Even among organisations who have implemented 2FA, only just above a quarter (27%) are rolling out FIDO-compliant hardware security keys, which offer the most advanced form of phishing protection, while others rely on more vulnerable and outdated solutions, such as mobile authentication apps (54%) and SMS one-time passcodes (47%).