Phishing remains one of the top cyber threats faced by organizations, and as phishing scams become more sophisticated, security leaders need clearer insights into phishing risks across their industry and geography to prioritize defenses.
A new report from KnowBe4 delivers valuable benchmarking data that reveals significant variances in phishing susceptibility. The 2023 Phishing Attack Landscape and Industry Benchmark Report analyzes data from more than 12.5 million users across more than 35,000 global organizations that use KnowBe4's platform.
The scope of the phishing problem
The report examines phishing failure rates across different industries and regions to uncover the areas of highest risk. Large enterprises consistently underperform, with nearly 50% of employees prone to phishing attacks. By industry, healthcare, retail, utilities, and insurance currently have the highest failure rates based on baseline testing.
Geographically, organizations in developing regions like South America and Africa have less mature security cultures and face more acute phishing risks. In South America, failure rates for baseline tests soared to more than 40% on average.
These alarming statistics highlight the need for urgent focus on security awareness and training initiatives tailored to organizational maturity levels. Just as importantly, the data spotlights industries and regions where human risk factors are highest.
The power of security awareness training
The report's findings also demonstrate the dramatic impact consistent training can deliver. With just 90 days of phishing simulations and security awareness content, organizations reduced failure rates by more than 50% on average. After a full year of training, rates for most industries dropped below 5%.
"The data shows clearly that investing in regular security awareness pays major dividends in reducing risk," said Perry Carpenter, KnowBe4's Chief Evangelist, on a recent SecureWorld Remote Sessions webcast. "However, training needs to move beyond just informing people to actively changing behaviors."
This requires techniques such as frequent simulated phishing campaigns, continuous micro-learning, and instilling stronger security cultures. With the right focus, organizations can cut phishing failure rates substantially and build a resilient human line of defense.
Turning insights into action
For security leaders, this report provides invaluable industry and regional benchmarks to gauge phishing risks. The data highlights the urgent need to prioritize security awareness and training programs tailored to their unique human risk landscape.
Regular measurement through simulated phishing helps assess risk levels and the effectiveness of training initiatives. By leveraging these insights, organizations can implement targeted strategies to dramatically reduce phishing susceptibility over time.
As phishing threats become more evasive, every organization faces substantial human risk factors. Reports like KnowBe4’s provide security teams the tangible benchmarks needed to gain buy-in and priority for building a resilient human defense layer.
If this information from KnowBe4's report is intriguing to you, be sure to register for the SecureWorld webcast, New Phishing Benchmarks Unlocked: Is Your Organization Ahead of the Curve in 2023?, available to watch on-demand.
Follow SecureWorld News for more stories related to cybersecurity.
