Yubico

41% of respondents use personal email accounts lacking MFA to log in to banking services.

When shown a phishing email, 54% of respondents either believed it was an authentic message written by a human or were unsure.

In the UK, concern about AI compromising security increased from 61% in 2024 to 81% in 2025 (a 20 percentage point increase).

In the US, concern about AI compromising security increased from 61% in 2024 to 77% in 2025 (a 16-point increase).

Only 48% of respondents said their company uses Multi-Factor Authentication (MFA) across all apps and services.

Usernames and passwords are used by 60% of respondents as an authentication method for personal accounts.

The percentage of respondents who could correctly recognize a phishing attempt was similar across generations: Gen Z - 45%, Millennials - 47%, Gen X and baby boomers - 46% (both groups).

70% of respondents believe phishing attempts have become more successful due to the use of AI.

78% of respondents believe phishing attempts have become more sophisticated due to the use of AI.

In Japan, concern about AI compromising security increased from 31% in 2024 to 74% in 2025 (a 43 percentage point increase).

44% of all participants admitted to having interacted with a phishing message in the last year.

In Sweden, concern about AI compromising security increased from 37% in 2024 to 68% in 2025 (a 31 percentage point increase).

Only 26% of respondents consider usernames and passwords to be the most secure authentication method.

Gen Z is the most susceptible demographic to phishing, with 62% reporting engagement (e.g., clicking a link or opening an attachment) with a phishing scam in the past year.

29% of respondents still do not have MFA set up for their personal email accounts.

47% of respondents use personal email accounts lacking MFA to log in to social media accounts.

34% of respondents use personal email accounts lacking MFA to log in to mobile phone carriers.

In the UK, 37% of respondents believe hardware security keys and device-bound passkeys are the most secure authentication methods, up from 17% in 2024 (a 20-point increase).

In the US, 34% of respondents identify hardware security keys/passkeys as the most secure option, up from 18% last year (a 16-point increase)

40% of respondents reported never having received cybersecurity training from their employer.

Usernames and passwords are used by 56% of respondents as an authentication method for work accounts.

In France, the adoption of MFA for personal accounts surged from 29% in 2024 to 71% in 2025, marking a 42-percentage point increase.

70% of Seattleites use Multi-Factor Authentication (MFA).

19% of people in Los Angeles only change their passwords when prompted or after experiencing a security incident.

64% of San Franciscans set up passkeys whenever available.

62% of Washington, D.C. area residents set up passkeys to protect their online accounts.

67% of San Franciscans use MFA.

62% of consumers in Atlanta actively turn on MFA when available.

61% of New Yorkers set up passkeys to protect their online accounts.

A majority (62%) of people feel confident they can spot a phishing attack.

39% of respondents reported experiencing a cybersecurity incident in the last year.

Over 64% of people are turning on MFA. However, most are still using less secure methods like text message codes

50% of people in Denver are among the most likely to use the same password for multiple accounts.

11% of people in Denver admit to not using any specific security methods beyond basic passwords.

Only 3% of Americans believed in using a hardware security key as the most secure method, despite it being considered the most effective tool to stop phishing.

22% of consumers believe that strong, unique passwords are the most secure method.

A surprising 13% of all respondents admitted to using their pet's name for a password.

42% of people in Washington, D.C., are worried about their financial institutions being hacked.

Nearly half of Americans (48%) are still stuck using the same password for multiple online accounts.

Nearly half of Americans (48%) are still stuck using the same password for multiple online accounts.