KnowBe4 has released its 2024 Phishing by Industry Benchmarking Report, which evaluates the susceptibility of employees across various industries to phishing and social engineering scams. The report aims to assess the current state of security preparedness and awareness within sectors such as government, healthcare, and critical infrastructure. By analyzing 54 million simulated phishing tests involving over 11.9 million individuals from 55,675 organizations across 19 industries, the report provides a comprehensive look at the effectiveness of security training programs.
The findings indicate a significant vulnerability among untrained employees, with 34.3% likely to click on malicious links or follow through with scam requests. This highlights a considerable risk to organizations that do not implement security awareness training. However, the report also shows that incorporating phishing tests into regular security awareness training can substantially reduce this risk. Within 90 days of training, the percentage of employees who fall for phishing attempts drops to 18.9%.
Further improvements are observed with continued training over a more extended period. After a year of regular security awareness training, the percentage of employees likely to fail phishing tests declines dramatically to just 4.6%. This drastic reduction underscores the effectiveness of sustained training programs in enhancing the human defense layer against cyber threats.
As cyber threats evolve, criminals continue to use both traditional and sophisticated methods to breach digital defenses. The report emphasizes the importance of new-school security awareness training as an often overlooked yet highly effective security measure. By regularly educating employees and simulating phishing attacks, organizations can significantly reduce their attack surface and bolster their overall security posture.
