Yubico Research Reveals Lackluster Cybersecurity in Europe

Ronnie Manning

Ronnie Manning

4 minute read

We all know there have been major paradigm shifts in the workplace caused by the pandemic. With the explosion of working from home (WFH), millions of employees now call their basements and bedrooms home offices. Security professionals scrambled to put together employee onboarding and authentication protocols that met new cybersecurity requirements for remote employees. Over a year into the pandemic, they continue facing challenges as some employees stay home and others return to the office. 

So how have employees performed in the remote workplace? How secure have their work environments been in the last 15 months? We surveyed 3,006 employees, business owners, and C-suite executives at medium to large organizations (250+ employees) across the UK, France and Germany, who have worked from home and use work-issued devices, to uncover some common trends. 

Cybersecurity best practices went from bad to worse during the pandemic

Data shows that poor cybersecurity habits that employees might have had before the pandemic got worse when they started to work from home. The survey also illustrated that many businesses do not have solid cybersecurity best practices in place to deal with the new challenges of hybrid workplaces, and have been slow to implement strong cybersecurity technologies and modern authentication protocols to fill security gaps. 

Let’s start with employees by combining data across all surveyed countries: 

  • Poor password hygiene is a major issue, as 54 percent of employees admitted that they use the same passwords across multiple work accounts. 22 percent of respondents report they still remember passwords by writing them down, including 41 percent of business owners and 32 percent of C-level executives.
  • 42 percent of respondents use their work devices for personal use, which is an enterprise-wide problem. About 44 percent of business owners and 39 percent of C-level executives said they were working on personal tasks while they used work devices at home.
  • Surprisingly, even though behaviors are riskier at home, 73 percent of employees are confident that they would be able to spot and avoid phishing attacks and only 55 percent are more cautious about cybersecurity while working from home.

What are employers doing to respond? 

Nearly 60 percent of employees said that they weren’t responsible for cybersecurity and that IT teams should handle all defenses. But only 37 percent of these remote workers felt more supported by IT than they did in the physical workplace. The same 37 percent claimed they had received no cybersecurity training policy focused on staying secure while working from home. 

The survey shows that in all three countries, organizations have been slow to adopt or increase their usage of Multi-factor authentication (MFA) (22%) because of the pandemic. This is a considerable difference from the recent US-focused study by Yubico and 451 Research which stated that as a reaction to COVID-19, MFA is the top cybersecurity technology being adopted (by 49% of respondents) and 75% of enterprise security managers plan to increase MFA spending.

Cybersecurity best practices keep everyone safe

All it takes is one employee failing to follow secure practices while working from home, and the entire organization could be exposed to a cyber attack or breach.

Here are a few suggested cybersecurity best practices for improving WFH policies: 

  • Be aware of your employees’ practices and if they may be using work laptops and mobile devices for personal use. 
  • The research shows that senior-level managers aren’t immune to bad practices either, so it’s important for leadership to start modelling behavior.
  • Consider employee training that demonstrates the reality of vulnerabilities to remote and hybrid employees, including password hygiene and phishing attacks. 
  • Move toward strong authentication, such as the YubiKey, which works with legacy or modern cloud-based, passwordless infrastructures.   

Read the full report here for geographical breakdowns and to learn more about current attitudes and adaptability to at-home corporate cybersecurity, employee training, and support in the current global hybrid working era.

For a deeper dive into the findings from this report, sign up for the upcoming Yubico webinar, State of cybersecurity in Europe during the Covid-19 crisis, on June 29 at 11 a.m. PST.

About the study

The research was conducted by an independent research company Censuswide, with 3,006 employees at large organizations (250+ employees), who have worked from home at some stage and have work-issued devices in the UK, France, and Germany between February 19, 2021, and March 3, 2021. Censuswide abides by and employs members of the Market Research Society which is based on the ESOMAR principles.

, ,
Talk to our teamTalk to our team

Share this article:
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST