I wish I could say I was surprised by these figures but, as a network admin who enforces 2FA on all of the systems I manage, so who has to deal with the faux ignorance of users as a result, and given that passwords like 12345678 and Password123! still figure highly in password breach lists, I am, in all honesty not.
There are few good reasons not to use 2FA (and I can't think of any outside of, possibly, some for users with disabilities) and lots of good reasons to use it. My extended network of contacts whose systems I don't manage means that I still speak to people who suffer system breaches that would have been prevented by 2FA but even after suffering a breach, people would rather substitute one bad password that they use on more than one system for another bad password that they use on more than one system and pretend they've solved the problem and that it can't happen again. In circumstances such as that, and in this day and age, it's hard not to think that they deserve all that's coming to them.