One out of three untrained employees will click on one phishing email, revealed the new report of Phishing by Industry Benchmarking 2022, which measures the percentage of an organization's phish-proneTM (PPP), authored by KnowBe4.
According to the world's largest training and simulated phishing platform provider, across all industries globally, 32,4% of employees are likely to click on a suspicious link or fulfill a fraudulent request.
The investigation, which showed how many of the employees are likely to fall for phishing or a social engineering scheme, focused on several industrial sectors, such as consulting, energy, health and technology companies, showing a percentage greater than 50%.
With ransomware payouts approaching $580.000 in 2021 and email compromise losses (BEC) exceeding $1,8 billion in 2020, a cyberattack can wreak havoc on an organization.
Africa was the region that performed slightly better, with 31,4% of untrained workers clicking on a suspicious link or fulfilling a fraudulent request across all industries and organization sizes, and 32,4% in larger organizations ( more than 1000 employees).
KnowBe4's study analyzed a dataset of more than 9,5 million users in 30.173 companies, with more than 23,4 million simulated phishing security tests in 19 different industries.
BUT: Nigeria and South Africa face a phishing epidemic
The resulting baseline "Phish-proneTM Percentage (PPP)” measures the percentage of employees in organizations that did not undergo any KnowBe4 security training, who clicked on a simulated phishing email link or opened an infected attachment during testing.
The report further showed that when organizations implemented a combination of training and simulation phishing security tests after their initial baseline measurement, results changed dramatically.
Within 90 days of completing monthly or more frequent safety training, the average PPP decreased to 17,6%. After twelve months of security training and simulated phishing security testing, the average PPP dropped to 5%, indicating that new habits become normal, fostering a stronger security culture.
In African companies, after 90 days of cybersecurity training, the average PPP drops to 18,8%. even higher than the overall rate for this stage, with the smallest organizations of 1-249 workers showing the highest susceptibility to this stage, with a PPP of 24,8%.
The study adds that Africa faces a growing set of cyber threats from espionage, sabotage of critical infrastructure and organized crime. It also points to skills shortages, with a growing gap of 100.000 people in certified cybersecurity professionals.
The 2022 Industry Benchmarking Report highlights that while technology plays an important role in preventing and recovering from an attack, organizations cannot afford to ignore the human factor.
