Untrained users are biggest flaw in organizations’ cyber defense layer

Image via Unsplash

A recent report reveals that according to the baseline testing conducted, without security training, across all industries, 33.1% of employees are likely to click on a suspicious link or comply with a fraudulent request. The increase year-over-year was under one full percentage point and demonstrates the risk associated with a lacking security culture.

The new 2023 Phishing by Industry Benchmarking Report, released by KnowBe4, measures an organization’s Phish-prone Percentage (PPP), which indicates how many of their employees are likely to fall for phishing or a social engineering scam.

This year’s report reveals that according to the baseline testing conducted, without security training, across all industries, 33.1% of employees are likely to click on a suspicious link or comply with a fraudulent request. The increase year-over-year was under one full percentage point and demonstrates the risk associated with a lacking security culture.

For the report, KnowBe4 analyzed a data set of more than 12.5 million users, across 35,681 organizations, with more than 32.1 million simulated phishing security tests, across 19 different industries.

When companies implemented a combination of training and simulated phishing security testing after their initial baseline measurement, results changed dramatically. 90 days after completing monthly or more frequent security training, the average PPP decreased to 18.5%. After 12 months of security training and simulated phishing security tests, the average PPP dropped to 5.4%, indicating that new habits become normal, fostering a stronger human firewall and improved security culture.

The report also reveals which industries are most vulnerable to cyber threats and have the highest PPP which indicates where there is a stronger need for security awareness training. Across small and medium organizations, the healthcare and pharmaceuticals industry has the highest PPP of 32.3% and 35.8%, respectively. Across large organizations, the insurance industry remains the most at risk for a second consecutive year with a PPP of 53.2%, relatively unchanged from 2022.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.