If companies regularly train their employees through security awareness training and simulated phishing tests, they are better protected against phishing attacks. This has now been shown by the 2024 Phishing Benchmarking Report.
KnowBe4, the world's largest provider of security awareness training and simulated phishing tests, releases the results of its 2024 Phishing Benchmarking Report. This can be used to measure a company's Phish-prone™ Percentage (PPP), which indicates how many of its employees are likely to fall for phishing or social engineering scams.
European workers are more cautious
This year's report shows that European workers without security awareness training have a slightly better PPP score of 32,6 percent than the global average of 34,3 percent. This suggests that European workers are slightly less likely to click on malicious links or respond to fraudulent requests.
KnowBe4 analyzed 54 million simulated phishing tests involving nearly 12 million users from 55.675 organizations across 19 different industries to determine a PPP baseline that indicates click rates on phishing tests by employees without KnowBe4 security awareness training.
After just three months of training, click rates drop
European organizations that conducted regular security awareness training and simulated phishing tests after the initial baseline test saw an average reduction in PPP to 90 percent within 20,3 days. After 12 months of ongoing training and testing, PPP decreased further to 5,5 percent.
The long-term results are impressive, but they are still slightly above the global average of 18,9 after 90 days and 4,6 percent after a year of consistent training and testing. This shows that organizations in Europe need to further intensify their efforts to reduce human risk in cybersecurity.
The dramatic reduction in the number of security breaches after both three and twelve months proves that improving safety culture is working. It requires changing existing habits and encouraging new safe behaviors. As employees internalize new behaviors, they become habits and develop into standard practices that shape the organizational culture and create a workforce that instinctively prioritizes safety.si
Public administration main target of phishing attacks
The key findings of the Benchmark Phishing Report are:
- Europe’s small and medium-sized businesses are most frequently phished.
- Public administration is the most frequently attacked sector, followed by private individuals and the healthcare sector.
- Ransomware remains one of the most common cyber threats transmitted via phishing.
- The economic impact of cyber attacks is enormous.
- There is a clear increase in information manipulation.
- Only 32 to 35 percent of European organizations assess their cyber risks more than once a year.
- The growing threat of misinformation and disinformation to organizations, exacerbated by advances in AI.
- The increasing sophistication in the formulation of phishing and spear phishing, powered by AI tools.
"In Europe, there is a growing understanding and realization that all employees must be involved in a company's cyber defense, regardless of the size of the company," says Dr. Martin J. Krämer, Security Awareness Advocate at KnowBe4. "Although views on cybersecurity have shifted from a more compliance-based task to a strategic priority, this change is happening slowly. This must change. Companies must emphasize the importance of continuous security awareness to build a strong security culture. This, along with technology, is essential for combating cyber threats."
Go directly to the report on KnowBe4.com
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.