More than one in three workers in the UK and Ireland are vulnerable to phishing attacks, according to new report 2023 Phishing Industry Benchmark Report By KnowBe4.
This report aims to measure an organization’s vulnerability to phishing and social engineering scams by calculating the Phishing Propensity Percentage (PPP).
The study analyzed a large dataset of over 12.5 million users across 35,681 organizations and found that 35.2% of users without security training clicked on suspicious links or engaged in fraudulent activity. It became clear that there was a tendency to
Additionally, compared to the previous year, the overall baseline PPP increased by 5.2% from 30% in 2022. Larger companies employing more than 1,000 employees showed the highest rate of increase, with their susceptibility rising from 32.7% to nearly 40%.
Geographically, the average baseline PPP for UK and Irish workers was 35.2%. This figure was topped by South America, which had a baseline of 41.1%.
However, according to KnowBe4, the average PPP for UK and Irish employees dropped to 17.8% after 90 days of combined security awareness training and simulated phishing security tests.
Over a 12-month period, this percentage further decreased to 5.8%, demonstrating the value of security training in increasing user security awareness and fostering a robust security culture within an organization.
KnowBe4 also added that the report comes amid a rise in phishing attacks against businesses around the world. The UK and Ireland lost £3.7bn ($4.6bn) to cyber fraud in 2020 alone, the report said, with ransomware often distributed through phishing techniques. , says it continues to plague the organization.
Globally, ransomware will cause 24% of all data breaches in 2023, 74% of which were due to human error.
Ransomware Attack Details: Ransomware Encryption Rates Reach New Heights
“This report is a timely reminder of the ongoing threat posed by phishing attacks, which remain a highly effective and prevalent means of targeting individuals and organizations alike,” said KnowBe4. said Javad Malik, Security Awareness Lead at Microsoft.
According to security experts, such attacks can often lead to significant reputational damage, financial loss, and disruption of business operations.
“Additionally, this highlights the critical importance of developing and implementing a robust, multi-layered phishing defense strategy that includes regular employee training and education, and implementation of advanced threat detection and prevention technologies. emphasizes,” concludes Malik.
The KnowBe4 report comes months after Secureworks released new data suggesting the number of business email compromise (BEC) incidents doubled last year.
