KnowBe4’s Annual Phishing Benchmarking Report Finds Untrained Users Are Biggest Flaw in Organizations’ Cyber Defense Layer
Report highlights patterns that can inspire a stronger, safe and more resilient security culture
Tampa Bay, FL, June 20, 2023 (GLOBE NEWSWIRE) -- KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today released the new 2023 Phishing by Industry Benchmarking Report to measure an organization’s Phish-proneTM Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam.
This year’s report reveals that according to the baseline testing conducted, without security training, across all industries,
KnowBe4 analyzed a data set of over 12.5 million users, across 35,681 organizations, with over 32.1 million simulated phishing security tests, across 19 different industries. The resulting baseline PPP measures the percentage of employees in organizations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
When companies implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. 90 days after completing monthly or more frequent security training, the average PPP decreased to
The report also reveals which industries are most vulnerable to cyber threats and have the highest PPP which indicates where there is a stronger need for security awareness training. Across small and medium organizations, the healthcare and pharmaceuticals industry has the highest PPP of
The report underscores the fact that while technology plays an important role in preventing and recovering from an attack, organizations cannot afford to ignore the human factor. Verizon’s 2023 Data Breach Investigations report states that
Additionally, this year’s report details international phishing benchmarks from North America, The United Kingdom and Ireland, Europe, Africa, South America, Asia, Australia and New Zealand.
“Although we see certain industries like hospitality and education improve their PPP, others such as healthcare and pharmaceuticals continue to maintain or increase their PPP reflecting the significant roles humans play within organizations to best combat cyber threats,” said Stu Sjouwerman, CEO, KnowBe4. “The findings from KnowBe4’s Phishing by Industry Benchmark report are a testament to the effectiveness of new-school security awareness training and simulated phishing. An educated workforce forms a strong human firewall, which is key to practicing safe cyber habits and building a strong security culture.”
To download a copy of the 2023 KnowBe4 Phishing by Industry Benchmarking Report, visit https://www.knowbe4.com/phishing-benchmarking-analysis-center.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 60,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
