SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Australian office worker unlocks multiple digital padlocks data leak
#
MFA
#
Phishing
#
Physical Security

Australians overconfident as risky password habits persist

Wed, 11th Mar 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Australians say they feel confident spotting cyber threats, yet many still reuse passwords, share credentials, and take no action after learning of major data breaches, according to new research by security awareness firm KnowBe4 and polling group YouGov.

The study found that 66% of Australians reuse passwords across multiple online accounts. It also found that 24% take no action after hearing about a major data breach unless they are directly notified. Those habits extend the window for criminals to test stolen credentials across different services, including workplace systems where people use the same or similar passwords.

The findings follow recent high-profile incidents in Australia that have raised public awareness of the impact of breached personal data. Even so, the survey suggests day-to-day security behaviour has not kept pace with growing concern about cybercrime.

Password habits

Password reuse remains one of the most common weaknesses in consumer security because one exposed password can unlock multiple accounts. The report also found that more than one in five Australians share login credentials for sensitive accounts such as email or banking, which can bypass security checks designed to flag unusual access patterns.

The results point to a gap between confidence and action: 76% of Australians said they feel confident spotting cyber threats, yet many reported behaviours that increase the risk of account takeover and identity fraud.

Workplace security rules also appear to shape habits. Among employed respondents, 53% said they prioritise protecting work accounts over personal accounts, suggesting formal requirements at work drive behaviour more than personal controls for services such as email, banking, retail, and social platforms.

Generational split

Younger Australians were more likely to prioritise work account protection. The figure was 66% for Gen Z and 65% for Millennials, compared with 35% for Gen X. While the study did not explore reasons for the gap, the data suggests workplace practices influence younger cohorts strongly.

Credential sharing also has organisational implications. When staff reuse passwords and share personal logins, attackers can combine exposed data from different sources. That can complicate incident response for employers, particularly when corporate email addresses are used as usernames across personal services.

The survey also highlights delays in consumer response after a breach is publicly reported. One in four respondents said they do nothing unless directly notified, leaving accounts unchanged for weeks or months even when breach details are widely reported. During that period, attackers can continue testing credentials, particularly through automated attempts across multiple platforms.

Workplace carryover

Erich Kron, CISO advisor at KnowBe4, said the issue is a lack of consistency between work and home.

"Many people are careful with their work accounts because policies require it, but those same habits don't always carry over into personal life," said Erich Kron, CISO advisor at KnowBe4. "Cybersecurity resilience improves when secure behaviour becomes second nature - not just something employees do to meet workplace requirements. That's where human risk management plays a critical role in turning awareness into lasting behaviour."

KnowBe4 said the findings underscore the need for organisations to address the human side of security alongside technical controls. It also pointed to criminals using AI to scale and personalise attacks, making phishing emails and scams harder to spot using simple cues. That shift increases the importance of consistent security routines, such as using unique passwords and changing them promptly after a breach.

The findings are based on an online survey of 524 Australians aged 18 and over. YouGov conducted the fieldwork between 17 and 20 October 2025 and weighted the data by age, gender, and region to reflect Australian Bureau of Statistics population estimates. The research followed ISO 20252:2019 standards.

KnowBe4 said the study forms part of its focus on "Human Risk Management". The company sells security awareness training and related products, including tools aimed at email-based threats, with the goal of improving employee behaviour and reducing the risk of attacks that start with people and their accounts.

Related stories
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks
CommBank deploys AI to spot emerging fraud patterns
The real-time data solution to the AI energy problem

Top stories

Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools