SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ronnie yubico
#
MFA
#
Cloud Security
#
IAM

YubiKey study touts ROI, breach risk plunge for firms

Wed, 4th Feb 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Yubico has published results from a Total Economic Impact study by Forrester Consulting that modelled financial and operational outcomes from deploying YubiKeys across a large organisation.

The study used interviews with decision-makers at six large organisations. It then created a composite organisation of 5,000 employees. The model reported a 265% return on investment over three years and a net present value of USD $5.3 million. It also cited USD $7.3 million in total benefits over the same period.

The model assumed the organisation replaced traditional multi-factor authentication methods and one-time passwords with phishing-resistant YubiKeys.

Risk reduction

The study reported a 99.99% reduction in risk exposure to breach costs from what it described as addressable attacks. It linked the change to reduced phishing and credential-theft risks.

It also argued that common authentication approaches face pressure from modern attack techniques, including social engineering and methods that bypass some forms of multi-factor authentication.

"As AI-driven threats make traditional authentication methods increasingly vulnerable, this Forrester study confirms for us that phishing-resistant MFA is no longer optional; it is now a cornerstone to cyber resilience and a business accelerator," said Ronnie Manning, Chief Brand Advocate, Yubico.

"YubiKeys not only safeguard the enterprise against rising phishing threats, but actually return time to employees to focus on business-critical tasks and reduce the burden on security and IT teams," said Manning.

Operational impacts

Forrester's model attributed USD $1.6 million of value to what it described as strengthened security, linked to a lower likelihood of a successful credential-based breach.

It attributed USD $2.2 million of value to changes in end-user experience. The study said users authenticated 80% faster with YubiKeys than with legacy multi-factor authentication. It also said the organisation simplified password policies. It estimated an average saving of 30 minutes per user for each quarterly update.

The model assigned USD $1.7 million to operational efficiency. It included USD $912,000 in security and identity and access management labour savings from avoiding attack investigations. It also included USD $476,000 in help desk savings from fewer password-reset tickets. The model added USD $321,000 from retired legacy multi-factor authentication costs.

A further USD $1.9 million of value related to business growth, according to the study. It linked this to stronger security and improved trust and to meeting customer security requirements.

A government IT and cybersecurity leader provided one of the study's cited comments on financial outcomes. "YubiKeys are a fiscally responsible way to increase your cybersecurity posture," said a Director of Information Technology and Cybersecurity for the government.

A telecoms sector participant described delivery and support. "Yubico is easy to work with. They had the ability to deliver at the scale and velocity we needed," said a Senior Manager, Cybersecurity for telecom services.

Deployment approach

The study also discussed enterprise deployment and how organisations manage different application estates. It said YubiKeys support FIDO2 and WebAuthn, smart card PIV, and one-time password functions. It linked this to use across legacy systems and cloud applications.

It also positioned hardware-backed authentication as part of broader identity and access strategies that emphasise tighter verification and reduced reliance on passwords.

"Our CEO stated that we are going to be 100% phishing resistant and passwordless. We had to look for what could help us achieve passwordless for the full employee lifecycle and what was 100% phishing-resistant. The only solution that fit the bill was YubiKeys," said a Principal Identity Engineer at a technology firm interviewed for the study.

Yubico also outlined a subscription offering called YubiKey as a Service. The company said it shifts spending from capital expenditure to operating expenditure. It also includes a self-service ordering function, according to Yubico. The company said end users can order keys directly and ship them to a chosen address.

The company said it plans further activity around the study findings, including a webinar session featuring Forrester.

Related stories
Cyber premiums fall as Lockton flags 2027 volatility risk
AI-driven ransomware attacks surge, most go unreported
OPSWAT names Jan Miller CTO to lead new Technology Centre
eBPF report shows efficiency, security gains at scale
Securing the digital classroom: A layered cybersecurity approach for K-12 schools

Top stories

AI drives shift to persistent, low‑level cyber conflict
Xiid & Cytex link AI governance with zero trust access
Sue Ryder to roll out AI scribe across UK hospices
UK CIOs struggle to govern surge in business AI agents
AI romance scams surge on UK dating apps, says study