Yubico Research Reveals Lackluster Cybersecurity in Europe

We all know there have been major paradigm shifts in the workplace caused by the pandemic. With the explosion of working from home (WFH), millions of employees now call their basements and bedrooms home offices. Security professionals scrambled to put together employee onboarding and authentication protocols that met new cybersecurity requirements for remote employees. Over a year into the pandemic, they continue facing challenges as some employees stay home and others return to the office. 

So how have employees performed in the remote workplace? How secure have their work environments been in the last 15 months? We surveyed 3,006 employees, business owners, and C-suite executives at medium to large organizations (250+ employees) across the UK, France and Germany, who have worked from home and use work-issued devices, to uncover some common trends. 

Cybersecurity best practices went from bad to worse during the pandemic

Data shows that poor cybersecurity habits that employees might have had before the pandemic got worse when they started to work from home. The survey also illustrated that many businesses do not have solid cybersecurity best practices in place to deal with the new challenges of hybrid workplaces, and have been slow to implement strong cybersecurity technologies and modern authentication protocols to fill security gaps. 

Let’s start with employees by combining data across all surveyed countries: 

  • Poor password hygiene is a major issue, as 54 percent of employees admitted that they use the same passwords across multiple work accounts. 22 percent of respondents report they still remember passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.
  • 42 percent of respondents use their work devices for personal use, which is an enterprise-wide problem. About 44 percent of business owners and 39 percent of C-level executives said they were working on personal tasks while they used work devices at home.
  • Surprisingly, even though behaviors are riskier at home, 73 percent of employees are confident that they would be able to spot and avoid phishing attacks and only 55 percent are more cautious about cybersecurity while working from home.

What are employers doing to respond? 

Nearly 60 percent of employees said that they weren’t responsible for cybersecurity and that IT teams should handle all defenses. But only 37 percent of these remote workers felt more supported by IT than they did in the physical workplace. The same 37 percent claimed they had received no cybersecurity training policy focused on staying secure while working from home. 

The survey shows that in all three countries, organizations have been slow to adopt or increase their usage of Multi-factor authentication (MFA) (22%) because of the pandemic. This is a considerable difference from the recent US-focused study by Yubico and 451 Research which stated that as a reaction to COVID-19, MFA is the top cybersecurity technology being adopted (by 49% of respondents) and 75% of enterprise security managers plan to increase MFA spending.

Cybersecurity best practices keep everyone safe

All it takes is one employee failing to follow secure practices while working from home, and the entire organization could be exposed to a cyber attack or breach.

Here are a few suggested cybersecurity best practices for improving WFH policies: 

  • Be aware of your employees’ practices and if they may be using work laptops and mobile devices for personal use. 
  • The research shows that senior-level managers aren’t immune to bad practices either, so it’s important for leadership to start modelling behavior.
  • Consider employee training that demonstrates the reality of vulnerabilities to remote and hybrid employees, including password hygiene and phishing attacks. 
  • Move toward strong authentication, such as the YubiKey, which works with legacy or modern cloud-based, passwordless infrastructures.   

Read the full report here for geographical breakdowns and to learn more about current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era.

For a deeper dive into the findings from this report, sign up for the upcoming Yubico webinar, State of cybersecurity in Europe during the Covid-19 crisis, on June 29 at 11 a.m. PST.

About the study

The research was conducted by an independent research company Censuswide, with 3,006 employees at large organizations (250+ employees), who have worked from home at some stage and have work-issued devices in the UK, France, and Germany between February 19, 2021, and March 3, 2021. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles.

Talk to our teamTalk to our team

Share this article:


  • Digital security’s unique role in protecting our environmentAs sustainability expands to include social, economic, and technological challenges, cybersecurity has emerged as a top global threat – with cybercrime projected to cost $12 trillion this year. Stolen credentials and phishing account for 80% of breaches. At Yubico, making the world more secure is just part of how we care for the world around […]Read moreCSREarth DaySecure It ForwardSustainability
  • Breaking down Australia’s plan to combat AI-driven phishing scamsAcross Australia, cybercrime continues to be a major challenge impacting businesses, critical infrastructure and consumers alike. The use of AI by bad actors across the spectrum of cybercrime is on the rise, and as a result, credential phishing scams are becoming increasingly sophisticated. AI is effectively helping to lower the cost of phishing and increase […]Read moreAIAPACAustraliaphishing
  • 5 fast cybersecurity tips to clean up your digital lifeWith today being Identity Management Day, now is the perfect time to take stock of your online presence, update security settings, and ensure that your personal data remains protected from cyber threats like phishing. We’re also seeing increasing concerns of DeepSeek and other AI tools around data privacy making these kinds of attacks more successful […]Read morebest practices
  • surface blog crownMicrosofts Surface Pro 10 möjliggör NFC-baserad lösenordsfri inloggning med YubiKeys, för företagDra fördel av det långvariga samarbetet mellan Microsoft och Yubico genom att distribuera YubiKeys tillsammans med den nya Surface Pro 10 enheten för ditt företag. Read morenfcpasswordless