International Cyber Expo International Cyber Expo
  • About Us
Friday, 10 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

by Guru Writer
July 10, 2026
in News
KnowBe4 phishing by industry
Share on FacebookShare on Twitter

KnowBe4’s latest benchmarking report, based on 42 million phishing simulations worldwide, reveals the sectors most vulnerable to phishing attacks across the UK and Ireland, while highlighting the impact of continuous security awareness training. Healthcare and pharmaceutical organisations are the most susceptible to phishing attacks in the UK, followed by businesses in the hospitality and construction sectors, according to new research from cybersecurity awareness and digital workforce security provider KnowBe4.

The findings come from KnowBe4’s 2026 Phishing by Industry Benchmarking Report, which analysed 42 million phishing simulation tests involving 14.8 million users across 64,000 organisations worldwide. The research found that before any security awareness training is introduced, 43.9% of employees in healthcare and pharmaceuticals are likely to engage with a phishing attack. Hospitality follows at 38%, while construction recorded a baseline Phish-prone Percentage (PPP) of 34.1%.

Financial services (30.7%) and energy and utilities (29.3%) complete the top five most vulnerable sectors in the UK and Ireland.

Across all industries, the average UK baseline PPP stands at 30.3%, meaning almost one in three employees is likely to fall for a phishing attempt before receiving any formal training. Larger organisations face greater risk, with enterprises employing more than 10,000 people recording a baseline PPP of 33.1%, compared with 24.8% among small businesses.

The report also demonstrates the long-term impact of continuous security awareness programmes. Organisations reduced phishing susceptibility by 34.7% after 90 days of training, while after one year of ongoing education the average PPP fell by 81.9%, reaching just 5.5%.

The findings arrive as attackers increasingly use artificial intelligence to create convincing phishing emails, business email compromise (BEC) campaigns and deepfake-enabled social engineering attacks.

Javvad Malik, lead CISO advisor at KnowBe4, said the rise of AI is changing both the threat landscape and the workforce organisations need to protect. “As organisations in the UK expand their workforce from humans to include autonomous AI agents, the attack surface grows in ways traditional controls were not designed to address. This complexity is being exploited, evidenced by a 17% spike in phishing attacks since late 2025 alone. However, the data proves organisations can combat this through continuous personalised training, which drops employee phishing susceptibility to 5.5% over 12 months.”

Globally, the report found Africa recorded the highest baseline phishing susceptibility at 35.9%, followed by North America at 34.5% and South America at 31.5%. Asia reported the lowest baseline risk at 24.9%.

KnowBe4 said the findings reinforce the importance of ongoing, behaviour-focused security awareness programmes, particularly as organisations adopt AI technologies that expand the number of identities and systems requiring protection.

ShareTweet
Previous Post

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

Next Post

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol