It’s no secret that cybercrime is a lucrative business; Cybersecurity Ventures reports that it’s estimated to cost the world $6 trillion in damages by 2021. What’s more, ransomware alone is a multi-billion-dollar business. According to Verizon’s 2019 Data Breach Investigation Report, phishing is the number one threat used in successful breaches.

Cybercriminals prey on organizations using tricky phishing and social engineering tactics (mostly via email), and they rely on an employee’s naivete for success. An employee’s susceptibility to these attacks is referred to as their phish-prone percentage (PPP).

Baseline phish-prone percentage by industry

In an effort to understand the depth of vulnerability, KnowBe4 conducted research using a baseline phishing test for organizations varying in size and across multiple industries. Below are the results they found, sorted by industry and size:

Industry 1-249 employees 250-999 employees 1000+ employees
Banking29.331.325.7
Business Services34.531.727.9
Construction37.937.136.7
Consulting29.231.924.2
Consumer services26.333.323
Education33.631.428.2
Energy & Utilities34.83234.4
Financial Services31.131.729.1
Government34.729.823.5
Healthcare & Pharmaceuticals33.132.927.6
Hospitality3423.648.4
Insurance36.434.931.2
Legal32.229.632.7
Manufacturing36.134.130.9
Not-For-Profit35.432.330.1
Other3129.222.4
Retail & Wholesale36.732.926.4
Technology34.331.331.4
Transportation33.533.716.4

Overall, KnowBe4 found that the initial baseline PPP average across all industries and sizes was an overwhelming 30%. This means that one in every three employees was susceptible to a phishing attack that could potentially shut down operations at an organization and cost thousands of dollars to recover.

Computer-based training (CBT) impact on phish-prone percentage (PPP)

After the baseline testing was completed, KnowBe4 took the same sample of organizations and enrolled the employees in computer-based training (CBT) for 90 days.

The results proved to be astounding:

Industry 1-249 employees 250-999 employees 1000+ employees
Banking9.71216.4
Business Services15.913.321.3
Construction16.819.715
Consulting1313.74.1
Consumer services16.116.515.4
Education18.620.919.3
Energy & Utilities13.91613
Financial Services12.613.216.4
Government14.514.910.8
Healthcare & Pharmaceuticals17.814.819
Hospitality26.514.30*
Insurance15.51615.3
Legal15.611.43.8
Manufacturing16.515.914.6
Not-For-Profit16.316.516.4
Other16.319.713.7
Retail & Wholesale15.613.315.8
Technology16.916.917.2
Transportation12.119.615.8

(*data set too low)

KnowBe4 found that with just 90 days of CBT, organizations (on average) were able to cut their PPP in half.

Security awareness training with great ROI

The results of the KnowBe4 Phishing Industry Benchmarking report clearly demonstrate the benefits of investing in a more modern security awareness training platform, with the 12-month results showing an impressive 92% average improvement rate for various organization sizes across industries.

Want to see how your organization stacks up with your industry?

If you’d like to see how your organization stacks up against your industry’s average PPP score, reach out today and schedule your baseline phishing test!

Find out how your  organization stacks up »

No comments

Leave a comment

Your email address will not be published. Required fields are marked *