A survey from Yubico reveals that phishing emails have become increasingly sophisticated, making it difficult for users to distinguish genuine messages from fraudulent ones. The research highlights critical vulnerabilities in both personal and corporate security practices.
The study found that 44% of respondents had interacted with at least one phishing message in the past year. More than half of the participants either believed a phishing attempt was authentic or were uncertain, underscoring the effectiveness of attackers’ psychological manipulation techniques.
Generational vulnerability and recognition challenges
The analysis exposed specific generational vulnerabilities, with Gen Z being the most susceptible. Approximately 62% of these younger users engaged with a phishing scam over the last year, a significantly higher rate than other age groups. However, the difficulty in recognizing phishing attempts was consistent across all generations, indicating that the challenge is universal.
“Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices.”
said Ronnie Manning, Yubico’s chief brand advocate.
Outdated security practices remain common
The research showed that current authentication methods are often outdated. Usernames and passwords continue to be the primary method for securing both personal and professional accounts, despite their known weaknesses.
Corporate security environments also show significant gaps. Less than half of companies have implemented multi-factor authentication (MFA) across all their applications, and 40% of employees reported receiving no cybersecurity training at all. Personal email accounts, which often act as a gateway to other critical services, are similarly vulnerable, with nearly one-third of users not using MFA.
Regional progress and modern authentication methods
Some regions are showing notable improvements. In France, the adoption of MFA for personal accounts surged from 29% in 2024 to 71% in 2025. In Japan and Sweden, concerns about the risks associated with artificial intelligence more than doubled in a single year.
Advanced authentication methods like hardware-based security keys and passkeys are also gaining traction. Users in the United Kingdom and the United States reported growing confidence in these more sophisticated security technologies.
“Modern MFA is clearly no longer just ‘nice to have’ and has quickly become essential,” Manning emphasized. The gradual adoption of phishing-resistant authentication methods offers a way to counteract evolving digital threats, but a significant gap between security awareness and actual implementation persists.
