Is Generation Z the weakest when it comes to cybersecurity?
That is the conclusion in a new report from Yubico highlights alarming issues with cybersecurity and phishing, in private life and at work.
The report outlines how we handle authentication and cybersecurity in our daily lives, both at work and in our personal lives. It’s based on 18,000 responses from working adults in nine countries.
The results are alarming. Nearly half of all participants, 44 percent, reported that in the past year, they had clicked on a link, opened an attachment, or otherwise followed a phishing message. Among the younger demographic, Generation Z, that number rises to 62 percent – significantly higher than in other age groups. Being born into the digital world doesn’t automatically make you cyber-secure. On the contrary, habits, behaviors, and perhaps overconfidence seem to play a role.
But the problem is broader than just one generation. When asked to assess a phishing email, 54 percent of respondents said they either believed it was genuine or were unsure. At the same time, only 48 percent said their company uses multi-factor authentication (MFA) for all apps and services. As many as 40 percent have never received any cybersecurity training at work.
Meanwhile, the threats are becoming more complex. Seventy-eight percent believe phishing attacks have become more sophisticated, and 70 percent think AI is making them even harder to detect. In Sweden, concern about AI’s impact on cybersecurity has nearly doubled in a single year – from 37% in 2024 to 68% in 2025.
👉 The conclusion is clear: there is a significant gap between awareness and action. Young people overestimate their ability. Companies and organizations recognize the risks, but many are lagging in implementing truly robust protections.
We know that phishing is not a hypothetical risk – it is part of everyday life for many. The question is not if the next attempt will appear, but when. Meeting this threat requires both technical safeguards, such as Yubico’s hardware security key, and continuous education, training, and exercises to strengthen the human firewall.
Check out these previous posts on cybersecurity work, cultural change, and which measures actually make a difference:
1. Why Technology Alone Won’t Save Us: The Human Firewall and Security Culture
2. Outsmarting the Hackers: Why Training Your People Is the Real Cyber Defense