Connect with us

Hi, what are you looking for?

BUSINESS

One in three untrained employees will click on a phishing link – KnowBe4

Large organisations lead the pack with Energy & Utilities, Insurance and Consulting most at risk for social engineering followed by Healthcare & Pharmaceuticals for small and midsize organisations.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the new 2022 Phishing by Industry Benchmarking Report to measure an organization’s Phish-prone Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam.

With ransomware payments averaging $580,000 in 2021 and business email compromise (BEC) losses topping $1.8 billion in 2020, a cyber attack can wreak havoc on an organisation. Yet, according to the baseline testing conducted for the report, without security training, across all industries globally, 32.4% of employees are likely to click on a suspicious link or comply with a fraudulent request. In some large category industries, such as Consulting, Energy & Utilities, and Healthcare & Pharmaceuticals, the percentage is over 50%.

The APAC region showed a slightly higher risk than the global average, with 34.5% of untrained employees likely to click on a suspicious link or comply with a fraudulent request across all industries and organization sizes. Large organizations (more than 1000 employees) with no prior KnowBe4 security training showed a PPP of 36.7%, four percent higher than the global average.

KnowBe4 analysed a data set of over 9.5 million users across 30,173 organizations, with over 23.4 million simulated phishing security tests across 19 different industries. The resulting baseline “Phish-proneTPercentage (PPP)” measures the percentage of employees in organizations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.

Advertisement. Scroll to continue reading.

When organizations implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. In 90 days after completing monthly or more frequent security training, the average PPP decreased to 17.6%. After twelve months of security training and simulated phishing security tests, the average PPP dropped to five percent, indicating that new habits become normal, fostering a stronger security culture.

In the APAC region the PPP scores of small and medium sized organizations dropped to 21.1% and 19.2% respectively. After one year of training small organizations showed the greatest gain, with their PPP dropping to 4.4%.

The 2022 Phishing by Industry Benchmarking Report underscores that fact that while technology plays an important role in preventing and recovering from an attack, organizations cannot afford to ignore the human factor. According to the IBM Security X-Force Threat Intelligence Index 2022, which includes data for 2021, Japan, Australia and India were one of the three most-attacked countries in Asia.  Verizon’s 2022 Data Breach Investigations Report, which states that 82% of breaches this year globally involved the human element, also describes the most common type of breaches that took place in the APAC region were caused by financially motivated attackers phishing for employee credentials and using the stolen credentials to gain access to email accounts and web application servers. Verizon also reported that 70% of attacks in APAC contained a social engineering action.

According to the Global State of Industrial Cybersecurity 2021: Resilience Amid Disruption Report released by Claroty, 80% of organizations in the APAC region were affected by ransomware attacks in 2021, with 51% paying the ransom. Meanwhile, 790 Singaporean victims fell prey to the recent OCBC Bank smishing scam, with a total loss amount of SGD$13.7 million, illustrating that the potential cost to APAC business is huge.

“In critical industries like Health Services and Finance, where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” said Stu Sjouwerman, CEO, KnowBe4. “With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks and result in a more secure organizational culture.”

Advertisement. Scroll to continue reading.

To download a copy of the KnowBe4 Phishing by Industry Benchmarking Report, https://info.knowbe4.com/phishing-by-industry-benchmarking-report-uki.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

Two brilliant minds, Art Abal and Anna Kazlauskas, with their Filipino roots, are reshaping the future of data. Their vision is clear: create a system where no...

COMPUTERS

These include the AI PCs ThinkPad T14s Gen 6 AMD, ThinkBook 16 Gen 7 Powered by Snapdragon X Plus, and innovations Lenovo Auto Twist...

GAMING

Supercell, the developers of Brawl Stars, identified SpongeBob SquarePants as the perfect fit for the game’s humourous, high-energy action.

HEADLINES

“We started Wellness Whispers with a vision to offer products that cater to the wellness needs of our customers,” said Dani Barretto, CEO and...

HEADLINES

“When it comes to mobile computing, AI is not just a buzzword, it's a revolution,” commented George Zhao, CEO of HONOR Device Co., Ltd.

HEADLINES

The partnership between IBPAP and Paywatch is designed to enhance the appeal of the IT-BPM industry to prospective employees by leveraging financial wellness initiatives.

HEADLINES

Under the Load & Fly raffle with SM, four lucky customers won international roundtrip tickets for two simply by entering the raffle when they...

HEADLINES

The Palawan Group of Companies’ mission has always been to serve and bridge families and friends through financial transactions. Meanwhile, as the country's second...

Advertisement