SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Australian home office laptop suspicious email concerned person threat icons
#
MFA
#
Phishing
#
Advanced Persistent Threat Protection

Australians lag in AI-era cyber security as phishing surges

Tue, 30th Sep 2025
Author image
By Melania Watson, Interview Editor

Yubico has released survey findings indicating Australians' growing cybersecurity concerns as artificial intelligence contributes to an increase in phishing attacks.

The company's Global State of Authentication survey, conducted by Talker Research, involved 18,000 employed adults across nine countries, including 2,000 from Australia. The research centred on cybersecurity habits in personal and work settings, the risks linked with weak security practices, and apprehensions about AI's impact on security.

Australian readiness in cybersecurity was found to lag behind other nations, with the survey uncovering a clear disparity between perceived and actual security behaviours. Areas such as password use, Multi-Factor Authentication (MFA), and the adoption of passkeys revealed significant weaknesses.

"Our survey revealed a glaring disconnect between awareness and action. Individuals are complacent about securing their own online accounts, and Australian organisations appear to be slow to adopt security best practices," said Geoff Schomburgk, Vice President for Asia Pacific and Japan at Yubico. "It's not surprising that phishing is one of the easiest ways for hackers to gain access and 46% of Australian respondents said they have interacted with a phishing message in the last year. We must close the gap with strong, phishing-resistant authentication, education and action."

The findings show that a significant portion of the population recognises the increased risk due to AI, with nearly three in four Australians (73%) perceiving phishing attempts as more successful with AI use. Even more, 82%, state that these attacks have grown more sophisticated. The survey identified notable vulnerabilities; among those misled by phishing messages, 24% disclosed their email addresses, 21% their full names, and 18% their phone numbers.

Phishing and AI

Phishing messages, frequently used in social engineering attacks, have become prevalent, with 46% of Australians admitting to interacting with at least one such message in the past year. Younger generations, particularly Gen Z, reported the highest susceptibility, with 62% saying they engaged with phishing scams within the previous year. When presented with a simulated phishing email, 54% of Australians either believed it was an authentic human-written message or were unsure, and 35% accepted it as coming from a genuine, trusted source.

The survey also addressed the adoption of authentication methods. Despite only 24% of Australians expressing confidence in usernames and passwords as the most secure option, these methods remain prevalent: 56% use them for work accounts and 57% for personal accounts. Adoption of MFA, a method designed to improve account security, remains inconsistent. Only 55% reported workplace-wide use of MFA in their organisations, and a notable 31% had not set up MFA on their personal email accounts, despite using those accounts for critical services such as social media, banking, mobile phones, and online shopping.

Training and workplace practices

The study highlighted a lack of comprehensive training, with 41% of Australian employees reporting no cybersecurity training from their employers. After recognising they had engaged with a phishing attempt, only 15% began using MFA, and 18% informed a colleague or employer, pointing to an ongoing challenge with response and reporting behaviors.

Asked about their employer's practices, while 79% believed their organisation offered secure options, only about half confirmed consistent MFA use across all business applications and services.

Adoption barriers

Schomburgk commented on the observed trends, stating, "As cyber threats become more sophisticated, the good news is that the survey reveals that awareness of stronger, more secure authentication methods like device-bound passkeys, like those on a YubiKey, is increasing but adoption is still low in Australia. Both individuals and organisations have the power to protect themselves by adopting these phishing-resistant solutions today. Modern MFA is clearly no longer just a nice-to-have and has quickly become essential for staying secure in our rapidly changing digital landscape."

The survey indicates that although awareness is rising, the practical implementation of secure digital authentication remains inconsistent across Australian society and workplaces. This underscores a need for stronger cybersecurity education and adoption of modern authentication solutions to address the evolving threat landscape posed by phishing and the impact of advanced AI techniques.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
The cybersecurity imperative for smart factories
Fortinet unveils Secure AI Data Centre with 69% power saving
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Hexaware boosts cybersecurity with strategic CyberSolve acquisition
Avanade unveils suite of Microsoft-powered tools for midmarket firms

Top stories

Alarm.com launches unified smart security platform in ASEAN markets
DroneShield secures AUD $7.6m US deals as orders & pipeline surge
Fortinet unveils Secure AI Data Centre to protect large models
Bitdefender unveils Security Data Lake to cut alert overload
Harnessing the power of ICT to propel your enterprise forward: Five key trends you need to be across in 2026