IT and Business Insights for SMB Solution Providers

KnowBe4 Unveils New Phishing Benchmark Data and Showcases Most At-Risk Industries

 KnowBe4, provider of the world's largest new-school security awareness and simulated phishing platform, released a breakthrough study of phishing statistics for top industries, showing small insurance companies have the highest percentage of "Phish-prone" employees in the small to mid–size organization category. Not-for-profit organizations take the lead in large organizations (1,000 or more employees). The study shows these types of organizations rank higher (in the low thirty percentiles) than the overall average of twenty seven percent across all industries and size organizations. Large business services organizations had the lowest Phish-prone benchmark at nineteen percent.

The Phish-prone percentage is determined by the number of employees that click a simulated phishing email link or open an infected attachment during a testing campaign using the KnowBe4 platform.

The study, drawn from a data set of more than six million users across nearly 11,000 organizations, benchmarks real-world phishing results. Results show a radical drop of careless clicking to just 13 percent 90 days after initial training and simulated phishing and a steeper drop to two percent after 12 months of combined phishing and computer based training (CBT).

The study anonymously tracks users by company size and industry at three points: 1) a baseline phishing security test, 2) results after 90 days of combined CBT and simulated phishing, and 3) the result after one year of combined CBT and phishing.

"In the past seven years, we've helped thousands of customers enable their employees to make smarter security decisions. Since we've reached the milestone of 15,000 customers, we've built a massive database to analyze and decided it was time to conduct a new analysis of average Phish-prone percentages," said Stu Sjouwerman, CEO of KnowBe4.  "The new research uncovered some surprising and troubling results. However, it also demonstrates the power of deploying new-school security awareness training by lowering a 27 percent Phish-prone result to just over two percent."

Rankings by industry for initial Phish-prone percentage include:

 

Insurance                             

32.66%

Manufacturing                       

30.99%

Technology                            

30.09%

Not for Profit                            

29.85%

Retail & Wholesale                   

28.14%

Energy & Utilities                       

27.89%

Healthcare & Pharma                 

27.75%

Other:                                           

27.39%

Education                                      

27.16%

Business Services                         

26.74%

Financial Services                          

26.29%

Government                                    

25.09%

According to Sjouwerman (pronounced "shower-man"), "Ninety-eight percent of cyber-attacks rely on social engineering and email phishing is the bad guys' preferred method. Attackers go for the low-hanging fruit: humans. Humans are the de-facto No. 1 choice for cybercriminals seeking to gain access into an organization. New-school security awareness training which includes frequent simulated social engineering testing is a proven method to dramatically slash an organization's Phish-prone percentage. Effectively managing this problem requires commitment and C-level buy-in, but it can be done and isn't difficult."

Topic/Solution/Product: 
ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.