Yubico survey reveals gaps in MFA adoption, training, and readiness ahead of Cybersecurity Awareness Month
MELBOURNE – Australia is lagging behind other nations in cybersecurity readiness, with AI-driven phishing attacks posing an escalating threat, according to Yubico’s Global State of Authentication Survey 2025.
The survey, conducted by Talker Research across nine countries with 18,000 respondents — including 2,000 in Australia — found that 46% of Australians interacted with a phishing message in the past year. Even more concerning, Gen Z emerged as the most vulnerable group, with 62% admitting engagement with phishing scams.
“Individuals are complacent about securing their own online accounts, and Australian organisations appear slow to adopt security best practices,” said Geoff Schomburgk, Vice President for Asia Pacific and Japan at Yubico. “It’s not surprising that phishing is one of the easiest ways for hackers to gain access — 46% of Australians said they have interacted with a phishing message in the last year. We must close the gap with phishing-resistant authentication, education and action.”
“Our survey revealed a glaring disconnect between awareness and action.” – Geoff Schomburgk, VP APJ, Yubico
AI fuels more convincing phishing
Nearly 73% of Australians believe AI has made phishing attempts more successful, while 82% say the attacks have grown more sophisticated. Among those tricked, 24% gave away email addresses, 21% disclosed full names, and 18% shared phone numbers — leaving individuals and businesses open to further compromise.
Workplace security gaps widen
Despite 79% of Australians believing their organisation’s security options are secure, the survey found:
- Only 55% of companies use MFA across all apps and services.
- 41% of employees have never received cybersecurity training.
- 31% of Australians lack MFA for personal email, even though these accounts often link to banking, telecom, and online retailers.
Passwords remain the default despite low confidence — 56% still use them for work accounts and 57% for personal ones.
Call for stronger authentication
Yubico stressed that device-bound passkeys and modern MFA solutions like YubiKeys are critical to strengthening defences. Adoption, however, remains low in Australia.
“As cyber threats become more sophisticated, the survey reveals that awareness of stronger authentication methods is rising, but adoption is still lagging,” Schomburgk added. “Modern MFA is no longer optional — it is essential for securing the digital future.”
Yubico’s findings arrive ahead of Cybersecurity Awareness Month this October, serving as a timely reminder for individuals and organisations to close the gap between awareness and action.