Cybersecurity wakeup: Gen Z tops the list for falling for phishing attacks

Amid growing uncertainty around AI and a surge in cybersecurity breaches, Yubico – the leading provider of hardware authentication security keys – has released the findings of its annual Global State of Authentication survey, just in time for October’s Cybersecurity Awareness Month.

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across nine countries including the United Kingdom, Australia, France, Germany, India, Japan, Singapore, Sweden, and the United States. The survey explored individuals’ cybersecurity habits in both their workplace and personal lives. It also examined the dangers of weak security practices, and evaluated the growing concerns around emerging technologies like Artificial Intelligence (AI) and their implications for both organisational and individual security.

“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organisations appear slow to adopt security best practices,” said Ronnie Manning, chief brand advocate, Yubico. “It’s not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44 percent of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education, and action must go hand-in-hand.”

The survey revealed a growing disconnect between how security is perceived and what actual cybersecurity habits are, particularly around password use and MFA. At the same time, concern over AI-driven threats is rising sharply, and trust in hardware-based authentication methods, like security keys and passkeys, is steadily increasing, especially in the UK and the US.

Key global findings include:

• 44 percent of all participants admitted to having interacted with a phishing message in the last year, an alarming indicator of continued vulnerability to social engineering attacks
  • Gen Z stands out as the most susceptible demographic to phishing, with 62 percent reporting engagement (i.e. clicking a link, opening an attachment, etc.) with a phishing scam in the past year, significantly higher than other age groups
• 70 percent believe phishing attempts have become more successful due to the use of AI, and 78 percent believe they have become more sophisticated
• In fact, when shown a phishing email, 54 percent either believed it was an authentic message written by a human or were unsure
  • Interestingly, age did not seem to play a role in awareness, as there were no significant differences between generations in being able to correctly recognise the phishing attempt (Gen Z 45 percent, millennials 47 percent, Gen X and baby boomers, both 46 percent), highlighting the fact that no group is exempt from needing extra cyber-caution in the age of AI
• Only 48 percent of respondents said their company uses MFA across all apps and services, and 40 percent reported never having received cybersecurity training from their employer
• Despite low confidence in usernames and passwords (only 26 percent consider them to be the most secure), they remain the most common authentication method: used by 56 percent for work accounts and 60 percent for personal accounts
• 29 percent of respondents still don’t have MFA set up for their personal email accounts even though they are used to log in to their most critical online assets, including:
  • Social media accounts (47 percent)
  • Banking services (41 percent)
  • Mobile phone carriers (34 percent)

When compared to last year’s 2024 Global State of Authentication survey from Yubico, the 2025 edition reveals significant year-over-year shifts in user behaviour and perceptions across key markets.

• In France, one of the most remarkable developments was the sharp increase in the adoption of multi-factor authentication (MFA) for personal accounts
  • Usage jumped from 29 percent in 2024 to 71 percent in 2025, marking a 42-percentage point surge
  • This suggests a major improvement in personal cybersecurity practices among French users and growing acceptance of more secure login methods
• AI has emerged as a growing area of concern globally, with marked increases in apprehension about its potential to compromise the security of both personal and business accounts
  • Japan: 31 percent concerned in 2024 vs. 74 percent in 2025 (43 percentage point increase)
  • Sweden: 37 percent concerned in 2024 vs. 68 percent in 2025 (31 percentage point increase)
  • UK: 61 percent concerned in 2024 vs. 81 percent in 2025 (20 percentage point increase)
  • US: 61 percent concerned in 2024 vs. 77 percent in 2025 (16 percentage point increase)
• Meanwhile, confidence in advanced authentication methods is growing, particularly in the use of hardware security keys and device bound passkeys
  • In the UK, 37 percent of respondents now believe these tools are the most secure authentication methods, up from 17 percent in 2024, a 20-point increase
  • The U.S. reflected similar growth, with 34 percent identifying hardware security keys/passkeys as the most secure option, up from 18 percent last year (16-point increase)

“As cyber threats become more sophisticated, the good news is that the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world,” said Manning. “Both individuals and organisations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just “nice to have” and has quickly become essential for staying secure in our rapidly changing digital landscape.”

For more information about Yubico and our security solutions, visit www.yubico.com