SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic human hand opening steel lock on keyboard with phishing hook nearby symbolizing online security threats
#
MFA
#
Phishing
#
Advanced Persistent Threat Protection

AI drives surge in phishing as UK sees rise in secure logins

Tue, 30th Sep 2025
Author image
By Melvin Hipolito, Editor

Research from Yubico's 2025 Global State of Authentication survey reveals significant trends and concerns in cybersecurity habits and readiness across nine countries.

Survey scope

The report, conducted by Talker Research and commissioned by Yubico, collected responses from 18,000 employed adults, with 2,000 each representing Australia, India, Japan, Singapore, France, Germany, Sweden, the United Kingdom and the United States. The survey explored cybersecurity behaviours both at work and in personal life, with a focus on password use, authentication practices, and the perceived impact of emerging technologies such as artificial intelligence (AI).

Complacency and breach risk

"Our survey revealed a disconnect. Individuals are complacent about securing their own online accounts, and organizations appear slow to adopt security best practices," said Ronnie Manning, chief brand advocate, Yubico. "It's not surprising that phishing continues to be one of the easiest ways for hackers to get in, and in fact 44% of survey respondents said they have interacted with a phishing message in the last year. To close the gap, strong, phishing-resistant authentication, education and action must go hand-in-hand."

The survey found that 44% of global participants admitted to engaging with phishing communications in the past year, which includes actions such as clicking links or opening attachments. The report highlighted Gen Z as the most affected demographic, with 62% indicating interaction with phishing scams-substantially higher than older groups.

AI concerns growing

There is widespread belief that AI is driving the sophistication and success rate of phishing attempts; 70% of respondents stated phishing attacks have become more successful with the use of AI, and 78% believe the attacks themselves are becoming more sophisticated. When presented with an example phishing email, 54% of those surveyed either mistook it for a genuine message or were uncertain of its legitimacy.

Despite Gen Z reporting the highest engagement with phishing scams, the ability to accurately recognise phishing did not differ significantly by age: Gen Z (45%), millennials (47%), Gen X and baby boomers (both 46%) were equally able to identify such threats, showing the universal need for improved awareness.

Authentication and training gaps

The data reveals gaps in organisational security practices. Only 48% of respondents said their company uses multi-factor authentication (MFA) across all business applications and services, and 40% reported never having received cybersecurity training at work.

In spite of low confidence in the effectiveness of usernames and passwords-just 26% viewed them as "most secure"-they remain the most common method of authentication, used by 56% for professional and 60% for personal accounts. Furthermore, 29% have not enabled MFA for their personal email, which is often the gateway to other critical services such as social media (47%), banking (41%), and mobile phone accounts (34%).

International perspectives and changes

The report reveals notable shifts in behaviour and attitudes from previous surveys. In France, there was a marked increase in personal MFA usage, rising from 29% in 2024 to 71% in 2025. Levels of concern about AI compromising account security also grew: Japan (31% in 2024 to 74% in 2025), Sweden (37% to 68%), the UK (61% to 81%), and the US (61% to 77%).

Confidence in physical authentication methods is increasing, particularly in the UK and US. In the UK, 37% now view hardware security keys and passkeys as the most secure options, compared to 17% last year. The figure for the US rose to 34% from 18% over the same period.

View from Yubico

"As cyber threats become more sophisticated, the good news is the survey reveals that stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, are gaining momentum around the world," said Manning. "Both individuals and organizations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a 'nice to have' and has quickly become essential for staying secure in our rapidly changing digital landscape."
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Asimily boosts Cisco ISE with new device microsegmentation
Deepfake boom fuels relentless wave of celebrity scams
European privacy teams warn of cuts amid rising risks
Ofcom probes X over Grok deepfake sexual imagery risk
Phishing services drive 389% surge in account breaches

Top stories

Rubrik unveils sovereign cloud to keep sensitive data local
Executive-level CISO titles surge amid rising scope strain
UK unveils Software Security Ambassadors to push new code
Dun & Bradstreet outlines seven key compliance trends
Cyb3r Operations raises $5.4m to tackle cyber risk