KnowBe4, a leading provider of security awareness training and simulated phishing attacks, has released its 2024 Phishing by Industry Benchmarking Report to measure an organization’s Phish-prone™ Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or social engineering scams.
This year’s report shows that according to baseline testing conducted across all industries, without security awareness training, 34.3 percent of employees are likely to click on malicious links or comply with fraudulent requests. This is an increase of over one percent in comparison to the 2023 report and highlights the importance of building a strong security culture within organizations.
KnowBe4 analyzed over 54 million simulated phishing tests across more than 11.9 million users from 55,675 organizations in 19 different industries. The resulting baseline PPP measures the percentage of employees in organizations that had not conducted any KnowBe4 security training, who clicked a simulated phishing email link or opened an infected attachment during testing.
The report highlights a key fact: when simulated phishing security testing is integrated with security awareness training – it works.
Organizations that commit to regular security awareness training and testing after the initial baseline test saw an average PPP drop to just 18.9 percent within 90 days. After 12 months of continuous training and testing, the PPP plummeted even further to 4.6 percent. These results show that to transform cybersecurity culture, existing habits first need to be broken to make way for more secure ones.
As employees start to embrace new behaviors, they become habits, over time evolving into standard practices that shape organizational culture and, in turn, create a workforce that instinctively makes security a priority in their day-to-day work.
This report reinforces the crucial role the human element plays in cybersecurity. Although technology is important for preventing and recovering from cyberattacks, human error is still a big contributing factor to data breaches. In fact, according to Verizon’s 2024 Data Breach Investigations report, 68 percent of data breaches were due to accidental actions, the use of stolen credentials, social engineering, and malicious privilege misuse. Even though this is an improvement from last year’s 74 percent, organizations must continue to focus on strengthening the human firewall to safeguard against cyber threats.
An emerging threat vector highlighted in this year’s report is the rapid adoption of AI in certain industries which presents additional risks if not implemented with strong cybersecurity measures.
To download a copy of the 2024 KnowBe4 Phishing by Industry Benchmarking Report, click here.