KnowBe4, the provider of a security awareness training and simulated phishing platform, has released a new Phishing by Industry Benchmarking Report to measure an organisation’s Phish-Prone percentage (PPP), which indicates how many of their employees are likely to fall for a phishing or social engineering scam.
The initial baseline phishing test was administered to organisations that had not conducted any KnowBe4 security awareness training. The results indicated a high level of risk, with an average initial baseline PPP of 31.4% across all industries and sizes. Every organisation regardless of size and vertical is susceptible to phishing and social engineering without computer-based training.
“In critical industries like Energy & Utilities and Healthcare & Pharmaceuticals where lives can be severely impacted, we found particularly high levels of cybersecurity risk as a result of simulated phishing test failures,” said Stu Sjouwerman, CEO, KnowBe4. “This is deeply concerning. Organisations should monitor their risks due to the majority of data breaches originating from social engineering. This data shows us that implementing security awareness training with simulated phishing testing will help to better protect organisations against cyber attacks.”
After 90 days of computer-based training and simulated phishing testing, the average PPP was reduced by approximately 50 percent, dropping from 31.4% to 16.4%. And after one year of monthly simulated phishing tests and regular training, the PPP further declines to just 4.8%. Across all industries, there’s an average 84% improvement rate from baseline testing to 12 months of training and testing.