Security specialist KnowBe4 has released a new Phishing by Industry Benchmarking Report to measure an organisation’s phish-prone percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or social engineering scam.
The initial baseline phishing test was administered to organisations that hadn’t conducted any KnowBe4 security awareness training. The results indicated a high level of risk, with an average initial baseline PPP of 37,9%, up 8,3% from 2019, across all industries and sizes. Every organisation regardless of size and vertical is susceptible to phishing and social engineering without computer-based training.
“We continue to see a trend of organisations’ PPP increasing year-over-year,” says Stu Sjouwerman, CEO of KnowBe4. “These findings reinforce the need for new-school security awareness training and frequent simulated phishing testing. As security professionals, we have a call to action to educate our end users so they are the most prepared and have the knowledge they need to remain vigilant against evolving cyberthreats.”
After 90 days of computer-based training and simulated phishing testing, the average PPP was reduced by over 60%, dropping from 37,9% to 14,1%. And after one year of monthly simulated phishing tests and regular training, the PPP further declines to just 4,7%. Across all industries, there’s an average 87% improvement rate from baseline testing to 12 months of training and testing.
