Today, KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released its Phishing By Industry Benchmarking Report 2019 which found, amongst large organisations, those within the Hospitality industry have the highest Phish-Prone Percentage (PPP) of 48 percent and were the most likely to fall victim to a phishing scam. In comparison, employees within Transportation were the least likely to put their companies at risk for potential compromise as they achieved the lowest PPP within the large organisation category with a 16 percent ranking.
Those within the Construction industry were the most phish-prone when examining both small and mid-sized organisations with a ranking at 38 percent and 37 percent respectively.
Other findings from the report include:
- The average overall PPP across all industries and size organisations was 28 percent, an increase of 2.6 percent from 2018
- After 90 days of computer-based training and simulated phishing security testing, the overall PPP was cut in half across all industries from 30 percent to 15 percent
- The PPP then dropped dramatically after 12 months of security awareness training from 30 percent to 2 percent
The Phishing By Industry Benchmarking study analyses nearly 9 million users across 18,000 organisations with over 20 million simulated phishing attacks across nineteen industries. The PPP indicates how many of an organisation’s employees are susceptible to social engineering or phishing scams. A high PPP indicates greater risk and a low PPP is optimal and indicates that particular workforce is security aware and able to recognise a phishing attack.
Javvad Malik, Security Awareness Advocate at KnowBe4:
“Overall, across all company sizes, the construction industry seems to fare the worst. Leading the small (1-249) and medium (250-999) employee size company and second only to hospitality in large enterprises. Last year the UK government reported that construction companies had been affected by 77,000 cyber security incidents.
There are many factors which can contribute to certain industries being more susceptible to cyber attacks. Commonly these are often when companies don’t believe they can be targeted by cyber-criminals and that they have no valuable data to speak of. Not only is this a misconception, but also, we see with many attacks such as ransomware, the objective isn’t to steal data, rather it’s to extort money from companies by making systems unavailable.
When we look at the overall types of attacks, many can be thwarted by better employee awareness and training so that they are less likely to fall victim to scams or phishing attacks which can impact the whole company.”