Cybersecurity Wakeup: Gen Z Tops the List for Falling for Phishing Attacks

New survey from Yubico unveils a holistic picture of cybersecurity readiness across nine countries

Amid growing uncertainty around AI and a surge in cybersecurity breaches, Yubico (NASDAQ STOCKHOLM: YUBICO) – the creator of the most secure passkeys and leading provider of hardware authentication security keys – has released the findings of its annual Global State of Authentication survey, just in time for October’s Cybersecurity Awareness Month.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250930803982/en/

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across 9 countries including Australia, France, Germany, India, Japan, Singapore, Sweden, the United Kingdom, and the United States. The survey explored individuals’ cybersecurity habits in both their workplace and personal lives. It also examined the dangers of weak security practices, and evaluated the growing concerns around emerging technologies like Artificial Intelligence (AI) and their implications for both organizational and individual security.

“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices,” said Ronnie Manning, chief brand advocate, Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand.”

The survey revealed a growing disconnect between how secure is perceived and what actual cybersecurity habits are, particularly around password use and MFA. At the same time, concern over AI-driven threats is rising sharply, and trust in hardware-based authentication methods, like security keys and passkeys, is steadily increasing, especially in the UK and the US.

Key global findings include:

• 44% of all participants admitted to having interacted with a phishing message in the last year, an alarming indicator of continued vulnerability to social engineering attacks.
  • Gen Z stands out as the most susceptible demographic to phishing, with 62% reporting engagement (i.e. clicking a link, opening an attachment, etc.) with a phishing scam in the past year, significantly higher than other age groups.
• 70% believe phishing attempts have become more successful due to the use of AI, and 78% believe they have become more sophisticated.
• In fact, when shown a phishing email, 54% either believed it was an authentic message written by a human or were unsure.
  • Interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognize the phishing attempt (Gen Z 45%, millennials 47%, Gen X and baby boomers, both 46%), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI.
• Only 48% of respondents said their company uses MFA across all apps and services, and 40% reported never having received cybersecurity training from their employer.
• Despite low confidence in usernames and passwords (only 26% consider them to be the most secure), they remain the most common authentication method: used by 56% for work accounts and 60% for personal accounts.
• 29% of respondents still don’t have MFA set up for their personal email accounts even though they are used to login to their most critical online assets, including:
  • Social media accounts (47%)
  • Banking services (41%)
  • Mobile phone carriers (34%)

When compared to last year’s 2024 Global State of Authentication survey from Yubico, the 2025 edition reveals significant year-over-year shifts in user behavior and perceptions across key markets.

• In France, one of the most remarkable developments was the sharp increase in the adoption of multi-factor authentication (MFA) for personal accounts.
  • Usage jumped from 29% in 2024 to 71% in 2025, marking a 42-percentage point surge.
  • This suggests a major improvement in personal cybersecurity practices among French users and growing acceptance of more secure login methods.
• AI has emerged as a growing area of concern globally, with marked increases in apprehension about its potential to compromise the security of both personal and business accounts.
  • Japan: 31% concerned in 2024 vs. 74% in 2025 (43 percentage point increase).
  • Sweden: 37% concerned in 2024 vs. 68% in 2025 (31 percentage point increase).
  • UK: 61% concerned in 2024 vs. 81% in 2025 (20 percentage point increase).
  • US: 61% concerned in 2024 vs. 77% in 2025 (16 percentage point increase).
• Meanwhile, confidence in advanced authentication methods is growing, particularly in the use of hardware security keys and device bound passkeys.
  • In the UK, 37% of respondents now believe these tools are the most secure authentication methods, up from 17% in 2024, a 20-point increase.
  • The U.S. reflected similar growth, with 34% identifying hardware security keys/passkeys as the most secure option, up from 18% last year (16-point increase).

“As cyber threats become more sophisticated, the good news is the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” said Manning. “Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”

To explore the full survey results and discover practical recommendations, download the detailed report overview here, view the infographic here, and read our in-depth blog post here. For more information about Yubico and our security solutions, visit www.yubico.com

About Yubico

Yubico (Nasdaq Stockholm: YUBICO) is a modern cybersecurity company on a mission to make the internet safer for everyone. As the inventor of the YubiKey, we set the gold standard for modern phishing-resistant, hardware-backed authentication, stopping account takeovers and making secure login simple.

Since 2007, we’ve helped shape global authentication standards, co-created FIDO2, WebAuthn, and FIDO U2F, and introduced the original passkey. Today, our passkey technology secures people and organizations in over 160 countries—transforming how digital identity is protected from onboarding to account recovery.

Trusted by the world’s most security-conscious brands, governments, and institutions, YubiKeys work out of the box with hundreds of apps and services, delivering fast, passwordless access without friction or compromise.

We believe strong security should never be out of reach. Through our philanthropic initiative, Secure it Forward, we donate YubiKeys to nonprofits supporting at-risk communities.

Dual-headquartered in Stockholm, Sweden and Santa Clara, California, Yubico is proud to be recognized as one of TIME’s 100 Most Influential Companies and Fast Company’s Most Innovative Companies. Learn more at www.yubico.com.

*This survey polled 2,000 employed adults from each of the following countries: United States, United Kingdom, Australia, India, Japan, Singapore, France, Germany and Sweden. This random double-opt-in survey was conducted by market research company Talker Research, whose team members are members of the Market Research Society (MRS) and the European Society for Opinion and Marketing Research (ESOMAR), and was conducted between Aug. 15 and Aug. 27, 2025.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250930803982/en/