More than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks, according to the new 2023 Phishing by Industry Benchmarking Report by KnowBe4.
The report aims to measure organizations’ vulnerability to phishing and social engineering scams by calculating the Phish-prone Percentage (PPP).
The study, which analyzed a large dataset of over 12.5 million users across 35,681 organizations, revealed that 35.2% of users who had received no security training were prone to clicking on suspicious links or engaging in fraudulent actions.
Additionally, compared to the previous year, the overall baseline PPP increased by 5.2% from 30% in 2022. Large enterprises, employing over 1000 individuals, experienced the highest rise, with their susceptibility rising from 32.7% to nearly 40%.
Geographically, UK and Ireland’s workers had an average baseline PPP of 35.2%. This figure was surpassed by South America, where the baseline stood at 41.1%.
However, KnowBe4 said that after undergoing a combination of security awareness training and simulated phishing security tests for 90 days, the average PPP for UK and Ireland workers dropped to 17.8%.
Over a 12-month period, it further decreased to 5.8%, demonstrating the value of security training in bolstering user security awareness and fostering a robust security culture within organizations.
KnowBe4 also added that the report comes amid an increase in phishing attacks against firms worldwide. The report mentions that in 2020 alone, the UK and Ireland reportedly lost £3.7 billion ($4.6 billion) due to cyber-enabled fraud, with ransomware, often distributed through phishing techniques, continuing to plague organizations.
Globally, ransomware was responsible for 24% of all data breaches in 2023, with human error accounting for 74% of these incidents.
Read more on ransomware attacks: Ransomware Encryption Rates Reach New Heights
“This report serves as a timely reminder of the ongoing threat posed by phishing attacks, which remain a highly effective and prevalent means of targeting individuals and organizations alike,” said Javvad Malik, lead security awareness advocate at KnowBe4.
According to the security expert, such attacks can often lead to significant reputational damage, financial loss and disruption to business operations.
“Moreover, it highlights the critical importance of developing and implementing a robust, multi-layered phishing defense strategy, which includes regular employee training and education, as well as the implementation of advanced threat detection and prevention technologies,” Malik concluded.
The KnowBe4 report comes months after Secureworks published new data suggesting the number of business email compromise (BEC) incidents doubled last year.