KnowBe4’s Annual Phishing Benchmarking Report Finds Untrained Users Are Biggest Flaw in Organizations’ Cyber Defense Layer
2023年6月20日 - 9:00PM
KnowBe4, the provider of the world’s largest security awareness
training and simulated phishing platform, today released the new
2023 Phishing by Industry Benchmarking Report to measure an
organization’s Phish-proneTM Percentage (PPP), which indicates how
many of their employees are likely to fall for phishing or a social
engineering scam.
This year’s report reveals that according to the baseline
testing conducted, without security training, across all
industries, 33.1% of employees are likely to click on a suspicious
link or comply with a fraudulent request. The increase year over
year was just under one full percentage point and continues to
demonstrate the risk associated with a lacking security
culture.
KnowBe4 analyzed a data set of over 12.5 million users, across
35,681 organizations, with over 32.1 million simulated phishing
security tests, across 19 different industries. The resulting
baseline PPP measures the percentage of employees in organizations
that had not conducted any KnowBe4 security training, who clicked a
simulated phishing email link or opened an infected attachment
during testing.
When companies implemented a combination of training and
simulated phishing security testing after their initial baseline
measurement, results changed dramatically. 90 days after completing
monthly or more frequent security training, the average PPP
decreased to 18.5%. After twelve months of security training and
simulated phishing security tests, the average PPP dropped to 5.4%,
indicating that new habits become normal, fostering a stronger
human firewall and improved security culture.
The report also reveals which industries are most vulnerable to
cyber threats and have the highest PPP which indicates where there
is a stronger need for security awareness training. Across small
and medium organizations, the healthcare and pharmaceuticals
industry has the highest PPP of 32.3% and 35.8%, respectively.
Across large organizations, the insurance industry remains the most
at risk for a second consecutive year with a PPP of 53.2%,
relatively unchanged from 2022.
The report underscores the fact that while technology plays an
important role in preventing and recovering from an attack,
organizations cannot afford to ignore the human factor. Verizon’s
2023 Data Breach Investigations report states that 74% of breaches
this year involved the human element. This is a slight improvement
from last year’s 82%, however, organizations must continue to focus
their efforts on the human element of cyber attacks by implementing
proven training methods that directly impact their workforce.
Additionally, this year’s report details international phishing
benchmarks from North America, The United Kingdom and Ireland,
Europe, Africa, South America, Asia, Australia and New
Zealand.
“Although we see certain industries like hospitality and
education improve their PPP, others such as healthcare and
pharmaceuticals continue to maintain or increase their PPP
reflecting the significant roles humans play within organizations
to best combat cyber threats,” said Stu Sjouwerman, CEO, KnowBe4.
“The findings from KnowBe4’s Phishing by Industry Benchmark report
are a testament to the effectiveness of new-school security
awareness training and simulated phishing. An educated workforce
forms a strong human firewall, which is key to practicing safe
cyber habits and building a strong security culture.”
To download a copy of the 2023 KnowBe4 Phishing by Industry
Benchmarking Report, visit
https://www.knowbe4.com/phishing-benchmarking-analysis-center.
About KnowBe4KnowBe4, the provider of the world’s largest
security awareness training and simulated phishing platform, is
used by more than 60,000 organizations around the globe. Founded by
IT and data security specialist Stu Sjouwerman, KnowBe4 helps
organizations address the human element of security by raising
awareness about ransomware, CEO fraud and other social engineering
tactics through a new-school approach to awareness training on
security. Kevin Mitnick, an internationally recognized
cybersecurity specialist and KnowBe4’s Chief Hacking Officer,
helped design the KnowBe4 training based on his well-documented
social engineering tactics. Tens of thousands of organizations rely
on KnowBe4 to mobilize their end users as their last line of
defense.
Amanda Tarantino
KnowBe4
7277484221
kathyw@knowbe4.com
KnowBe4 (NASDAQ:KNBE)
過去 株価チャート
から 11 2024 まで 12 2024
KnowBe4 (NASDAQ:KNBE)
過去 株価チャート
から 12 2023 まで 12 2024