A new study by cybersecurity training and phishing simulation company KnowBe4 has found that1 in 3 untrained users are ticking timebombs when it comes to cyber attacks.
KnowBe4 has recently released a new Phishing by Industry Benchmarking Report to measure an organization’s Phish-Prone percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or social engineering scam.
The initial baseline phishing test was administered to organizations that had not conducted any KnowBe4 security awareness training. The results indicated a high level of risk, with an average initial baseline PPP of 31.4% across all industries and sizes. Every organization regardless of size and vertical is susceptible to phishing and social engineering without computer-based training.
“In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” said Stu Sjouwerman, CEO, KnowBe4. “This is deeply concerning. Organizations should monitor their risks due to the majority of data breaches originating from social engineering. This data shows us that implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks.”
After 90 days of computer-based training and simulated phishing testing, the average PPP was reduced by approximately 50 percent, dropping from 31.4% to 16.4%. And after one year of monthly simulated phishing tests and regular training, the PPP further declines to just 4.8%. Across all industries, there’s an average 84% improvement rate from baseline testing to 12 months of training and testing.