Amid growing uncertainty around Artificial Intelligence (AI) and a surge in cybersecurity breaches, Yubico, the leading provider of hardware authentication security keys, has released the findings of its annual Global State of Authentication survey, ahead of October’s Cybersecurity Awareness Month.

Commissioned by Yubico and conducted by Talker Research, the survey gathered insights from 18,000 employed adults across nine countries, including 2000 from Australia, as well as France, Germany, India, Japan, Singapore, Sweden, the United Kingdom and the United States. 

The survey explored individuals’ cybersecurity habits in both their work and personal lives. It also examined the dangers of weak security practices and evaluated the growing concerns surrounding AI, as well as its implications for security at work and at home.

The research revealed a growing disconnect between how security is perceived and actual cybersecurity habits, particularly in areas such as password use, Multi-Factor Authentication (MFA), and passkeys.

“Our survey revealed a glaring disconnect between awareness and action. Individuals are complacent about securing their own online accounts, and Australian organisations appear to be slow to adopt security best practices,” said Geoff Schomburgk, vice president for Asia Pacific and Japan at Yubico.

“It’s not surprising that phishing is one of the easiest ways for hackers to gain access and 46% of Australian respondents said they have interacted with a phishing message in the last year. We must close the gap with strong, phishing-resistant authentication, education and action.”

Phishing is turbocharged by the rise in AI

Nearly three-quarters (73%) of Australians believe that phishing attempts have become more successful due to the use of AI, and 82% believe they have become more sophisticated as a result of AI use.

Of great concern is that of the Australians who were fooled by phishing messages, 24% disclosed email addresses, 21% gave full names, and 18% gave their phone numbers, leaving both individuals and businesses exposed to further cyber threats.

Australian organisations under pressure to step up

While most Australians (79%) believe their organisation’s security options are secure, only 55% say their company uses MFA across all apps and services. In addition, 41% of employees report not receiving cybersecurity training at work, leaving significant gaps in organisational defences.

Key Australian findings include: 

• 46% of Australians admitted to having interacted with a phishing message in the last year, an alarming indicator of continued vulnerability to social engineering attacks.
  
  
• Gen Z stands out as the most susceptible demographic to phishing, with 62% reporting engagement (i.e. clicking a link, opening an attachment, etc.) with a phishing scam in the past year, which is much higher than other age groups.
  
  
• In fact, when shown a phishing email, 54% either believed it was an authentic message written by a human or were unsure. 35% of Australians said they believed the message came from a real, trusted source.
  
  
• Only 55% of Australians said their company uses MFA across all apps and services, and 41% of Australians reported never having received cybersecurity training from their employer.
  
  
• Despite low confidence in usernames and passwords (only 24% of Australians consider them the most secure), they remain the most common authentication method, used by 56% of Australians for work accounts and 57% for personal accounts.
  
  
• After Australian respondents realised they were successfully tricked into interacting with a phishing message, only 15% started using MFA and only 18% reported the situation to someone at work. 
  
  
• 31% of Australians still don’t have MFA set up for their personal email accounts, even though they are used to logging into their most critical online assets, including:

1. Social media (53%)
2. Banking (47%)
3. Mobile phone carrier (37%)
4. Online retailers (32%).

“As cyber threats become more sophisticated, the good news is that the survey reveals that awareness of stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, is increasing, but adoption is still low in Australia,” said Schomburgk.

“Both individuals and organisations have the power to protect themselves by adopting these phishing-resistant solutions today,”

“Modern MFA is clearly no longer just a nice-to-have and has quickly become essential for staying secure in our rapidly changing digital landscape.” he said.

Explore the full survey results, practical recommendations, infographic, and a video message from the Vice President for Asia Pacific and Japan here.