New research has revealed that one in three untrained employees will click on a phishing link, according to the 2022 Phishing by Industry Benchmarking Report from KnowBe4.
With ransomware payments averaging $580,000 in 2021 and business email compromise (BEC) losses topping $1.8 billion in 2020, a cyber attack can wreak havoc on an organisation. Yet, according to the baseline testing conducted for the report, without security training, across all industries globally, 32.4% of employees are likely to click on a suspicious link or comply with a fraudulent request. In some large category industries, such as Consulting, Energy & Utilities, and Healthcare & Pharmaceuticals, the percentage is over 50%.
The 2022 study analysed a data set of 9.5 million users across 30,173 organisations with over 23.4 million simulated phishing security tests. By examining the employee Phish-prone™ Percentages (PPP) by industry, KnowBe4 is able to deduce at-risk users that are susceptible to phishing or social engineering attacks. For those news to PPP, measures the percentage of employees in organisations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
“In critical industries like Health Services and Finance, where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” says Stu Sjouwerman, CEO, KnowBe4.
“With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element.
“Implementing security awareness training with simulated phishing testing will help to better protect organisations against cyber attacks and result in a more secure organisational culture.”
The 2022 Phishing by Industry Benchmarking Report underscores that fact that while technology plays an important role in preventing and recovering from an attack, organisations cannot afford to ignore the human factor.