KnowBe4's Annual Benchmarking Report Finds One in Three Untrained Employees Will Click on a Phishing Link
KnowBe4 released its 2022 Phishing by Industry Benchmarking Report, revealing that 32.4% of untrained employees are likely to fall for phishing attempts. Industries most at risk include Consulting, Energy & Utilities, and Healthcare & Pharmaceuticals, with over 50% of employees in these sectors vulnerable. The report analyzed data from 30,173 organizations and showed that with proper training, the average Phish-prone Percentage (PPP) dropped from 32.4% to 5% after 12 months. The findings underscore the importance of addressing the human factor in cybersecurity.
- With security training, the average PPP decreased from 32.4% to 17.6% after 90 days and to 5% after 12 months.
- KnowBe4 analyzed data from over 9.5 million users across 30,173 organizations, showing broad applicability of results.
- 32.4% of employees across all industries are likely to fall for phishing attacks without training.
- In critical industries like Energy & Utilities and Healthcare, the PPP exceeds 50%, indicating significant cybersecurity risks.
Large organizations lead the pack with Energy & Utilities, Insurance and Consulting most at risk for social engineering followed by Healthcare & Pharmaceuticals for small and midsize organizations.
TAMPA BAY, Fla., July 12, 2022 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, has released the new 2022 Phishing by Industry Benchmarking Report to measure an organization's Phish-proneTM Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam.
With ransomware payments averaging
KnowBe4 analyzed a data set of over 9.5 million users across 30,173 organizations, with over 23.4 million simulated phishing security tests across 19 different industries. The resulting baseline "Phish-proneTM Percentage (PPP)" measures the percentage of employees in organizations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
When companies implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. In 90 days after completing monthly or more frequent security training, the average PPP decreased to
The report underscores the fact that while technology plays an important role in preventing and recovering from an attack, companies cannot afford to ignore the human factor. Verizon's 2022 Data Breach Investigations report states that
"In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures," said Stu Sjouwerman, CEO, KnowBe4. "With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks and result in a more secure organizational culture."
To download a copy of the KnowBe4 Phishing by Industry Benchmarking Report, visit https://info.knowbe4.com/phishing-by-industry-benchmarking-report
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 50,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
Media Contact
Cassandra Cadot, ccadot@knowbe4.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/knowbe4s-annual-benchmarking-report-finds-one-in-three-untrained-employees-will-click-on-a-phishing-link-301583531.html
SOURCE KnowBe4
FAQ
What is the Phish-prone Percentage (PPP) reported by KnowBe4 for 2022?
Which industries are most at risk according to the 2022 Phishing by Industry Benchmarking Report?
How much did the PPP decrease after 12 months of security training?
What are the financial impacts of phishing attacks mentioned in the report?