud exceeded $7.7 billion, a 37% increase over 2024, and that figure reflects only what was reported. Beyond the financial loss, the emotional toll of stress and eroded confidence can be lasting and severe.

In both cases, without intentional support, these groups are navigating digital environments that were never designed with their safety in mind.

Cyber awareness is still treated largely as a workplace requirement, a once-a-year training employees click through and forget. But digital risk does not begin or end at work. It evolves across an entire lifetime.

Building genuine resilience requires a shift: from one-off compliance exercises to continuous, practical learning that starts early and adapts with age.

For children, this means embedding simple habits into everyday life: questioning unfamiliar messages, understanding privacy, practicing respectful online behaviour. These instincts take root most naturally through stories, games and real-world examples, not abstract rules.

For older adults, learning must be practical, accessible and delivered through trusted settings: community centres and healthcare providers. Core skills include spotting scams, verifying requests and knowing who to call. But in an age of AI-generated content, emotional awareness matters just as much as technical literacy. Urgency, fear and excitement are deliberately used to manipulate.

Cyber resilience at home starts with conversation, not rules. Families need space to talk openly about the platforms they use, what they encounter online and how they feel about it. This builds trust and replaces blame with learning.

Some organizations are already going further, offering families of employees dedicated digital resilience workshops. From there, practical habits follow naturally. Using strong passwords, updating devices, pausing before responding to urgent messages: these actions become meaningful when people understand why they matter.

Intergenerational learning adds another layer. Children who receive digital safety education at school can help parents and grandparents stay current. Resilience becomes a shared household capability rather than an individual burden.

For business leaders and policymakers, this moment calls for a broader definition of what "human risk" actually means. The World Economic Forum's Global Cybersecurity Outlook consistently highlights the widening gap between organizations with strong cyber resilience and those falling behind. Closing that gap requires looking beyond corporate walls.

When work happens across home networks, the security perimeter must expand accordingly. The child on a gaming platform in the next room, or the older relative receiving a fraudulent call, can unintentionally create exposure that reaches into organizations. Research shows that in one-third of cyberattacks on C-suite executives, hackers gain entry through insecure home-office networks and that 42% of organizations have had a senior executive or a family member attacked in the past two years. The entry point is the home. This is not about transferring responsibility to families. It is about recognizing that cyber resilience is part of a wider social infrastructure.

Some governments have begun integrating online safety into school curricula, demonstrating that early intervention is both possible and effective. But comparable efforts for older adults remain limited, despite clear and growing evidence of risk.

Strengthening cyber resilience means investing not only in systems, but in people, starting where digital behaviour is formed every day. Homes, schools and communities are not outside the security perimeter. They are part of it. Critics may argue that household-level awareness cannot substitute for stronger platform regulation or industry accountability. That is fair. But the two are not mutually exclusive: individual resilience and systemic safeguards reinforce each other and neglecting one weakens the whole.

When families are equipped with practical skills, emotional awareness and the confidence to navigate digital risk, the entire ecosystem becomes more secure. Cybersecurity stops being a technical function and becomes a shared societal capability.

That future does not begin at the firewall. It begins long before it, in the living room.