Commissioned by the cyber authentication vendor Yubico and conducted by Talker Research, a survey looked at 18,000 employed adults across nine countries including the United Kingdom, Australia, France, Germany, India, Japan, Singapore, Sweden, and the United States. The survey covered’ cybersecurity habits in the workplace and personal lives. It also examined the dangers of weak security practices, and evaluated the growing concerns around emerging technologies like Artificial Intelligence (AI) and their implications for both organisational and individual security.
Ronnie Manning, chief brand advocate at Yubico said: “Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organisations appear slow to adopt security best practices. It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44 percent of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education, and action must go hand-in-hand.”
The survey found a growing disconnect between how security is perceived and actual cyber habits, particularly around password use and MFA (multi-factor authentication). At the same time, concern over AI-driven threats is rising, and trust in hardware-based authentication methods, like security keys and passkeys, is steadily increasing, especially in the UK and the US. Global findings include:
- 44 percent of all participants admitted to having interacted with a phishing message in the last year, an alarming indicator of continued vulnerability to social engineering attacks
- Gen Z stands out as the most susceptible demographic to phishing, with 62 percent reporting engagement (i.e. clicking a link, opening an attachment, etc.) with a phishing scam in the past year, significantly higher than other age groups
- 70 percent believe phishing attempts have become more successful due to the use of AI, and 78 percent believe they have become more sophisticated
- In fact, when shown a phishing email, 54 percent either believed it was an authentic message written by a human or were unsure
- Interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognise the phishing attempt (Gen Z 45 percent, millennials 47 percent, Gen X and baby boomers, both 46 percent), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI
- Only 48 percent of respondents said their company uses MFA across all apps and services, and 40 percent reported never having received cybersecurity training from their employer
- Despite low confidence in usernames and passwords (only 26 percent consider them to be the most secure), they remain the most common authentication method: used by 56 percent for work accounts and 60 percent for personal accounts
- 29 percent of respondents still don’t have MFA set up for their personal email accounts even though they are used to log in to their most critical online assets, including:
- Social media accounts (47 percent)
- Banking services (41 percent)
- Mobile phone carriers (34 percent)
When compared to last year’s 2024 Global State of Authentication survey from the firm, the 2025 edition reveals significant year-over-year shifts in user behaviour and perceptions across key markets. AI has emerged as a growing area of concern globally, with increases in apprehension about its potential to compromise the security of both personal and business accounts. In the UK, 61 per cent were concerned in 2024 compared with 81 percent in 2025. Meanwhile, confidence in authentication methods is growing, particularly in the use of hardware security keys and device bound passkeys. In the UK, 37 percent of respondents now believe these tools are the most secure authentication methods, up from 17 percent in 2024.
Manning added: “As cyber threats become more sophisticated, the good news is that the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world. Both individuals and organisations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”
Visit www.yubico.com.
