KnowBe4’s new Phishing by Industry Benchmarking Report, published this week, reveals organisation’s Phish-Prone percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or social engineering scam.
The initial baseline phishing test was administered to organisations that hadn’t conducted any KnowBe4 security awareness training. The results indicated a high level of risk, with an average initial baseline PPP of 37.9%, up 8.3% from 2019, across all industries and sizes. Every organisation regardless of size and vertical is susceptible to phishing and social engineering without computer-based training.
“We continue to see a trend of organisations’ PPP increasing year-over-year,” said Stu Sjouwerman, CEO, KnowBe4. “These findings reinforce the need for new-school security awareness training and frequent simulated phishing testing. As security professionals, we have a call to action to educate our end-users, so they are the most prepared and have the knowledge they need to remain vigilant against evolving cyber threats.”
After 90 days of computer-based training and simulated phishing testing, the average PPP was reduced by over 60 percent, dropping from 37.9% to 14.1%. And after one year of monthly simulated phishing tests and regular training, the PPP further declines to just 4.7%. Across all industries, there’s an average 87 percent improvement rate from baseline testing to 12 months of training and testing.
To download a copy of the KnowBe4 Phishing by Industry Benchmarking Report, visit https://info.knowbe4.com/phishing-by-industry-benchmarking-report. For more information on KnowBe4, visit www.knowbe4.com.
Watch the webinar “Shooting Phish in a Barrel”, a frank discussion about the risks of phishing, aggravated by the rise in remote working, on the IT Security Guru BrightTalk channel.