New findings from KnowBe4’s 2023 Phishing by Industry Benchmarking Report have revealed that more than one in three workers in the UK and Ireland are likely to click on a phishing link. The report is based on the Phish-prone™ Percentage (PPP), which measures the susceptibility of employees to phishing and social engineering scams.
The overall baseline for 2023, which tested employees’ vulnerability to an initial baseline simulated phishing security test, increased by 5.2% from 30% in 2022. The largest contributor to this increase was large enterprises with over 1,000 employees, which rose from 32.7% to almost 40%.
The research analyzed data from over 12.5 million users across 35,681 organizations. It included over 32.1 million simulated phishing security tests conducted across 19 different industries and seven geographic regions. The resulting PPP is a measure of the percentage of employees in organizations that had not undergone any KnowBe4 security training and who clicked on a simulated phishing email link or opened an infected attachment during testing.
The study found that users in the UK and Ireland had an average baseline of 35.2%, which was worsened by South American workers with a baseline of 41.1%. However, after undergoing a combination of security awareness training and simulated phishing security tests for 90 days, the average PPP for UK and Ireland workers reduced to 17.8%. After twelve months, it further dropped to 5.8%, highlighting the effectiveness of security training in improving user security awareness and overall organizational security culture.
The report also highlighted the significant financial impact of cyber-enabled fraud in the UK and Ireland. In 2020, £3.7 billion ($4.6 billion) was reportedly lost due to such fraudulent activities. Ransomware, which is commonly distributed through social engineering techniques like phishing, continues to be a major issue for organizations. Globally, almost a quarter (24%) of all data breaches in 2023 are a direct result of ransomware, with human error accounting for 74% of these incidents. This further emphasizes the need for improved security awareness and the importance of simulated phishing tests.
Javvad Malik, the lead security awareness advocate at KnowBe4, highlighted the ongoing threat posed by phishing attacks and the need for a robust and multi-layered phishing defense strategy. He emphasized the significance of regular employee training and education, as well as the implementation of advanced threat detection and prevention technologies, to mitigate the risk of phishing attacks.
In conclusion, the KnowBe4 report demonstrates the alarming vulnerability of UK and Ireland workers to phishing attacks. The increase in the overall baseline and the high percentage of employees clicking on simulated phishing links underscore the urgent need for increased security awareness training and the implementation of stronger defense strategies. Organizations must prioritize employee education and regularly conduct simulated phishing tests to improve security awareness and reduce the risk of falling victim to phishing attacks.