LEEDS, England--(BUSINESS WIRE)--KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today released its new 2024 Phishing by Industry Benchmarking Report to measure an organization’s Phish-prone™ Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or social engineering scams.
This year’s report shows that according to baseline testing done and conducted across industries, in general, British and Irish employees fare better at 32.3% than the worldwide average of 34.3%. This means that, more often than not, employees in the United Kingdom and Ireland (UK&I) are more vigilant in identifying malicious links and other forms of phishing.
KnowBe4 analysed 54 million simulated phishing tests involving nearly 12 million users across 55,675 organisations in 19 different industries, establishing a PPP baseline that reflects the click rates on phishing tests by employees without KnowBe4 security training.
The findings in the report clearly demonstrate the effectiveness of combining simulated phishing security tests with security awareness training. British and Irish organizations that engaged in consistent training and testing experienced a substantial decrease in their average PPP to 18.4% within the first 90 days, and a further reduction to 4.5% after a year of continuous training and testing. This is a significant improvement from the previous year’s results and underscores the value of regular, targeted training.
These results are below the global average of 18.9% after 90 days and 4.6% after one year of consistent training and testing, suggesting that employees in these regions are well informed and more familiar with the tactics of cybercriminals. Despite being a front-runner when compared to the rest of Europe, organisations must continue to focus on mitigating the human risk that exists when safeguarding against cyber threats.
The considerable overall improvement in PPP over three and 12 months is evidence that transforming cybersecurity culture requires breaking existing habits to make way for more secure ones. As employees adopt new behaviours and these become habitual, they evolve into standard practices that shape organisational culture, creating a workforce that instinctively prioritises security.
Some interesting facts highlighted and discussed in the report include:
- The UK&I region has seen an increase in attacks on organisations of all sizes, particularly on critical national infrastructure, as well as attacks on individuals with access to high-risk information
- Ransomware continues to be one of the most dominant cyber threats with phishing as its most common attack vector
- The increased risk of disruptive misinformation and disinformation campaigns due to local elections
- The severe economic impact of cyber attacks
- 71% of organisations report that cybersecurity is a high priority for their senior management, but due to tough economic conditions it often falls to the wayside
- AI is lowering the barrier of entry to novice cybercriminals allowing them to carry out effective attacks
"AI-driven threats are bound to increase, targeting individuals through social engineering and spreading disinformation," says Javvad Malik, lead security awareness advocate at KnowBe4. "It’s imperative that organisations continue to mitigate human risk alongside technological defences to effectively counter cyber threats. It’s thus encouraging to see a growing trend of organisations in the UK and Ireland starting to move beyond awareness to actively focus on employee behavioural change and establishing strong security cultures."
This year’s report also examines phishing benchmarks from North America, South America, Europe, Africa, Asia, Australia and New Zealand.
To download a copy of the 2024 KnowBe4 Phishing by Industry Benchmarking Report, click here.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.