PhishMe, recently released its 2017 Enterprise Phishing Resiliency and Defence Report, which analyses phishing simulation trends from over 1,400 PhishMe customers across the globe. With susceptibility rates on the decline and reporting and resiliency rates on the rise, PhishMe customers are seeing the benefit of anti-phishing programs within their organisation.
The research team analysed and compiled data from over 52 million phishing simulations performed from January 2015 to July 2017, in addition to real attacks that took place from January 2017 to August 2017. Responses were gathered from a sample of over 1,400 PhishMe customers in more than 50 countries, including Fortune 500 and public sector organisations across 23 industry verticals. In addition to data on how resiliency and reporting helps organisations, the report also offers deep insights into who clicks, why they click, what makes people most susceptible and how to engage employees as part of the solution.
Key findings from the 2017 report, include:
- Susceptibility rates are declining; repeated phishing simulations have shown a shrinking susceptibility rate for three years running, leading to an overall five percent drop among PhishMe customers.
- Reporting rates have climbed a healthy six percent in three years: Incorporating a one-click email reporting button has proven to lower phishing susceptibility among employees.
- As reporting or engagement increased among PhishMe customers, susceptibility to phishing attacks declined.
- In previous years fear, urgency and curiosity were the top emotional motivators behind successful phishes. Now they’re closer to the bottom, replaced by entertainment, social media and reward/recognition.
- Emails with malicious URLs are the most reported, with almost 15% of the emails employees reported in this study found to be malicious.
“With phishing attacks up 65% worldwide from last year, this continues to be the number one cyber threat to organisations of all sizes,” said Aaron Higbee, CTO and co-founder at PhishMe. “Phishing attacks have the ability to skirt technology and target human emotion, making it imperative that organisations empower their employees to be part of the solution. Our analysis continues to show that conditioning employees to recognise and report on phishing attempts lowers susceptibility, which is proof that progressive anti-phishing programs keep organisations safer.”