KnowBe4 Report: 2019 Phishing by Industry Benchmarking

How are you doing compared to your peers of similar size?

As a security leader, you’re faced with a tough choice. Even as you increase your budget for sophisticated security software, your exposure to cybercrime keeps going up! IT security seems to be a race between effective technology and clever attack methods. However, there’s an often overlooked security layer that can significantly reduce your organisation’s attack surface: New-school security awareness training.

The 2019 study analysed a data set of nearly nine million users across 18,000 organisations with over 20 million simulated phishing security tests. In this report, research from KnowBe4 highlights employee Phish-prone™ percentages by industry, revealing at-risk users that are susceptible to phishing or social engineering attacks. Taking it a step further, the research also reveals radical drops in careless clicking after 90 days and 12 months of new-school security awareness training.

Top 3 industries by company size.

Do you know how your organisation compares to your peers of similar size? Download your report to learn more about:

  • New phishing benchmark data for 19 industries
  • Understanding who’s at risk and what you can do about it
  • Actionable tips to create your “human firewall”
  • The value of new-school security awareness training

Phishing vs Spear Phishing

The Osterman Research White Paper ‘Best Practices for Implementing Security Awareness Training’ reveals a wide range of issues that concern security professionals. One of which being more than 90% of organisations report that phishing and spear phishing attempts reaching end users during 2018 are either increasing or staying at the same levels.

While phishing and spear phishing attacks are similar, there are many key differences to be aware of.

A phishing campaign is very broad and automated, think ‘spray and pray’.

It doesn’t take a lot of skill to execute a massive phishing campaign. Most phishing attempts are after things like credit card data, usernames and passwords, etc. and are usually a one-and-done attack. 

On the other hand, spear phishing is highly targeted, going after a specific employee, company, or individuals within that company.

This approach requires advanced hacking techniques and a great amount of research on their targets. Spear phishers are after more valuable data like confidential information, business secrets, and things of that nature. That is why a more targeted approach is required; they find out who has the information they seek and go after that particular person. A spear phishing email is really just the beginning of the attack as the bad guys attempt to get access to the larger network.

Network Utilities partner with KnowBe4 to help our customers keep users on their toes with security top of mind. Effective new-school security awareness training helps reduce risk and strengthen an organisation’s human firewall.